bug#45358: bootstrap fails due to a certificate mismatch

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#45358: bootstrap fails due to a certificate mismatch

From:	Bob Proulx
Subject:	bug#45358: bootstrap fails due to a certificate mismatch
Date:	Tue, 9 Mar 2021 11:30:02 -0700

Erik Auerswald wrote:
> Grigoriy Sokolik wrote:
> > I've rechecked:
> 
> I cannot reproduce the problem, the certificate is trusted by my system:
> 
>     # via IPv4
>     $ gnutls-cli --verbose translationproject.org </dev/null  | grep -E 
> 'Connecting|Status'
>     Connecting to '80.69.83.146:443'...
>     - Status: The certificate is trusted. 
>     # via IPv6
>     $ gnutls-cli --verbose translationproject.org </dev/null  | grep -E 
> 'Connecting|Status'
>     Connecting to '2a01:7c8:c037:6::20:443'...
>     - Status: The certificate is trusted.

I have the same results here.  Everything looks okay in the inspection
of it.

> It seems to me as if your system does not trust the used root CA.
> 
> >     [...]issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.'[...]
> 
> On my Ubuntu 18.04 system, I find it via symlink from /etc/ssl/certs:
> 
>     $ ls /etc/ssl/certs/DST_Root_CA_X3.pem -l
>     lrwxrwxrwx 1 root root 53 Mai 28  2018 /etc/ssl/certs/DST_Root_CA_X3.pem 
> -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
>     $ certtool --certificate-info < 
> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt | grep Subject:
>       Subject: CN=DST Root CA X3,O=Digital Signature Trust Co.

Again same here on my Debian system.  The root certificate store for
the trust anchor is in the ca-certificates package.

Looking at my oldest system I see this is distributed as package
version 20200601~deb9u1 and includes the above file.

    $ apt-cache policy ca-certificates
    ca-certificates:
      Installed: 20200601~deb9u1
      Candidate: 20200601~deb9u1
      Version table:
     *** 20200601~deb9u1 500
            500 http://ftp.us.debian.org/debian stretch/main amd64 Packages
            500 http://ftp.us.debian.org/debian stretch-updates/main amd64 
Packages
            100 /var/lib/dpkg/status

Verifying that the equivalent of ca-certificates is installed on your
system should provide for it.

As this seems not to be a bug in Coreutils I am marking the bug as
closed with this mail.  However more discussion is always welcome.

Bob

[Prev in Thread]

Current Thread

[Next in Thread]

bug#45358: bootstrap fails due to a certificate mismatch, Bob Proulx, 2021/03/09
- bug#45358: bootstrap fails due to a certificate mismatch, Grigoriy Sokolik, 2021/03/09
  - bug#45358: bootstrap fails due to a certificate mismatch, Erik Auerswald, 2021/03/09
    - bug#45358: bootstrap fails due to a certificate mismatch, Bob Proulx <=
    - bug#45358: bootstrap fails due to a certificate mismatch, Grigoriy Sokolik, 2021/03/10

Prev by Date: bug#47023: df utilility displays G instead of GM as unit size for Gigabytes in power of 1000
Next by Date: bug#47023: df utilility displays G instead of GM as unit size for Gigabytes in power of 1000
Previous by thread: bug#45358: bootstrap fails due to a certificate mismatch
Next by thread: bug#45358: bootstrap fails due to a certificate mismatch
Index(es):
- Date
- Thread