Bug#995926: Error validating Let's Encrypt cert chains
Andreas Metzler
ametzler at bebt.de
Mon Oct 11 17:41:58 BST 2021
Control: reassign -1 lftp 4.8.4-2
On 2021-10-11 Andreas Metzler <ametzler at bebt.de> wrote:
> On 2021-10-08 Andre Heider <a.heider at gmail.com> wrote:
>> Source: gnutls28
>> Version: 3.7.2-2
>> Apps using gnutls fail to connect to servers using a Let's Encrypt
>> certificate which are cross-signed by the now expired DST Root CA X3, see
>> [0].
>> Examples:
>> $ lftp https://shop.bbc.com
>> cd: Fatal error: Certificate verification: Not trusted
>> (93:3C:6D:DE:E9:5C:9C:41:A4:0F:9F:50:49:3D:82:BE:03:AD:87:BF)
> [...]
>> [0] https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
> given that
> gnutls-cli --port https shop.bbc.com
> works I suspect that it is not necessarily a GnuTLS problem.
This looks like
https://github.com/lavv17/lftp/issues/641
which has a fix in upstream GIT.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-gnutls-maint
mailing list