<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<p class="details" style="font-style: italic; color: #666;">
<a href="https://gitlab.com/julian-klode">Julian Andres Klode</a> created an issue: <a href="https://gitlab.com/gnutls/gnutls/-/issues/1285">#1285</a>
</p>
<div></div>
<p dir="auto">Trying to connect to irc.sekrit.org port 994 fails:</p>
<pre class="code highlight js-syntax-highlight language-plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">$ gnutls-cli irc.sekrit.org -p 994 </span>
<span id="LC2" class="line" lang="plaintext">Processed 128 CA certificate(s). </span>
<span id="LC3" class="line" lang="plaintext">Resolving 'irc.sekrit.org:994'... </span>
<span id="LC4" class="line" lang="plaintext">Connecting to '34.86.153.216:994'... </span>
<span id="LC5" class="line" lang="plaintext">- Successfully sent 0 certificate(s) to server. </span>
<span id="LC6" class="line" lang="plaintext">- Server has requested a certificate. </span>
<span id="LC7" class="line" lang="plaintext">- Certificate type: X.509 </span>
<span id="LC8" class="line" lang="plaintext">- Got a certificate list of 1 certificates. </span>
<span id="LC9" class="line" lang="plaintext">- Certificate[0] info: </span>
<span id="LC10" class="line" lang="plaintext"> - subject `CN=irc-new.sekrit.org', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x035246f14a5f17856da061c4af902569e957, RSA key 2048 bits, signed using RSA-SHA256, activated `2021-08-31 11:04:27 UTC', expires `2021-11-29 11:04:26 UTC', pin-sha256="D4UO7EFocRJUU18myirKrVhOKtVztbnmngql</span>
<span id="LC11" class="line" lang="plaintext">hmVeBp0=" </span>
<span id="LC12" class="line" lang="plaintext"> Public Key ID:</span>
<span id="LC13" class="line" lang="plaintext"> sha1:98c0e59729d7dab6587779a831fcbc072f0e9021</span>
<span id="LC14" class="line" lang="plaintext"> sha256:0f850eec4168711254535f26ca2acaad584e2ad573b5b9e69e0aa586655e069d</span>
<span id="LC15" class="line" lang="plaintext"> Public Key PIN:</span>
<span id="LC16" class="line" lang="plaintext"> pin-sha256:D4UO7EFocRJUU18myirKrVhOKtVztbnmngqlhmVeBp0= </span>
<span id="LC17" class="line" lang="plaintext"></span>
<span id="LC18" class="line" lang="plaintext">- Status: The certificate is NOT trusted. The certificate issuer is unknown. </span>
<span id="LC19" class="line" lang="plaintext">*** PKI verification of server certificate failed...</span>
<span id="LC20" class="line" lang="plaintext">*** Fatal error: Error in the certificate.</span></code></pre>
<p dir="auto">openssl works fine:</p>
<pre class="code highlight js-syntax-highlight language-plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">$ openssl s_client -host irc.sekrit.org -port 994 </span>
<span id="LC2" class="line" lang="plaintext">CONNECTED(00000003) </span>
<span id="LC3" class="line" lang="plaintext">depth=0 CN = irc-new.sekrit.org </span>
<span id="LC4" class="line" lang="plaintext">verify error:num=20:unable to get local issuer certificate </span>
<span id="LC5" class="line" lang="plaintext">verify return:1 </span>
<span id="LC6" class="line" lang="plaintext">depth=0 CN = irc-new.sekrit.org </span>
<span id="LC7" class="line" lang="plaintext">verify error:num=21:unable to verify the first certificate </span>
<span id="LC8" class="line" lang="plaintext">verify return:1 </span>
<span id="LC9" class="line" lang="plaintext">--- </span>
<span id="LC10" class="line" lang="plaintext">Certificate chain </span>
<span id="LC11" class="line" lang="plaintext"> 0 s:CN = irc-new.sekrit.org </span>
<span id="LC12" class="line" lang="plaintext"> i:C = US, O = Let's Encrypt, CN = R3 </span>
<span id="LC13" class="line" lang="plaintext">--- </span>
<span id="LC14" class="line" lang="plaintext">Server certificate </span>
<span id="LC15" class="line" lang="plaintext">-----BEGIN CERTIFICATE----- </span>
<span id="LC16" class="line" lang="plaintext">MIIFOjCCBCKgAwIBAgISA1JG8UpfF4VtoGHEr5AlaelXMA0GCSqGSIb3DQEBCwUA </span>
