1 |
On Tue, 2021-11-23 at 18:14 -0500, Jack wrote: |
2 |
> OK, here's something. |
3 |
> |
4 |
> I changed my stable version of ca-certificates from -cacert to |
5 |
> cacert, |
6 |
> and now I get the same failure you do. So - it's due to either |
7 |
> something in nss-cacert-class1-class3-r2.patch which only gets |
8 |
> applied |
9 |
> if that USE flag is set, or to something else only done when that |
10 |
> USE |
11 |
> flag is set. |
12 |
> |
13 |
> I don't understand it, but it's a place to start - and note the note |
14 |
> in |
15 |
> the ebuild: |
16 |
> |
17 |
> # When triaging user reports, refer to our wiki for tips: |
18 |
> # |
19 |
> https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues |
20 |
> |
21 |
|
22 |
|
23 |
Another update, I have masked ~arch ca-certificates: |
24 |
>app-misc/ca-certificates-20210119.3.66 |
25 |
|
26 |
Downgraded to stable one, and now certificate verification is |
27 |
successful with gnutls-cli on my test example. Weird since it didn't |
28 |
fail to verify similar chains with newer app-misc/ca-certificates. I |
29 |
will file a bug report, but still not sure which component app-mist/ca- |
30 |
certificates or net-libs/gnutls. |
31 |
|
32 |
Regards, |
33 |
Branko |