lucidiot/itsb
lucidiot
/
itsb
1
1
Fork 0
Code Issues 61 Pull Requests Releases Wiki Activity

SAIA feeds are down due to unknown issuer certificate #122

New Issue
Closed
opened 2023-01-02 14:48:14 +00:00 by lucidiot · 0 comments
lucidiot commented 2023-01-02 14:48:14 +00:00
Owner
Copy Link

The 12 custom feeds of SAIA are failing due to a good old curl: (60) SSL certificate problem: unable to get local issuer certificate.

λ ~/ openssl s_client -connect havkom.se:443 </dev/null
CONNECTED(00000003)
depth=0 C = SE, L = Stockholm, O = Statens haverikommission, CN = havkom.se
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = SE, L = Stockholm, O = Statens haverikommission, CN = havkom.se
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:C = SE, L = Stockholm, O = Statens haverikommission, CN = havkom.se
   i:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
---

The exact same error occurs with www.havkom.se. For some reason, on another website also signed by DigiCert TLS RSA SHA256 2020 CA1, the verification does work:

λ ~/ openssl s_client -connect duckduckgo.com:443 </dev/null
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
verify return:1
depth=0 C = US, ST = Pennsylvania, L = Paoli, O = "Duck Duck Go, Inc.", CN = *.duckduckgo.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = Pennsylvania, L = Paoli, O = "Duck Duck Go, Inc.", CN = *.duckduckgo.com
   i:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
 1 s:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
---

Both havkom.se and DuckDuckGo work inside a web browser as well.

The 12 custom feeds of SAIA are failing due to a good old `curl: (60) SSL certificate problem: unable to get local issuer certificate`. ``` λ ~/ openssl s_client -connect havkom.se:443 </dev/null CONNECTED(00000003) depth=0 C = SE, L = Stockholm, O = Statens haverikommission, CN = havkom.se verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = SE, L = Stockholm, O = Statens haverikommission, CN = havkom.se verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:C = SE, L = Stockholm, O = Statens haverikommission, CN = havkom.se i:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1 --- ``` The exact same error occurs with `www.havkom.se`. For some reason, on another website also signed by `DigiCert TLS RSA SHA256 2020 CA1`, the verification does work: ``` λ ~/ openssl s_client -connect duckduckgo.com:443 </dev/null CONNECTED(00000003) depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1 verify return:1 depth=0 C = US, ST = Pennsylvania, L = Paoli, O = "Duck Duck Go, Inc.", CN = *.duckduckgo.com verify return:1 --- Certificate chain 0 s:C = US, ST = Pennsylvania, L = Paoli, O = "Duck Duck Go, Inc.", CN = *.duckduckgo.com i:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1 1 s:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1 i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA --- ``` Both havkom.se and DuckDuckGo work inside a web browser as well.
lucidiot added the
bug
feed
 labels 2023-01-02 14:48:14 +00:00
lucidiot self-assigned this 2023-01-02 14:48:14 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
external cause:politics

Politics are impacting a specific feed, and there is nothing ITSB can do about it.

  
external cause:upstream bug

The feed's data source has an issue that the data provider should resolve themselves.

  
feed

An issue related to a specific feed

  
help wanted

External contributors are welcome to help.

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No Label
bug
duplicate
enhancement
external cause:politics
external cause:upstream bug
feed
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
lucidiot
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: lucidiot/itsb#122
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?