[gnutls-devel] GnuTLS | Unable to verify certificate chain on app.usmobile.com (#1771)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Dec 5 19:07:59 CET 2025 



Andreas Metzler commented: https://gitlab.com/gnutls/gnutls/-/issues/1771#note_2936401832


Hmm. works for me on both Debian testing (3.8.10) and sid (3.8.11)
```
(sid)ametzler at argenau:~$ gnutls-cli app.usmobile.com < /dev/null
Processed 150 CA certificate(s).
Resolving 'app.usmobile.com:443'...
Connecting to '2606:4700::6812:667:443'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
 - subject `CN=app.usmobile.com', issuer `CN=Cloudflare TLS Issuing ECC CA 3,O=SSL Corporation,C=US', serial 0x3d7fb41e831e456921073810e12e6290, EC/ECDSA key 256 bits, signed using ECDSA-SHA256, activated `2025-11-12 18:05:49 UTC', expires `2026-11-12 17:47:06 UTC', pin-sha256="70y5eLrafXTVMjbptBrllO9Mw8FW9c2xuofNXy0Qqkc="
        Public Key ID:
                sha1:edd8ffacf5be4501880ac4d61bb967f84583cb6f
                sha256:ef4cb978bada7d74d53236e9b41ae594ef4cc3c156f5cdb1ba87cd5f2d10aa47
        Public Key PIN:
                pin-sha256:70y5eLrafXTVMjbptBrllO9Mw8FW9c2xuofNXy0Qqkc=

- Certificate[1] info:
 - subject `CN=Cloudflare TLS Issuing ECC CA 3,O=SSL Corporation,C=US', issuer `CN=SSL.com TLS Transit ECC CA R2,O=SSL Corporation,C=US', serial 0x31eee88afb87cd9ef8336604743f9b27, EC/ECDSA key 256 bits, signed using ECDSA-SHA384, activated `2025-05-29 19:49:45 UTC', expires `2035-05-27 19:49:44 UTC', pin-sha256="44viFzTC+h/L+3OHRg4Rs5v4+AcpzHZvI9Tne2RDNGk="
- Certificate[2] info:
 - subject `CN=SSL.com TLS Transit ECC CA R2,O=SSL Corporation,C=US', issuer `CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB', serial 0x00ad8d2df64681a0d36447eaa94fa273c1, EC/ECDSA key 384 bits, signed using RSA-SHA256, activated `2024-06-21 00:00:00 UTC', expires `2028-12-31 23:59:59 UTC', pin-sha256="OXyj9ngbqO9cjLeO/+t9Ggl2EP4JTnVWHq4LEwhFM9w="
- Status: The certificate is trusted.
- Description: (TLS1.3-X.509)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
- Session ID: F7:88:DF:EA:BB:42:F6:D3:98:22:56:4A:B3:5E:09:28:DE:2E:60:E1:05:A5:77:12:62:91:A3:59:48:77:6A:0E
- Options: OCSP status request,
- Handshake was completed

- Simple Client Mode:

- Peer has closed the GnuTLS connection
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1771#note_2936401832
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20251205/7a58cd96/attachment.html>

More information about the Gnutls-devel mailing list