| 1 |
On Tue, 2021-11-23 at 18:14 -0500, Jack wrote: |
| 2 |
> OK, here's something. |
| 3 |
> |
| 4 |
> I changed my stable version of ca-certificates from -cacert to |
| 5 |
> cacert, |
| 6 |
> and now I get the same failure you do. So - it's due to either |
| 7 |
> something in nss-cacert-class1-class3-r2.patch which only gets |
| 8 |
> applied |
| 9 |
> if that USE flag is set, or to something else only done when that |
| 10 |
> USE |
| 11 |
> flag is set. |
| 12 |
> |
| 13 |
> I don't understand it, but it's a place to start - and note the note |
| 14 |
> in |
| 15 |
> the ebuild: |
| 16 |
> |
| 17 |
> # When triaging user reports, refer to our wiki for tips: |
| 18 |
> # |
| 19 |
> https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues |
| 20 |
> |
| 21 |
|
| 22 |
|
| 23 |
Another update, I have masked ~arch ca-certificates: |
| 24 |
>app-misc/ca-certificates-20210119.3.66 |
| 25 |
|
| 26 |
Downgraded to stable one, and now certificate verification is |
| 27 |
successful with gnutls-cli on my test example. Weird since it didn't |
| 28 |
fail to verify similar chains with newer app-misc/ca-certificates. I |
| 29 |
will file a bug report, but still not sure which component app-mist/ca- |
| 30 |
certificates or net-libs/gnutls. |
| 31 |
|
| 32 |
Regards, |
| 33 |
Branko |
Archives