Thanks. For the record, my wget was from a Big Corporate network where I have no control over configuration. It's no problem for me to use --no-check-certificate, I'm just happy to hear the problem is not at the serving end.
David On Mon, Sep 26, 2022 at 3:38 PM Martin Dorey < martin.do...@hitachivantara.com> wrote: > > It's more probable that David has outdated certificate DB and/or > > outdated GnuTLS on his machine. > > Thanks once again to Microsoft for obeying Dorey's Law of Marketing with > "safelinks", I only belatedly see David's evidence included "--2022-09-26 > 09:12:58--" which rather says that his clock wasn't messed up, contra my > earlier suggestion. > > martind@sirius:~$ < /dev/null openssl s_client -connect alpha.gnu.org:https > > /dev/null > depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 > verify return:1 > depth=1 C = US, O = Let's Encrypt, CN = R3 > verify return:1 > depth=0 CN = ftp.gnu.org > verify return:1 > DONE > martind@sirius:~$ > > "ISRG Root X1" rings a bell. Ah yes, it's that old chestnut: > https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/, > which contains advice for David. I also found the work around from > https://www.mail-archive.com/debian-lts@lists.debian.org/msg09627.html > specifically: > > sudo rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt > > ... to be helpful. > > ------------------------------ > *From:* Bug-make <bug-make-bounces+martin.dorey=hds....@gnu.org> on > behalf of Eli Zaretskii <e...@gnu.org> > *Sent:* Monday, September 26, 2022 10:10 > *To:* psm...@gnu.org <psm...@gnu.org> > *Cc:* david.s.bo...@gmail.com <david.s.bo...@gmail.com>; bug-make@gnu.org > <bug-make@gnu.org> > *Subject:* Re: GNU make 4.3.90 release candidate available > > ***** EXTERNAL EMAIL ***** > > > From: Paul Smith <psm...@gnu.org> > > Cc: bug-make@gnu.org > > Date: Mon, 26 Sep 2022 12:31:34 -0400 > > > > On Mon, 2022-09-26 at 12:16 -0400, David Boyce wrote: > > > BTW wget complains about the certificate: > > > > > > $ wget > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Falpha.gnu.org%2Fgnu%2Fmake%2Fmake-4.3.90.tar.gz&data=05%7C01%7CMartin.Dorey%40hitachivantara.com%7Cedd8aca6f47745c3454608da9fee5eb7%7C18791e1761594f52a8d4de814ca8284a%7C0%7C0%7C637998146567397614%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=LhGTvaG7H%2FEhlZTyhWwdwar%2Bxy2DdFbd1mMcNM1dGXI%3D&reserved=0 > > > --2022-09-26 09:12:58-- > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Falpha.gnu.org%2Fgnu%2Fmake%2Fmake-4.3.90.tar.gz&data=05%7C01%7CMartin.Dorey%40hitachivantara.com%7Cedd8aca6f47745c3454608da9fee5eb7%7C18791e1761594f52a8d4de814ca8284a%7C0%7C0%7C637998146567397614%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=LhGTvaG7H%2FEhlZTyhWwdwar%2Bxy2DdFbd1mMcNM1dGXI%3D&reserved=0 > > > Resolving alpha.gnu.org (alpha.gnu.org)... 209.51.188.21, > 2001:470:142:3::c > > > Connecting to alpha.gnu.org (alpha.gnu.org)|209.51.188.21|:443... > connected. > > > ERROR: cannot verify alpha.gnu.org's certificate, issued by > '/C=US/O=Let\'s Encrypt/CN=R3': > > > Issued certificate has expired. > > > To connect to alpha.gnu.org insecurely, use `--no-check-certificate'. > > > > Oddly I don't get this warning. Maybe I have somehow asked wget to not > > check expirations? > > It's more probable that David has outdated certificate DB and/or > outdated GnuTLS on his machine. > >