<span id="LC17" class="line" lang="plaintext">MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD </span>
<span id="LC18" class="line" lang="plaintext">EwJSMzAeFw0yMTA4MzExMTA0MjdaFw0yMTExMjkxMTA0MjZaMB0xGzAZBgNVBAMT </span>
<span id="LC19" class="line" lang="plaintext">EmlyYy1uZXcuc2Vrcml0Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC </span>
<span id="LC20" class="line" lang="plaintext">ggEBAKXJHa2U/7oUNjM8u5cvniV4YHBJpewsKYhsr9cMSsgOT3TYcSxs/xzQwQuR </span>
<span id="LC21" class="line" lang="plaintext">rwRM20nZrNakweRhXS++sFFiVh2fbyWWl3U1i1xDDVenhORkTOZ27ZoG7rJjs/2U </span>
<span id="LC22" class="line" lang="plaintext">fu8BWhMrv8hQrqbpHeLOj7UX2hYackFhxQBkYw91yTFQF/jYVrmOX8OBoBkIXhgF </span>
<span id="LC23" class="line" lang="plaintext">xbe9VUcLh+8U1/Z3qQyI+logrXNz7P2IsqILSOSCd32t1QcVFm0g6ol+kZwe9X/J </span>
<span id="LC24" class="line" lang="plaintext">5uC5evi1mHdOzTzWZPQM56CYSV89UsoxRF5sVRbiuoyXdEd54/d+2Q7edcgAl61G </span>
<span id="LC25" class="line" lang="plaintext">TkpJDWYBpXpthl4H+uCKEGV3ogUCAwEAAaOCAl0wggJZMA4GA1UdDwEB/wQEAwIF </span>
<span id="LC26" class="line" lang="plaintext">oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd </span>
<span id="LC27" class="line" lang="plaintext">BgNVHQ4EFgQUSPtuimutYnXbwL+im0Zmd8ZzBVAwHwYDVR0jBBgwFoAUFC6zF7dY </span>
<span id="LC28" class="line" lang="plaintext">VsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRw </span>
<span id="LC29" class="line" lang="plaintext">Oi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNy </span>
<span id="LC30" class="line" lang="plaintext">Lm9yZy8wLQYDVR0RBCYwJIISaXJjLW5ldy5zZWtyaXQub3Jngg5pcmMuc2Vrcml0 </span>
<span id="LC31" class="line" lang="plaintext">Lm9yZzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsG </span>
<span id="LC32" class="line" lang="plaintext">AQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkC </span>
<span id="LC33" class="line" lang="plaintext">BAIEgfUEgfIA8AB2AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAAB </span>
<span id="LC34" class="line" lang="plaintext">e5wYq9sAAAQDAEcwRQIgCRhIKDaFx5IUOuAT2TdiZYSwunNdE+O/6XyudOBZ+nwC </span>
<span id="LC35" class="line" lang="plaintext">IQC34O9yZusCePy649AmElE9ZSiHCx0gslgOgKEZXBQzmwB2APZclC/RdzAiFFQY </span>
<span id="LC36" class="line" lang="plaintext">CDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABe5wYq9gAAAQDAEcwRQIgDHSdfhycsMVr </span>
<span id="LC37" class="line" lang="plaintext">EPDK+WW9Bs2ctgMMuKpxgwsosTy/JGQCIQDo8thv8yS4cGarSV2KleYJkoWI7gtu </span>
<span id="LC38" class="line" lang="plaintext">B8bUSt7IhZ//UTANBgkqhkiG9w0BAQsFAAOCAQEAi4nL96yScI45iSL75Rdu+DvN </span>
<span id="LC39" class="line" lang="plaintext">utc4ihLMjPWsGHHJOli55FToqlyVV7zUpKjP44bL6Zinwjl5QKzST3EvZwGqIYCM </span>
<span id="LC40" class="line" lang="plaintext">nN+DX/3rSewbqtCzJIQ7BhRPX0re6G+kGC9dq1MJbgZsmK/Kbve08lzme5r2eUBR </span>
<span id="LC41" class="line" lang="plaintext">poBAPRA/pQbmdSJNReWxZAknOeG4bSE4SORP9T9IThTJHblcOYdpZrlSiR86gXYa </span>
<span id="LC42" class="line" lang="plaintext">4sotBNzEsGGLPuuSaGcfEy4w11jd7jxqwaBc7kL/wDy7SLd+heqx+yoJOocdYH6C </span>
<span id="LC43" class="line" lang="plaintext">ik8B9VaAAv9GSaTAElXqG98ieWYYBESmk4qkWKck6wtfEmoNrEvFpW/2/WDA0w== </span>
<span id="LC44" class="line" lang="plaintext">-----END CERTIFICATE----- </span>
<span id="LC45" class="line" lang="plaintext">subject=CN = irc-new.sekrit.org </span>
<span id="LC46" class="line" lang="plaintext"> </span>
<span id="LC47" class="line" lang="plaintext">issuer=C = US, O = Let's Encrypt, CN = R3 </span>
<span id="LC48" class="line" lang="plaintext"> </span>
<span id="LC49" class="line" lang="plaintext">--- </span></code></pre>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1285">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/-/sent_notifications/0168010313cdcab368dd0e2075f429d0/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1285"}}</script>
</p>
</div>
</body>
</html>