I did some more checking, as per post
https://groups.google.com/g/linux.debia ... vpaQkxCM1Y
and got following errors related to SSL certificate for flathub
Code: Select all
jezekilj@jeza-laptop:~$ openssl s_client -showcerts -connect dl.flathub.org:443 </dev/null
CONNECTED(00000003)
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2024 Q1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = dl.flathub.org
verify return:1
---
Certificate chain
0 s:CN = dl.flathub.org
i:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2024 Q1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Mar 6 21:50:11 2024 GMT; NotAfter: Apr 7 21:50:10 2025 GMT
-----BEGIN CERTIFICATE-----
MIIGYDCCBUigAwIBAgIQASuIrMF/KJBDfFWkPp5okjANBgkqhkiG9w0BAQsFADBY
MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEuMCwGA1UE
AxMlR2xvYmFsU2lnbiBBdGxhcyBSMyBEViBUTFMgQ0EgMjAyNCBRMTAeFw0yNDAz
MDYyMTUwMTFaFw0yNTA0MDcyMTUwMTBaMBkxFzAVBgNVBAMMDmRsLmZsYXRodWIu
b3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4uZT73BnnRzbhk6
s6jG/SQkart0H10idB0yyaVxiHdRISsZCSCkZrtf4mKEaQVAgbGRNSafXWlmencm
BwVQvgyp5wfzfEvj18Ivy7ZigK034tx5DqOX+NzkSlCSbeBGgU5XZcJrD/Rsm74j
oNABL8y/NTaVcSp2DPSkUnEq9lmEGHxBHg5E77mjcCvsWBziLUXUyjgS5ghXwRxB
8C4VzupCIb9T41VtQyEX8IiWUEuTjZi3Lg9cC472plZKAmsez59IrsNIHwwvplqb
0jBj0mCYk1jLqJk1llM8dsvMGzCJPT9x5FC/pqZSfAfUv2eIyUfzA7y1y33sNa+a
TCrgDwIDAQABo4IDYzCCA18wGQYDVR0RBBIwEIIOZGwuZmxhdGh1Yi5vcmcwDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNV
HQ4EFgQUOUzQ9clkilw5QM2vf3AJc8rhhd4wVwYDVR0gBFAwTjAIBgZngQwBAgEw
QgYKKwYBBAGgMgoBAzA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxz
aWduLmNvbS9yZXBvc2l0b3J5LzAMBgNVHRMBAf8EAjAAMIGeBggrBgEFBQcBAQSB
kTCBjjBABggrBgEFBQcwAYY0aHR0cDovL29jc3AuZ2xvYmFsc2lnbi5jb20vY2Ev
Z3NhdGxhc3IzZHZ0bHNjYTIwMjRxMTBKBggrBgEFBQcwAoY+aHR0cDovL3NlY3Vy
ZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3NhdGxhc3IzZHZ0bHNjYTIwMjRxMS5j
cnQwHwYDVR0jBBgwFoAUZsDHo5rN/vPqzktTC2FerzMFs+EwSAYDVR0fBEEwPzA9
oDugOYY3aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9jYS9nc2F0bGFzcjNkdnRs
c2NhMjAyNHExLmNybDCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYATnWjJ1ya
EMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGOFb7UWgAABAMARzBFAiEAm0zC
wvg3sLDv6YoaygKEU1R5A9dVCEaOp3A4VIMANV8CIH9A8+YIOpuhCCzsAfYom+9V
kkignFfYn3V3LCWRT2jSAHcA5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6hzId/R43
jlAAAAGOFb7U8QAABAMASDBGAiEAvwLMw0CuA6qc9JwO5xvK2bGvuybG/PjHMvlZ
ZJtCtNICIQCvsqVjZ8LrhVxrvTE5fQINa7O6Jz/rZvzpBp0W9gPqDQB2AKLjCuRF
772tm3447Udnd1PXgluElNcrXhssxLlQpEfnAAABjhW+1VEAAAQDAEcwRQIhAIQ9
/dPRG9mbMJ702B9zYXNDXccAhlxnRcB/DqiVzRcdAiBhr5q2zpGcFAYy1MKIlV4+
atHUFfAgCdqWbba5ZWoPazANBgkqhkiG9w0BAQsFAAOCAQEARvkmmwUXzO3nQ3qF
v2zcsZjncsMRR5ZAf3xbL56swPnA0Qs3ZJ7K4aTfm7prsCUi2oAGcEaA4G4Xr+ci
nplQd11DUf1YsV/JEdOozZkWW4GsO6EHS3axSXLnzckF08DcvXb1R3TuHLjZ5J8a
ZXUosjwTlCq5RwD85OzgrgtMpWPdN0mnuKRgtI2Wf+s1QPLVcdQdE2t1uFYFT/8t
+QK6BlbY8v3duCdSgixZnRwCU/f2lNcaa02ae3ONNwc0TtYBvqEbXeW9MumsCqGb
PfUpE0gBog9qaLILJCoQNmS/pDoi/o+PwLQuqn6uF1X1oVu4j9fsdOedB8UNDDYX
9ngqUA==
-----END CERTIFICATE-----
