Bug#995926: Error validating Let's Encrypt cert chains
Andre Heider
a.heider at gmail.com
Fri Oct 8 10:51:35 BST 2021
Source: gnutls28
Version: 3.7.2-2
Apps using gnutls fail to connect to servers using a Let's Encrypt
certificate which are cross-signed by the now expired DST Root CA X3,
see [0].
Examples:
$ lftp https://shop.bbc.com
cd: Fatal error: Certificate verification: Not trusted
(93:3C:6D:DE:E9:5C:9C:41:A4:0F:9F:50:49:3D:82:BE:03:AD:87:BF)
$ audacious https://stream.tonkuhle.de/tonkuhle.mp3
ERROR neon.cc:542 [open_request]: <0x7f68d4025660> Could not open URL: 1 (0)
ERROR neon.cc:545 [open_request]: <0x7f68d4025660> neon error string:
Server certificate verification failed: bad certificate chain
ERROR neon.cc:756 [fopen]: <0x7f68d4025660> Could not open URL
ERROR util.cc:269 [audgui_simple_message]: Error playing
https://stream.tonkuhle.de/tonkuhle.mp3:
Server certificate verification failed: bad certificate chain
[0] https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
More information about the Pkg-gnutls-maint
mailing list