From: djaonline <djaonline@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: A bug in gnutls-3.8.5_1 while connecting to some servers with old tls(gnutls-3.8.4_1 works fine)
Date: Fri, 12 Apr 2024 10:03:48 +0200 [thread overview]
Message-ID: <20240412080348.112B220F59@inbox.vuxu.org> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-49804@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 15852 bytes --]
New comment by djaonline on void-packages repository
https://github.com/void-linux/void-packages/issues/49804#issuecomment-2051230972
Comment:
`gnutls-cli -V xxx`
```
Processed 170 CA certificate(s).
Resolving 'xxx:443'...
Connecting to 'xxx.xx.xx.xx:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- X.509 Certificate Information:
Version: 3
Serial Number (hex): 6ae640253db2cdb9a97bf8a0
Issuer: CN=AlphaSSL CA - SHA256 - G4,O=GlobalSign nv-sa,C=BE
Validity:
Not Before: Tue Jan 23 13:51:08 UTC 2024
Not After: Sun Feb 23 13:51:07 UTC 2025
Subject: CN=*.xxx.xx
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:b8:0d:df:cd:3c:8f:47:61:24:22:8c:e3:ea:58:03
88:33:65:5b:ca:3a:9e:e5:d2:f8:4c:b7:fd:45:cf:f8
5e:f1:ce:44:c8:a6:5c:b3:36:49:6c:03:52:17:4d:5d
50:5f:aa:89:6f:4f:44:28:d2:a4:ff:3f:67:20:1d:44
04:5f:8d:90:79:85:77:f9:10:7d:69:ee:54:cb:10:66
72:90:0d:b2:64:d7:c0:8c:79:d9:05:60:f2:44:ed:b4
a4:2b:c4:cc:82:2a:3b:80:c3:32:1c:71:eb:16:a1:24
84:37:4c:6c:25:78:37:2c:75:f0:8e:fe:d9:74:fd:54
64:4f:87:74:52:8f:89:a5:49:bb:95:5f:26:e0:e1:a6
c9:56:cb:b6:ed:e6:1e:83:7f:ce:43:3d:9b:03:f8:ca
f8:1e:b1:c2:c4:62:de:fa:4c:b0:8d:16:fe:49:b6:8e
ea:52:f1:42:16:03:c3:06:0a:e0:c8:dc:f2:38:a8:45
c4:45:23:bf:02:93:a4:5c:9b:4a:4a:b3:f1:4d:3a:af
3d:b1:fd:ac:ba:c2:8a:86:19:bf:ba:f6:b0:81:6c:ad
ab:4c:73:e9:6c:d6:39:fc:f2:46:5c:a3:41:26:58:b2
dc:d1:bd:22:f4:56:fc:3d:43:57:dd:ec:38:00:bb:d7
d5
Exponent (bits 24):
01:00:01
Extensions:
Key Usage (critical):
Digital signature.
Key encipherment.
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Authority Information Access (not critical):
Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
Access Location URI: http://secure.globalsign.com/cacert/alphasslcasha256g4.crt
Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
Access Location URI: http://ocsp.globalsign.com/alphasslcasha256g4
Certificate Policies (not critical):
2.23.140.1.2.1 (CA/B Domain Validated)
1.3.6.1.4.1.4146.10.1.3
URI: https://www.globalsign.com/repository/
CRL Distribution points (not critical):
URI: http://crl.globalsign.com/alphasslcasha256g4.crl
Subject Alternative Name (not critical):
DNSname: *.xxx.xx
DNSname: xx.xx
Key Purpose (not critical):
TLS WWW Server.
TLS WWW Client.
Authority Key Identifier (not critical):
4fcbaca8c2efabdd836f6bbfce983d5c58257615
Subject Key Identifier (not critical):
b00ba00b67063a6bccfdd6bf2e722800d5964567
CT Precertificate SCTs (not critical):
Signed Certificate Timestamp 1:
Version: 1
Log ID: e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e50
Time: Tue, Jan 23 13:51:14 UTC 2024
Extensions: none
Signature algorithm: ECDSA-SHA256
Signature: 3045022100cfae2a6dacbdc60abbbe0111cb235584662a23d8f28487320ab8c22d7cf62e2d0220609846b9a9cf41bc110d4dffd46ed50c1c095aacfafe5f9e75f39d81e66a26a2
Signed Certificate Timestamp 2:
Version: 1
Log ID: 4e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df
Time: Tue, Jan 23 13:51:14 UTC 2024
Extensions: none
Signature algorithm: ECDSA-SHA256
Signature: 304502201406cd47e03b34c041fc5978379dcc90612ed550920f9db76ddbeaa8444ef871022100bc5b097132fee6c2563a77610b84bcc6f9d5e6ca67e10fef2e22b5778d66c32d
Signed Certificate Timestamp 3:
Version: 1
Log ID: e092b3fc0c1dc8e768361fde61b9964d0a5278198a72d672c4b04da56d6f5404
Time: Tue, Jan 23 13:51:14 UTC 2024
Extensions: none
Signature algorithm: ECDSA-SHA256
Signature: 304402204db1f355744057caac6d3749d209204b18b0cd7ab20dec78bd02f08f41d40915022036f7f5a1e8dd464767a571ef670a282ae97050ef5fac8db39fb5e396bffc12f0
Signature Algorithm: RSA-SHA256
Signature:
a7:b6:93:23:1d:6e:7a:51:91:98:29:cc:5c:eb:3c:9e
95:31:06:d6:f1:3c:d3:b9:d3:8a:cc:61:e6:99:be:61
9a:c6:df:83:1f:86:83:74:04:f7:48:f7:ed:2f:56:13
82:38:63:f9:fe:51:f9:19:86:c3:9b:23:70:82:ae:d3
20:d6:54:e3:2e:68:9d:07:7b:ef:58:ce:22:75:41:67
69:52:83:9c:cf:5a:63:16:df:f7:e7:17:2f:1f:48:0d
c1:ca:f0:cf:35:e6:6d:d3:f8:22:d7:2d:ef:69:f2:a7
63:cd:d2:8b:b1:da:32:6f:53:85:91:f3:2f:09:a0:b7
55:6c:8d:c5:57:38:c6:37:63:57:b7:fb:f0:a4:75:e6
8a:76:fa:00:0a:6a:29:ca:5e:12:35:00:4d:57:e7:ab
2c:60:5f:97:67:a1:8b:8b:0f:3b:06:63:6b:c8:a3:48
1e:6c:a5:f9:5f:ae:8d:af:6f:41:b6:ab:78:3a:6e:81
14:3b:18:d4:a5:5d:32:7b:06:10:34:f9:e3:8d:34:0f
01:35:6e:c6:26:8b:fc:cf:45:86:e1:9a:c3:cd:c9:ee
d8:1a:81:99:f5:ac:1e:b4:c1:62:56:46:a4:cb:8d:e6
76:9c:70:5d:78:ff:ee:1d:f7:10:f4:58:dc:e1:07:9e
Other Information:
Fingerprint:
sha1:f24a961c2194fb4bedd60a03fef227c1171cfd71
sha256:4fbcfda47910ac9813f9223805a61918c863a9062c88eb6a8dd658c498d670a8
Public Key ID:
sha1:c588dc648e300da16345c0d7de2f0fe4fcd30834
sha256:ef0fa958fcd5bf9da3958cf32ed43290eb867a288c8da9234378fa751e565aa3
Public Key PIN:
pin-sha256:7w+pWPzVv52jlYzzLtQykOuGeiiMjakjQ3j6dR5WWqM=
-----BEGIN CERTIFICATE-----
MIIGQTCCBSmgAwIBAgIMauZAJT2yzbmpe/igMA0GCSqGSIb3DQEBCwUAMEwxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIwIAYDVQQDExlB
bHBoYVNTTCBDQSAtIFNIQTI1NiAtIEc0MB4XDTI0MDEyMzEzNTEwOFoXDTI1MDIy
MzEzNTEwN1owFjEUMBIGA1UEAwwLKi4xcHJpbWUucnUwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC4Dd/NPI9HYSQijOPqWAOIM2Vbyjqe5dL4TLf9Rc/4
XvHORMimXLM2SWwDUhdNXVBfqolvT0Qo0qT/P2cgHUQEX42QeYV3+RB9ae5UyxBm
cpANsmTXwIx52QVg8kTttKQrxMyCKjuAwzIccesWoSSEN0xsJXg3LHXwjv7ZdP1U
ZE+HdFKPiaVJu5VfJuDhpslWy7bt5h6Df85DPZsD+Mr4HrHCxGLe+kywjRb+SbaO
6lLxQhYDwwYK4Mjc8jioRcRFI78Ck6Rcm0pKs/FNOq89sf2susKKhhm/uvawgWyt
q0xz6WzWOfzyRlyjQSZYstzRvSL0Vvw9Q1fd7DgAu9fVAgMBAAGjggNXMIIDUzAO
BgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADCBkwYIKwYBBQUHAQEEgYYwgYMw
RgYIKwYBBQUHMAKGOmh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0
L2FscGhhc3NsY2FzaGEyNTZnNC5jcnQwOQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3Nw
Lmdsb2JhbHNpZ24uY29tL2FscGhhc3NsY2FzaGEyNTZnNDBXBgNVHSAEUDBOMAgG
BmeBDAECATBCBgorBgEEAaAyCgEDMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3
Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMEEGA1UdHwQ6MDgwNqA0oDKGMGh0
dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vYWxwaGFzc2xjYXNoYTI1Nmc0LmNybDAh
BgNVHREEGjAYggsqLjFwcmltZS5ydYIJMXByaW1lLnJ1MB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBRPy6yowu+r3YNva7/OmD1cWCV2
FTAdBgNVHQ4EFgQUsAugC2cGOmvM/da/LnIoANWWRWcwggF9BgorBgEEAdZ5AgQC
BIIBbQSCAWkBZwB2AObSMWNAd4zBEEEG13G5zsHSQPaWhIb7uocyHf0eN45QAAAB
jTaW4HgAAAQDAEcwRQIhAM+uKm2svcYKu74BEcsjVYRmKiPY8oSHMgq4wi189i4t
AiBgmEa5qc9BvBENTf/UbtUMHAlarPr+X551852B5momogB2AE51oydcmhDDOFts
1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABjTaW44QAAAQDAEcwRQIgFAbNR+A7NMBB
/Fl4N53MkGEu1VCSD523bdvqqERO+HECIQC8WwlxMv7mwlY6d2ELhLzG+dXmymfh
D+8uIrV3jWbDLQB1AOCSs/wMHcjnaDYf3mG5lk0KUngZinLWcsSwTaVtb1QEAAAB
jTaW4QYAAAQDAEYwRAIgTbHzVXRAV8qsbTdJ0gkgSxiwzXqyDex4vQLwj0HUCRUC
IDb39aHo3UZHZ6Vx72cKKCrpcFDvX6yNs5+145a//BLwMA0GCSqGSIb3DQEBCwUA
A4IBAQCntpMjHW56UZGYKcxc6zyelTEG1vE807nTisxh5pm+YZrG34MfhoN0BPdI
9+0vVhOCOGP5/lH5GYbDmyNwgq7TINZU4y5onQd771jOInVBZ2lSg5zPWmMW3/fn
Fy8fSA3ByvDPNeZt0/gi1y3vafKnY83Si7HaMm9ThZHzLwmgt1VsjcVXOMY3Y1e3
+/CkdeaKdvoACmopyl4SNQBNV+erLGBfl2ehi4sPOwZja8ijSB5spflfro2vb0G2
q3g6boEUOxjUpV0yewYQNPnjjTQPATVuxiaL/M9FhuGaw83J7tgagZn1rB60wWJW
RqTLjeZ2nHBdeP/uHfcQ9Fjc4Qee
-----END CERTIFICATE-----
- Certificate[1] info:
- X.509 Certificate Information:
Version: 3
Serial Number (hex): 7d4d42a92b431d7e6453e7c19a8d5877
Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
Validity:
Not Before: Wed Oct 12 03:49:43 UTC 2022
Not After: Tue Oct 12 00:00:00 UTC 2027
Subject: CN=AlphaSSL CA - SHA256 - G4,O=GlobalSign nv-sa,C=BE
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:ad:24:29:95:66:15:88:3f:33:87:03:78:cf:d5:0c
