From mboxrd@z Thu Jan 1 00:00:00 1970 X-Greylist: delayed 558 seconds by postgrey-1.37 at hurricane; Mon, 02 Sep 2019 23:01:47 PDT Received: from nautica.notk.org (nautica.notk.org [91.121.71.147]) by hurricane.the-brannons.com (Postfix) with ESMTPS id D3E517AC54 for ; Mon, 2 Sep 2019 23:01:47 -0700 (PDT) Received: by nautica.notk.org (Postfix, from userid 1001) id 84B15C009; Tue, 3 Sep 2019 07:52:25 +0200 (CEST) Date: Tue, 3 Sep 2019 07:52:10 +0200 From: Dominique Martinet To: Edbrowse-dev@lists.the-brannons.com Subject: Re: [edbrowse-dev] building on ubuntu Message-ID: <20190903055210.GA9581@nautica> References: <20190802201727.eklhad@comcast.net> X-BeenThere: edbrowse-dev@edbrowse.org List-Id: Edbrowse Development List MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20190802201727.eklhad@comcast.net> User-Agent: Mutt/1.5.21 (2010-09-15) Karl Dahlke wrote on Mon, Sep 02, 2019: > > I do not exactly understand your 'gnutls' vs 'openssl'... > > Guess what, neither do I. > We convinced ourselves a year ago that was the problem, but ldd clearly shows my curl linking to openssl, and > curl https://weloveanimals.me > fails on my machine; I switch to another machine, still curl + openssl, and it works. > So we still don't understand it at all. > I wish we did. Hmm, I thought it could be that debian raised the minimum tls version in /etc/ssl/openssl.cnf a year ago or two (MinProtocol = TLSv1.2 in [system_default_sect] section of the file), but that website appears to support older protocols as well if I try to force these with the openssl s_client command... I can connect to it just fine using gnutls-cli as well so it might be something specific to a precise version of debian (tested on a recent-ish buster). Possibly the certificate authority (CA) that this website uses is not bundled by debian? But then I don't see what rebuilding curl would help you with in that case, Kevin might have had a different issue that needed him to rebuild curl. -- Dominique