Bug 257995 - security/gnutls: Cannot connect to some websites
Summary: security/gnutls: Cannot connect to some websites
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Tijl Coosemans
URL: https://gitlab.com/gnutls/gnutls/-/me...
Keywords: needs-patch, needs-qa
Depends on:
Blocks:
 
Reported: 2021-08-22 15:43 UTC by Ting-Wei Lan
Modified: 2021-08-23 05:18 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (tijl)
koobs: merge-quarterly?


Attachments
Patch (2.54 KB, patch)
2021-08-22 15:43 UTC, Ting-Wei Lan
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ting-Wei Lan 2021-08-22 15:43:20 UTC
Created attachment 227368 [details]
Patch

For example, Epiphany cannot connect to https://join.gov.tw/. It shows the certificate error page. gnutls-cli also fails and shows these error messages:

|<1>| Got OCSP response with an unrelated certificate.
- Status: The certificate is NOT trusted. The received OCSP status response is invalid. 
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.

It turns out it is a GnuTLS bug which has been fixed in the upstream. If I apply the upstream patch, both Epiphany and gnutls-cli can connect to the site.

https://gitlab.com/gnutls/gnutls/-/issues/1062
https://gitlab.com/gnutls/gnutls/-/merge_requests/1308