1 s:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2024 Q1
i:OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Oct 18 04:09:32 2023 GMT; NotAfter: Oct 18 00:00:00 2025 GMT
-----BEGIN CERTIFICATE-----
MIIEjzCCA3egAwIBAgIQf7ag6lXijARMlS6V1jSfXDANBgkqhkiG9w0BAQsFADBM
MSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xv
YmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0yMzEwMTgwNDA5MzJaFw0y
NTEwMTgwMDAwMDBaMFgxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWdu
IG52LXNhMS4wLAYDVQQDEyVHbG9iYWxTaWduIEF0bGFzIFIzIERWIFRMUyBDQSAy
MDI0IFExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEaiVBcFLmhw
Cb+9eZUNyxuo3ddf1qAqoS9HRUp6bHv50DrPPENoni9Ix4JVu0OUJRv08POUqwGG
+UJrt0V9/UMxb90o2IRIDK/QuNurr36GObMYW+K8bNMG0RKGIlyKVqZMqFaBPjjG
mWZEPslwWDj8qbtywoO2TMnMppxNOymms6M0lilQnBK1yaYiXRjQjO8EwkOM95iK
lXx0axJHUZS5nPkEvrqpyjgiskDK2ETb4xpmE2RAQXAXxM3Fpnn9kxMi1at8AhsW
xCM/pNucU6rb4uqibp9KbbAdhDyd+sI6vPZDS+RtOmv+bTdaAPUDeDc4AV7/N0dO
VMggCp4gDwIDAQABo4IBXzCCAVswDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQW
BBRmwMejms3+8+rOS1MLYV6vMwWz4TAfBgNVHSMEGDAWgBSP8Et/qC5FJK5NUPpj
move4t0bvDB7BggrBgEFBQcBAQRvMG0wLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3Nw
Mi5nbG9iYWxzaWduLmNvbS9yb290cjMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9zZWN1
cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L3Jvb3QtcjMuY3J0MDYGA1UdHwQvMC0w
K6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vcm9vdC1yMy5jcmwwIQYD
VR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAGgMgoBAzANBgkqhkiG9w0BAQsFAAOC
AQEAHVoRr5g39Y/9HMV8B8Vp/gC4sq+jTIaIJwpIPRc0DncvjxJwDUcrhKSMC+Lx
ZP0HxCcef+7iXQwzM/RW4DP0Ao6+vhl1iLfFxdB7atqm3pPAxsiMvvPklqzlmw2e
nCfjta5jA5fqiSii8TXJ8WeG1QxEizqNsq7C+7y9OYlyGXdAYAA4u8Hb4gu559za
OwX8vZTCmjG3u4wrp2/1QTM4qrzWT9ckRtoEBzGImh+q5J3CnjBPX90q2X2KqRP+
xiPsF1tCGmrc7AnYpi+qy65PGhVoIO7Ev9zI7Ucl68I/3rmqBahLR/KB1isYCs0c
57XG+pMmZ14Kr4WCLuEfXEM8sQ==
-----END CERTIFICATE-----
---
Server certificate
subject=CN = dl.flathub.org
issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2024 Q1
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3356 bytes and written 384 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_128_GCM_SHA256
Session-ID: 16AAA38B93FE2C9243CB185914DB3C7F7F232CC26F65E3EBA0D8EFB494D9B309
Session-ID-ctx:
Resumption PSK: 7D23D037B20D1D6E898B39E6DE9C8EC67805731E5C2A2AF066DDF625F60501FF
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 3600 (seconds)
TLS session ticket:
0000 - 7e 41 75 61 51 86 f5 12-e8 25 68 ae 46 a9 74 5d ~AuaQ....%h.F.t]
0010 - 36 7b 12 ce a1 4a 08 09-15 44 60 cd 38 ec 22 69 6{...J...D`.8."i
0020 - 95 58 b8 a0 47 e5 4d 59-75 c9 d7 98 06 91 30 9d .X..G.MYu.....0.
0030 - 02 cf 86 fc 7a b4 08 2c-4f 00 b7 74 dd 19 4b 52 ....z..,O..t..KR
0040 - a7 33 43 55 e0 e9 8c 7e-b3 12 c5 4a 4f 0c ac b1 .3CU...~...JO...
0050 - 74 09 8f 58 ac 00 4e 41-4a 61 28 2b 1f 47 3d 09 t..X..NAJa(+.G=.
0060 - 8b 07 2c 83 b0 d6 b7 10-e2 28 ee 6f 3b 00 ea e0 ..,......(.o;...
0070 - 58 37 47 fc 42 d5 51 fa-07 e2 f5 24 b8 69 5d bf X7G.B.Q....$.i].
0080 - bc ec 2b 4e 02 6a bf 9b-b9 7b 7f 0c a5 d0 1b 01 ..+N.j...{......