24:b8:31:53:f3:ff:83:22:6c:99:95:2b:7c:e5:4a:59
c2:ae:c6:d1:2a:9d:fa:7f:20:2e:51:c8:67:2a:50:91
a7:79:56:44:fb:38:b5:3e:30:8e:fc:94:2e:cb:57:0c
69:53:5f:44:c6:56:96:2f:ae:c0:37:25:86:f1:71:f1
dc:02:45:42:86:61:b8:36:ef:51:e3:73:45:0c:90:b3
a5:d2:e7:03:7a:b8:39:45:d0:17:f5:02:d0:94:41:6a
c6:18:b1:98:c3:20:b5:c5:3a:f3:82:b1:4a:a4:44:ac
21:73:2a:92:55:06:4e:c8:7c:8b:b0:ca:66:14:54:55
f8:2b:3c:b2:54:91:b6:cb:52:b2:d8:e3:6f:8a:44:28
b0:7d:2b:c1:96:80:b9:3e:00:d8:9e:3d:e8:31:9d:5a
4d:ed:d6:7e:4d:e5:d4:8e:03:dd:12:9a:27:83:d4:d6
a1:d7:84:72:4e:81:ed:9b:8c:62:06:97:a3:2c:68:13
7e:04:1d:ac:af:a1:27:c5:7d:31:9c:c2:1b:7b:0d:a8
21:f3:85:a0:ba:ac:e3:bb:e1:fc:61:f8:24:dd:2a:aa
5d:96:04:77:c3:3d:50:e6:dd:bf:86:43:16:3a:37:f2
d7
Exponent (bits 24):
01:00:01
Extensions:
Key Usage (critical):
Digital signature.
Certificate signing.
CRL signing.
Key Purpose (not critical):
TLS WWW Server.
TLS WWW Client.
Basic Constraints (critical):
Certificate Authority (CA): TRUE
Path Length Constraint: 0
Subject Key Identifier (not critical):
4fcbaca8c2efabdd836f6bbfce983d5c58257615
Authority Key Identifier (not critical):
607b661a450d97ca89502f7d04cd34a8fffcfd4b
Authority Information Access (not critical):
Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
Access Location URI: http://ocsp.globalsign.com/rootr1
Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
Access Location URI: http://secure.globalsign.com/cacert/root-r1.crt
CRL Distribution points (not critical):
URI: http://crl.globalsign.com/root.crl
Certificate Policies (not critical):
2.23.140.1.2.1 (CA/B Domain Validated)
1.3.6.1.4.1.4146.10.1.3
Signature Algorithm: RSA-SHA256
Signature:
1a:25:f6:73:64:88:40:a9:59:07:a7:43:ba:15:3f:51
61:bd:15:ff:2d:64:dd:cd:7a:5d:32:6a:7f:48:42:e7
10:98:68:39:ef:b7:eb:a1:34:76:df:2d:58:68:3e:7b
30:1c:0c:f7:86:60:f9:a9:f3:79:c0:54:b7:83:a6:38
bb:36:ab:bc:95:d0:7c:f8:6f:c1:e9:4f:46:07:c8:b6
0c:32:00:a9:2b:05:12:f7:0c:6d:66:f9:81:9d:bf:0e
64:4d:72:27:c6:8b:d1:4a:02:e1:6e:db:0c:9f:b7:8b
38:0c:7c:33:2f:60:89:db:38:cc:95:43:8c:dd:16:84
d5:cc:6e:3a:cf:8e:9b:a3:02:0f:d1:bb:be:79:00:b5
28:82:fc:e3:9f:1c:ef:74:d9:fe:32:23:66:b8:f0:af
a0:29:a0:1f:de:52:12:15:78:dd:df:6a:70:43:6d:4b
a4:cd:ee:78:81:b2:75:a2:7e:d7:fc:fc:9e:ff:82:ed
25:13:e5:b1:e8:cf:b7:18:53:6e:cb:52:f8:75:9f:65
92:36:70:ba:fd:0c:05:4a:83:fa:80:d2:9a:e0:f3:8e
fe:83:b5:df:18:e1:ac:b4:47:27:fd:38:70:a3:1b:44
02:ed:25:64:24:3d:a7:09:f1:22:55:84:1d:91:ec:12
Other Information:
Fingerprint:
sha1:d3416262727fe182e0996c793b0fa44676c6541a
sha256:7c4e90207b2b7caec080426cc469908cb27b925ee3b1c999c22b8568812fda8c
