FS#69003 - [wget] [gnutls] some letsencrypt certificates are broken

Attached to Project: Arch Linux
Opened by Krzysztof Piecuch (thy-duang) - Wednesday, 16 December 2020, 14:33 GMT
Last edited by Andreas Radke (AndyRTR) - Sunday, 19 September 2021, 08:48 GMT
Task Type Bug Report
Category Upstream Bugs
Status Closed
Assigned To Jan de Groot (JGC)
Andreas Radke (AndyRTR)
Levente Polyak (anthraxx)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

I can't wget DragonflyBSD images (https://mirror-master.dragonflybsd.org/iso-images/dfly-x86_64-5.8.3_REL.img.bz2) with wget:

Exactly the same commands work in Ubuntu docker image.

I am able to reproduce this issue in my up-to-date ArchLinux installation (i.e. outside of Docker image), but providing a docker (image ccb5897a7183) output for clarity:

```
-> % docker run -it archlinux bash
[root@935664d5cbc1 /]# pacman -Sy wget
:: Synchronizing package databases...
core 133.0 KiB 2.95 MiB/s 00:00 [#######################################] 100%
extra 1645.4 KiB 26.8 MiB/s 00:00 [#######################################] 100%
community 5.2 MiB 101 MiB/s 00:00 [#######################################] 100%
resolving dependencies...
looking for conflicting packages...

Packages (1) wget-1.20.3-3

Total Download Size: 0.71 MiB
Total Installed Size: 2.88 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
wget-1.20.3-3-x86_64 722.2 KiB 22.0 MiB/s 00:00 [#######################################] 100%
(1/1) checking keys in keyring [#######################################] 100%
(1/1) checking package integrity [#######################################] 100%
(1/1) loading package files [#######################################] 100%
(1/1) checking for file conflicts [#######################################] 100%
:: Processing package changes...
(1/1) installing wget [#######################################] 100%
Optional dependencies for wget
ca-certificates: HTTPS downloads [installed]
:: Running post-transaction hooks...
(1/1) Arming ConditionNeedsUpdate...
[root@935664d5cbc1 /]# wget https://mirror-master.dragonflybsd.org/iso-images/dfly-x86_64-5.8.3_REL.img.bz2
--2020-12-16 14:26:35-- https://mirror-master.dragonflybsd.org/iso-images/dfly-x86_64-5.8.3_REL.img.bz2
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving mirror-master.dragonflybsd.org (mirror-master.dragonflybsd.org)... 199.233.90.72, 2001:470:1:43b:1::72
Connecting to mirror-master.dragonflybsd.org (mirror-master.dragonflybsd.org)|199.233.90.72|:443... connected.
ERROR: The certificate of ‘mirror-master.dragonflybsd.org’ is not trusted.
ERROR: The certificate of ‘mirror-master.dragonflybsd.org’ doesn't have a known issuer.
```
This task depends upon

Closed by  Andreas Radke (AndyRTR)
Sunday, 19 September 2021, 08:48 GMT
Reason for closing:  Fixed
Comment by Krzysztof Piecuch (thy-duang) - Thursday, 17 December 2020, 10:01 GMT
It's a regression in gnutls - it was working with gnutls 3.6.15-1, but broke down after gnutls upgrade to 3.7.0-1.

curl is not affected by this bug.
Comment by Andreas Radke (AndyRTR) - Friday, 01 January 2021, 14:55 GMT Comment by Andreas Radke (AndyRTR) - Friday, 01 January 2021, 14:56 GMT Comment by Doug Newgard (Scimmia) - Friday, 01 January 2021, 14:58 GMT
See the duplicate ticket for more upstream info  FS#69169 

Loading...