http://bugzilla.opensuse.org/show_bug.cgi?id=1180646 Bug ID: 1180646 Summary: weechat gnutls fails to handshake with irc.freenode.net Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: screening-team-bugs@suse.de Reporter: maciek.borzecki@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I can no longer connect to irc.freenode.net:6697 using TLS. 2021-01-07 09:44:18 -- irc: connecting to server chat.freenode.net/6697 (SSL)... 2021-01-07 09:44:18 -- gnutls: connected using 2048-bit Diffie-Hellman shared secret exchange 2021-01-07 09:44:18 -- gnutls: receiving 2 certificates 2021-01-07 09:44:18 -- - certificate[1] info: 2021-01-07 09:44:18 -- - subject `CN=cherryh.freenode.net', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x036e974628cdb62f9573da5f2026d2d6f08d, RSA key 4096 bits, signed using RSA-SHA256, activated `2020-12-21 04:36:36 UTC', expires `2021-03-21 04:36:36 UTC', pin-sha256="L/oAJaKLkR6Xc+xTQ7hGlDy1bSKrBxhAe1XX5nEKhd8=" 2021-01-07 09:44:18 -- - certificate[2] info: 2021-01-07 09:44:18 -- - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x400175048314a4c8218c84a90c16cddf, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-10-07 19:21:40 UTC', expires `2021-09-29 19:21:40 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=" 2021-01-07 09:44:18 =!= gnutls: peer's certificate is NOT trusted 2021-01-07 09:44:18 =!= gnutls: peer's certificate issuer is unknown 2021-01-07 09:44:18 =!= irc: TLS handshake failed 2021-01-07 09:44:18 =!= irc: error: Error in the certificate. However, gnutls-cli verifies the host successfuly: maciek@sloop:~ gnutls-cli irc.freenode.net:6697 <<< 1 ��� Processed 414 CA certificate(s). Resolving 'irc.freenode.net:6697'... Connecting to '38.229.70.22:6697'... - Successfully sent 0 certificate(s) to server. - Server has requested a certificate. - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: - subject `CN=card.freenode.net', issuer `CN=R3,O=Let's Encrypt,C=US', serial 0x03032b92fa80b713489a422d961becbf9683, RSA key 4096 bits, signed using RSA-SHA256, activated `2020-12-21 05:48:33 UTC', expires `2021-03-21 05:48:33 UTC', pin-sha256="kK+ut4A5qoGqyxfORm/2KPeU2VoCvz5WGDdesWNtNVY=" Public Key ID: sha1:53120e4f66b512f3f82597b1e0f0384e60a0a58d sha256:90afaeb78039aa81aacb17ce466ff628f794d95a02bf3e5618375eb1636d3556 Public Key PIN: pin-sha256:kK+ut4A5qoGqyxfORm/2KPeU2VoCvz5WGDdesWNtNVY= - Certificate[1] info: - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x400175048314a4c8218c84a90c16cddf, RSA key 2048 bits, signed using RSA-SHA256, activated `2020-10-07 19:21:40 UTC', expires `2021-09-29 19:21:40 UTC', pin-sha256="jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=" - Status: The certificate is trusted. - Description: (TLS1.3-X.509)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM) - Options: - Handshake was completed - Simple Client Mode: :card.freenode.net NOTICE * :*** Looking up your hostname... :card.freenode.net NOTICE * :*** Checking Ident :card.freenode.net NOTICE * :*** No Ident response :card.freenode.net NOTICE * :*** Found your hostname Package versions: gnutls-3.6.15-2.1.x86_64 libgnutls30-32bit-3.6.15-2.1.x86_64 libgnutls30-3.6.15-2.1.x86_64 libgnutls-dane0-3.6.15-2.1.x86_64 weechat-3.0-1.2.x86_64 -- You are receiving this mail because: You are on the CC list for the bug.