Public Key ID:
sha1:50939609e089962950828c18bf9852d0d39cd651
sha256:05bad5221118bef04be858b20bb9f354a2cb0d4dc63d876a1d601f9347afffcd
Public Key PIN:
pin-sha256:BbrVIhEYvvBL6FiyC7nzVKLLDU3GPYdqHWAfk0ev/80=
-----BEGIN CERTIFICATE-----
MIIEijCCA3KgAwIBAgIQfU1CqStDHX5kU+fBmo1YdzANBgkqhkiG9w0BAQsFADBX
MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE
CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIyMTAx
MjAzNDk0M1oXDTI3MTAxMjAwMDAwMFowTDELMAkGA1UEBhMCQkUxGTAXBgNVBAoT
EEdsb2JhbFNpZ24gbnYtc2ExIjAgBgNVBAMTGUFscGhhU1NMIENBIC0gU0hBMjU2
IC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtJCmVZhWIPzOH
A3jP1QwkuDFT8/+DImyZlSt85UpZwq7G0Sqd+n8gLlHIZypQkad5VkT7OLU+MI78
lC7LVwxpU19ExlaWL67ANyWG8XHx3AJFQoZhuDbvUeNzRQyQs6XS5wN6uDlF0Bf1
AtCUQWrGGLGYwyC1xTrzgrFKpESsIXMqklUGTsh8i7DKZhRUVfgrPLJUkbbLUrLY
42+KRCiwfSvBloC5PgDYnj3oMZ1aTe3Wfk3l1I4D3RKaJ4PU1qHXhHJOge2bjGIG
l6MsaBN+BB2sr6EnxX0xnMIbew2oIfOFoLqs47vh/GH4JN0qql2WBHfDPVDm3b+G
QxY6N/LXAgMBAAGjggFbMIIBVzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYE
FE/LrKjC76vdg29rv86YPVxYJXYVMB8GA1UdIwQYMBaAFGB7ZhpFDZfKiVAvfQTN
NKj//P1LMHoGCCsGAQUFBwEBBG4wbDAtBggrBgEFBQcwAYYhaHR0cDovL29jc3Au
Z2xvYmFsc2lnbi5jb20vcm9vdHIxMDsGCCsGAQUFBzAChi9odHRwOi8vc2VjdXJl
Lmdsb2JhbHNpZ24uY29tL2NhY2VydC9yb290LXIxLmNydDAzBgNVHR8ELDAqMCig
JqAkhiJodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL3Jvb3QuY3JsMCEGA1UdIAQa
MBgwCAYGZ4EMAQIBMAwGCisGAQQBoDIKAQMwDQYJKoZIhvcNAQELBQADggEBABol
9nNkiECpWQenQ7oVP1FhvRX/LWTdzXpdMmp/SELnEJhoOe+366E0dt8tWGg+ezAc
DPeGYPmp83nAVLeDpji7Nqu8ldB8+G/B6U9GB8i2DDIAqSsFEvcMbWb5gZ2/DmRN
cifGi9FKAuFu2wyft4s4DHwzL2CJ2zjMlUOM3RaE1cxuOs+Om6MCD9G7vnkAtSiC
/OOfHO902f4yI2a48K+gKaAf3lISFXjd32pwQ21LpM3ueIGydaJ+1/z8nv+C7SUT
5bHoz7cYU27LUvh1n2WSNnC6/QwFSoP6gNKa4POO/oO13xjhrLRHJ/04cKMbRALt
JWQkPacJ8SJVhB2R7BI=
-----END CERTIFICATE-----
- Status: The certificate is trusted.
*** Fatal error: The encryption algorithm is not supported.
```
next prev parent reply other threads:[~2024-04-12 8:03 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-11 18:01 [ISSUE] " djaonline
2024-04-11 19:41 ` cinerea0
2024-04-11 21:39 ` djaonline
2024-04-11 21:40 ` djaonline
2024-04-11 21:47 ` djaonline
2024-04-12 5:54 ` sgn
2024-04-12 8:03 ` djaonline [this message]
2024-04-12 8:06 ` djaonline
2024-04-12 8:11 ` djaonline
2024-04-12 11:02 ` djaonline
2024-05-02 19:25 ` nazgulsenpai
2024-05-02 19:27 ` nazgulsenpai
2024-05-02 19:27 ` classabbyamp
2024-05-08 9:41 ` djaonline
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240412080348.112B220F59@inbox.vuxu.org \
--to=djaonline@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).