From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: * X-Spam-Status: No, score=1.4 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 32749 invoked from network); 8 Dec 2022 10:20:12 -0000 Received: from bsd.lv (HELO mandoc.bsd.lv) (66.111.2.12) by inbox.vuxu.org with ESMTPUTF8; 8 Dec 2022 10:20:12 -0000 Received: from fantadrom.bsd.lv (localhost [127.0.0.1]) by mandoc.bsd.lv (OpenSMTPD) with ESMTP id ff4bd630 for ; Thu, 8 Dec 2022 05:20:09 -0500 (EST) Received: from mail-lf1-f41.google.com (mail-lf1-f41.google.com [209.85.167.41]) by mandoc.bsd.lv (OpenSMTPD) with ESMTP id 1e428845 for ; Thu, 8 Dec 2022 05:20:08 -0500 (EST) Received: by mail-lf1-f41.google.com with SMTP id bp15so1295518lfb.13 for ; Thu, 08 Dec 2022 02:20:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=GJtT/QQtDEC39S94+tNB2UULGQg5TEpCCTDXvyMK3Xk=; b=htTJTeXJFFm6L36uM3ogGqGS+fl7FGIc8MC4bNsLpC+FTiWPWV1RI1gc46pc1eyowa hA5CwwRD/iOc+GdOyHuZmL05aLBcFM7dCeCVTwGOwrSYw6cyuVgVPO5nnHyqnxXCjp5k giTelg5rVpNfRjy5UHG1/56pED5VRnUuX2GvvNm/4OhW0nA5oy/7T+WP2SfYasLYx1Iu 9iQmIEaQnGJAUNuYYHzYJs6ryNj1xLu+mwzzi1WsiSovSL1LNSXpgN0gEjeSDdc9bnp5 4VDGjUadcEGLaCni4uINrGPZIwigpUZlnCzp89YmmPpLlKp19t2k5m4AQiUdBpvENSVk hj0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=GJtT/QQtDEC39S94+tNB2UULGQg5TEpCCTDXvyMK3Xk=; b=6Pps6lAsJVJFgn1cTxdXVHUPrHnpaES60SIBWt+wg+Fr0NM9iHXLKfYw2yWlDx8jAT Qr169y4qn/a2af+WjcCYwNYWErJvplq1fp//oN41/ZMAArEB9SlM4KQb3kCBxozkd2Fy ndHsc2EL+vWVeqwLYdm017US/cNbjdCnIxf7ntzpm2iV/2mpM8lx9I1cLXdtJrSDon5e SQheM3wYxA5X+qvSJYHVCctOVxUS+VTsympBN2Fjc8+Mx79sRPGhVERQ/CvFgnT2/7Wj eDzA/qnNlvBNq4BCxR4+6Pz2tMXCMfEAbhgGoO1PbGVBezXURWp5wbr5EzIEt7drCOC7 bbPw== X-Gm-Message-State: ANoB5plUYKDaY/iWgfYmHs99G1c56tm/UY1uootgNjOn3EuFUgPdSqhn JuIB9neDSXOWRvGuEFfOR0OouWmckIg9oJceR0etJFS+ZrI= X-Google-Smtp-Source: AA0mqf6MGeuJkqAyoeQlofKGQ6CuXJTQYR0eFdoaCZ6ttH0vMIp6sNwsbdHS/Gw8EfCY55qpucE4Mu1NcyUw72R28/o= X-Received: by 2002:a05:6512:21cd:b0:4b5:7372:b5cf with SMTP id d13-20020a05651221cd00b004b57372b5cfmr5242637lft.104.1670494806084; Thu, 08 Dec 2022 02:20:06 -0800 (PST) X-Mailinglist: mandoc-discuss Reply-To: discuss@mandoc.bsd.lv MIME-Version: 1.0 References: In-Reply-To: From: Jon Ronnenberg Date: Thu, 8 Dec 2022 11:19:54 +0100 Message-ID: Subject: Re: certificate has expired for https://mandoc.bsd.lv according to curl To: discuss@mandoc.bsd.lv Content-Type: text/plain; charset="UTF-8" Thanks for looking into this Raf. It might be that it's an issue with my very old mac. The latest supported OS is macOS 10.13.6 High Sierra. I don't have a .curlrc. But I've just upgraded curl to 7.86.0 and it seems to work now. curl -vI https://mandoc.bsd.lv/snapshots/mandoc-1.14.6.tar.gz * Trying 66.111.2.12:443... * Connected to mandoc.bsd.lv (66.111.2.12) port 443 (#0) * ALPN: offers h2 * ALPN: offers http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305 * ALPN: server did not agree on a protocol. Uses default. * Server certificate: * subject: CN=bsd.lv * start date: Nov 5 07:30:24 2022 GMT * expire date: Feb 3 07:30:23 2023 GMT * subjectAltName: host "mandoc.bsd.lv" matched cert's "mandoc.bsd.lv" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok. > HEAD /snapshots/mandoc-1.14.6.tar.gz HTTP/1.1 > Host: mandoc.bsd.lv > User-Agent: curl/7.86.0 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK HTTP/1.1 200 OK < Connection: keep-alive Connection: keep-alive < Content-Length: 697150 Content-Length: 697150 < Content-Type: application/octet-stream Content-Type: application/octet-stream < Date: Thu, 08 Dec 2022 10:12:29 GMT Date: Thu, 08 Dec 2022 10:12:29 GMT < Last-Modified: Thu, 23 Sep 2021 18:03:53 GMT Last-Modified: Thu, 23 Sep 2021 18:03:53 GMT < Server: OpenBSD httpd Server: OpenBSD httpd < * Connection #0 to host mandoc.bsd.lv left intact Sorry for the noise. On Wed, Dec 7, 2022 at 10:52 PM Raf Czlonka wrote: > > Hi Jon, > > On Wed, Dec 07, 2022 at 07:35:07PM GMT, Jon Ronnenberg wrote: > > Here is what I get from curl 7.54.0: > > > > curl -vI https://mandoc.bsd.lv/snapshots/mandoc-1.14.6.tar.gz > > Trying 66.111.2.12... > > TCP_NODELAY set > > Connected to mandoc.bsd.lv (66.111.2.12) port 443 (#0) > > ALPN, offering h2 > > ALPN, offering http/1.1 > > Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH > > Is the above set in your .curlrc? > > > successfully set certificate verify locations: > > CAfile: /etc/ssl/cert.pem > > CApath: none > > TLSv1.2 (OUT), TLS handshake, Client hello (1): > > TLSv1.2 (IN), TLS handshake, Server hello (2): > > TLSv1.2 (IN), TLS handshake, Certificate (11): > > TLSv1.2 (OUT), TLS alert, Server hello (2): > > SSL certificate problem: certificate has expired > > stopped the pause stream! > > Closing connection 0 > > curl: (60) SSL certificate problem: certificate has expired > > I can't reproduce it - it works fine with curl packages for > OpenBSD-current, macOS 13.0.1, and Ubuntu 20.04 LTS. > > Regards, > > Raf > -- > To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv > -- To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv