On Tue, 2021-11-23 at 18:14 -0500, Jack wrote:
> OK, here's something.
> 
> I changed my stable version of ca-certificates from -cacert to
> cacert,  
> and now I get the same failure you do.  So - it's due to either  
> something in nss-cacert-class1-class3-r2.patch which only gets
> applied  
> if that USE flag is set, or to something else only done when that
> USE  
> flag is set.
> 
> I don't understand it, but it's a place to start - and note the note
> in  
> the ebuild:
> 
> # When triaging user reports, refer to our wiki for tips:
> #
> https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
> 


Another update, I have masked ~arch ca-certificates:
>app-misc/ca-certificates-20210119.3.66

Downgraded to stable one, and now certificate verification is
successful with gnutls-cli on my test example. Weird since it didn't
fail to verify similar chains with newer app-misc/ca-certificates. I
will file a bug report, but still not sure which component app-mist/ca-
certificates or net-libs/gnutls. 

Regards,
Branko

Reply via email to