<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Thanks for doing all this legwork!<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 03/25/2018 05:07 PM, Neil Katin via
      chirp_devel wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:0d50850d-ec00-36da-5a26-951f51aea3c1@askneil.com">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <p>I replicated your issue on a Fedora 26 VM.</p>
      <p>TL:DR: trac.chirp.danplanet.com (and chirp.danplanet.com) are
        misconfigured.</p>
      <p><a moz-do-not-send="true"
href="https://community.letsencrypt.org/t/curl-refuses-to-accept-my-cert-saying-the-certificate-issuer-is-not-recognized/40917">Others
          have had this issue</a>.  The underlying problem: the
        certificate chain is incomplete on the web server.</p>
      <p>Easy way to test: <a moz-do-not-send="true"
href="https://www.ssllabs.com/ssltest/analyze.html?d=trac.chirp.danplanet.com">use
          ssllabs analyze page</a>.</p>
      <p>Why does accessing trac.chirp.danplanet.com from a browser
        work?  The browser cached the missing validation chain.</p>
      <p>I submitted <a moz-do-not-send="true"
          href="https://chirp.danplanet.com/issues/5663">ticket 5663</a>
        for the problem.</p>
      <p>Neil Katin<br>
      </p>
      <br>
      <div class="moz-cite-prefix">On 2018-03-25 13:35, Nolan Darilek
        via chirp_devel wrote:<br>
      </div>
      <blockquote type="cite"
        cite="mid:b2368a0a-2d46-edec-4409-87e6b70b8338@thewordnerd.info">
        <pre wrap="">I'm working on creating a Chirp flatpak. flatpak-builder creates
packages by downloading and installing modules independently. So, for
instance, the Chirp flatpak consists of builds of the pygobject module,
pyserial, pygtk, pycairo, and ultimately Chirp.


When the flatpak manifest attempts to download, say,
<a class="moz-txt-link-freetext" href="https://trac.chirp.danplanet.com/chirp_daily/daily-20180324/chirp-daily-20180324.tar.gz" moz-do-not-send="true">https://trac.chirp.danplanet.com/chirp_daily/daily-20180324/chirp-daily-20180324.tar.gz</a>,
the SSL cert is rejected as invalid. This happens for flatpak-builder,
curl, and wget on Fedora 27. Firefox works just fine.


Thoughts on what might be happening here? The obvious answer is that the
non-Firefox programs are using the system's certificate store, and the
cert for trac.chirp.danplanet.com doesn't validate against that for some
reason. I don't know enough about TLS or the cert for
trac.chirp.danplanet.com to know why that might be, though.


For the moment I'm uploading whatever daily build I'm including in the
flatpak to my own server whose cert *does* validate, but that adds an
additional step that makes automation more difficult. I'd really like to
debug why I can't download these files in F27 without disabling
certificate validation, which I can't with flatpak-builder in any case.
Thoughts?


_______________________________________________
chirp_devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:chirp_devel@intrepid.danplanet.com" moz-do-not-send="true">chirp_devel@intrepid.danplanet.com</a>
<a class="moz-txt-link-freetext" href="http://intrepid.danplanet.com/mailman/listinfo/chirp_devel" moz-do-not-send="true">http://intrepid.danplanet.com/mailman/listinfo/chirp_devel</a>
Developer docs: <a class="moz-txt-link-freetext" href="http://chirp.danplanet.com/projects/chirp/wiki/Developers" moz-do-not-send="true">http://chirp.danplanet.com/projects/chirp/wiki/Developers</a>
</pre>
      </blockquote>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
chirp_devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:chirp_devel@intrepid.danplanet.com">chirp_devel@intrepid.danplanet.com</a>
<a class="moz-txt-link-freetext" href="http://intrepid.danplanet.com/mailman/listinfo/chirp_devel">http://intrepid.danplanet.com/mailman/listinfo/chirp_devel</a>
Developer docs: <a class="moz-txt-link-freetext" href="http://chirp.danplanet.com/projects/chirp/wiki/Developers">http://chirp.danplanet.com/projects/chirp/wiki/Developers</a></pre>
    </blockquote>
    <br>
  </body>
</html>