|
From: | Martin Dorey |
Subject: | Re: GNU make 4.3.90 release candidate available |
Date: | Mon, 26 Sep 2022 19:38:55 +0000 |
>
It's more probable that David has outdated certificate DB and/or
>
outdated GnuTLS on his machine.
Thanks once again to Microsoft for obeying Dorey's Law of Marketing with "safelinks", I only belatedly see David's evidence included "--2022-09-26
09:12:58--" which rather says that his clock wasn't messed up, contra my earlier suggestion.
martind@sirius:~$
< /dev/null openssl s_client -connect alpha.gnu.org:https > /dev/null
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = ftp.gnu.org
verify return:1
DONE
martind@sirius:~$
"ISRG
Root X1" rings a bell. Ah yes, it's that old chestnut: https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/, which contains advice for David. I also
found the work around from https://www.mail-archive.com/debian-lts@lists.debian.org/msg09627.html specifically:
sudo rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
...
to be helpful.
From: Bug-make <bug-make-bounces+martin.dorey=hds.com@gnu.org> on behalf of Eli Zaretskii <eliz@gnu.org>
Sent: Monday, September 26, 2022 10:10 To: psmith@gnu.org <psmith@gnu.org> Cc: david.s.boyce@gmail.com <david.s.boyce@gmail.com>; bug-make@gnu.org <bug-make@gnu.org> Subject: Re: GNU make 4.3.90 release candidate available ***** EXTERNAL EMAIL *****
> From: Paul Smith <psmith@gnu.org> > Cc: bug-make@gnu.org > Date: Mon, 26 Sep 2022 12:31:34 -0400 > > On Mon, 2022-09-26 at 12:16 -0400, David Boyce wrote: > > BTW wget complains about the certificate: > > > > $ wget https://nam04.safelinks.protection.outlook.com/?url=""> > > --2022-09-26 09:12:58-- https://nam04.safelinks.protection.outlook.com/?url=""> > > Resolving alpha.gnu.org (alpha.gnu.org)... 209.51.188.21, 2001:470:142:3::c > > Connecting to alpha.gnu.org (alpha.gnu.org)|209.51.188.21|:443... connected. > > ERROR: cannot verify alpha.gnu.org's certificate, issued by '/C=US/O=Let\'s Encrypt/CN=R3': > > Issued certificate has expired. > > To connect to alpha.gnu.org insecurely, use `--no-check-certificate'. > > Oddly I don't get this warning. Maybe I have somehow asked wget to not > check expirations? It's more probable that David has outdated certificate DB and/or outdated GnuTLS on his machine. |
[Prev in Thread] | Current Thread | [Next in Thread] |