Re: certificate has expired for https://mandoc.bsd.lv according to curl

discuss@mandoc.bsd.lv
 help / color / mirror / Atom feed

From: Jon Ronnenberg <jon.ronnenberg@gmail.com>
To: discuss@mandoc.bsd.lv
Subject: Re: certificate has expired for https://mandoc.bsd.lv according to curl
Date: Thu, 8 Dec 2022 11:19:54 +0100	[thread overview]
Message-ID: <CAPEZGVt0KQPhRBcbYHf-apVfqcqamjssMJAc+Ra7YW00Xycc+w@mail.gmail.com> (raw)
In-Reply-To: <Y5EK6/zG2XiiyLdP@gmail.com>

Thanks for looking into this Raf.
It might be that it's an issue with my very old mac. The latest
supported OS is macOS 10.13.6 High Sierra.

I don't have a .curlrc. But I've just upgraded curl to 7.86.0 and it
seems to work now.

curl -vI https://mandoc.bsd.lv/snapshots/mandoc-1.14.6.tar.gz
* Trying 66.111.2.12:443...
* Connected to mandoc.bsd.lv (66.111.2.12) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: CN=bsd.lv
* start date: Nov 5 07:30:24 2022 GMT
* expire date: Feb 3 07:30:23 2023 GMT
* subjectAltName: host "mandoc.bsd.lv" matched cert's "mandoc.bsd.lv"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
> HEAD /snapshots/mandoc-1.14.6.tar.gz HTTP/1.1
> Host: mandoc.bsd.lv
> User-Agent: curl/7.86.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Connection: keep-alive
Connection: keep-alive
< Content-Length: 697150
Content-Length: 697150
< Content-Type: application/octet-stream
Content-Type: application/octet-stream
< Date: Thu, 08 Dec 2022 10:12:29 GMT
Date: Thu, 08 Dec 2022 10:12:29 GMT
< Last-Modified: Thu, 23 Sep 2021 18:03:53 GMT
Last-Modified: Thu, 23 Sep 2021 18:03:53 GMT
< Server: OpenBSD httpd
Server: OpenBSD httpd

<
* Connection #0 to host mandoc.bsd.lv left intact

Sorry for the noise.

On Wed, Dec 7, 2022 at 10:52 PM Raf Czlonka <rczlonka@gmail.com> wrote:
>
> Hi Jon,
>
> On Wed, Dec 07, 2022 at 07:35:07PM GMT, Jon Ronnenberg wrote:
> > Here is what I get from curl 7.54.0:
> >
> > curl -vI https://mandoc.bsd.lv/snapshots/mandoc-1.14.6.tar.gz
> > Trying 66.111.2.12...
> > TCP_NODELAY set
> > Connected to mandoc.bsd.lv (66.111.2.12) port 443 (#0)
> > ALPN, offering h2
> > ALPN, offering http/1.1
> > Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
>
> Is the above set in your .curlrc?
>
> > successfully set certificate verify locations:
> > CAfile: /etc/ssl/cert.pem
> > CApath: none
> > TLSv1.2 (OUT), TLS handshake, Client hello (1):
> > TLSv1.2 (IN), TLS handshake, Server hello (2):
> > TLSv1.2 (IN), TLS handshake, Certificate (11):
> > TLSv1.2 (OUT), TLS alert, Server hello (2):
> > SSL certificate problem: certificate has expired
> > stopped the pause stream!
> > Closing connection 0
> > curl: (60) SSL certificate problem: certificate has expired
>
> I can't reproduce it - it works fine with curl packages for
> OpenBSD-current, macOS 13.0.1, and Ubuntu 20.04 LTS.
>
> Regards,
>
> Raf
> --
>  To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv
>
--
 To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv

next prev parent reply	other threads:[~2022-12-08 10:20 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-07 19:35 Jon Ronnenberg
2022-12-07 20:14 ` Kristaps Dzonsons
2022-12-07 20:27   ` Jon Ronnenberg
2022-12-07 21:51 ` Raf Czlonka
2022-12-08 10:19   ` Jon Ronnenberg [this message]
2022-12-08 10:28     ` Raf Czlonka

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAPEZGVt0KQPhRBcbYHf-apVfqcqamjssMJAc+Ra7YW00Xycc+w@mail.gmail.com \
    --to=jon.ronnenberg@gmail.com \
    --cc=discuss@mandoc.bsd.lv \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).