0090 - ef 48 5f 8b 13 4a 10 3a-1f 92 aa 18 1e fd a9 68 .H_..J.:.......h
Start Time: 1710667768
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: no
Max Early Data: 8192
---
read R BLOCK
DONE
Code: Select all
jezekilj@jeza-laptop:~$ openssl s_client -showcerts -connect flathub.org:443 </dev/null
CONNECTED(00000003)
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2024 Q1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = flathub.org
verify return:1
---
Certificate chain
0 s:CN = flathub.org
i:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2024 Q1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Mar 2 14:20:12 2024 GMT; NotAfter: Apr 3 14:20:11 2025 GMT
-----BEGIN CERTIFICATE-----
MIIGWTCCBUGgAwIBAgIQARl1AuPnjLV/SsbxlnvjKDANBgkqhkiG9w0BAQsFADBY
MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEuMCwGA1UE
AxMlR2xvYmFsU2lnbiBBdGxhcyBSMyBEViBUTFMgQ0EgMjAyNCBRMTAeFw0yNDAz
MDIxNDIwMTJaFw0yNTA0MDMxNDIwMTFaMBYxFDASBgNVBAMMC2ZsYXRodWIub3Jn
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4uZT73BnnRzbhk6s6jG
/SQkart0H10idB0yyaVxiHdRISsZCSCkZrtf4mKEaQVAgbGRNSafXWlmencmBwVQ
vgyp5wfzfEvj18Ivy7ZigK034tx5DqOX+NzkSlCSbeBGgU5XZcJrD/Rsm74joNAB
L8y/NTaVcSp2DPSkUnEq9lmEGHxBHg5E77mjcCvsWBziLUXUyjgS5ghXwRxB8C4V
zupCIb9T41VtQyEX8IiWUEuTjZi3Lg9cC472plZKAmsez59IrsNIHwwvplqb0jBj
0mCYk1jLqJk1llM8dsvMGzCJPT9x5FC/pqZSfAfUv2eIyUfzA7y1y33sNa+aTCrg
DwIDAQABo4IDXzCCA1swFgYDVR0RBA8wDYILZmxhdGh1Yi5vcmcwDgYDVR0PAQH/
BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU
OUzQ9clkilw5QM2vf3AJc8rhhd4wVwYDVR0gBFAwTjAIBgZngQwBAgEwQgYKKwYB
BAGgMgoBAzA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNv
bS9yZXBvc2l0b3J5LzAMBgNVHRMBAf8EAjAAMIGeBggrBgEFBQcBAQSBkTCBjjBA
BggrBgEFBQcwAYY0aHR0cDovL29jc3AuZ2xvYmFsc2lnbi5jb20vY2EvZ3NhdGxh
c3IzZHZ0bHNjYTIwMjRxMTBKBggrBgEFBQcwAoY+aHR0cDovL3NlY3VyZS5nbG9i
YWxzaWduLmNvbS9jYWNlcnQvZ3NhdGxhc3IzZHZ0bHNjYTIwMjRxMS5jcnQwHwYD
VR0jBBgwFoAUZsDHo5rN/vPqzktTC2FerzMFs+EwSAYDVR0fBEEwPzA9oDugOYY3
aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9jYS9nc2F0bGFzcjNkdnRsc2NhMjAy
NHExLmNybDCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHYAzxFW7tUufK/zh1vZ
aS6b6RpxZ0qwF+ysAdJbd87MOwgAAAGN/4lsOwAABAMARzBFAiA6H4ojsnTDI72j
090STXdfVzdzqL/CH7qH01zO+uc7VAIhAPdzBNTJMOqK049MEvkT/VDe35BYpqlB
kHzI/KG6RHeMAHYAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGN
/4ls3AAABAMARzBFAiB7Z+tba4xZNLNdKn+fKgZpRQ6zSBsk8e09MC79hhd6QAIh
AOD0PMchympa81627o80Bv63XoHA/dtKE6dt0eReTxmCAHYAouMK5EXvva2bfjjt
R2d3U9eCW4SU1yteGyzEuVCkR+cAAAGN/4luCQAABAMARzBFAiAaKzUNYxmzOCsn
8rIlGcYIXv1mf0rt8bluCAuHZfVzBAIhAJFp/KYFHwXDIPhJbR9SDS62aFdck4tS
EUba1GHqRYb1MA0GCSqGSIb3DQEBCwUAA4IBAQCT+cR/EFpq3mOFZCRBVWMNuCS3
fb4dhkpe5S/ZfgZ7CBdD87CayhRa27Q79QOYg2rTF2q2poiULZ5GTC6pj3Uiyq50
ht6x/dKJ8jwBCdU44Oo7MT9DiYk+53LElQCNsBa9LWcYZ5GqITftSuUmobErlQfZ
piLmtgOhkq/7EgX/hZ0iXhgVb8kIduo0k1TkIQQn52gJvLKXxAc2hWLTTZbyvntK
6FkCNKYvjLazQLWRW1IA3ASM/bx2KiSqLR/Q2fOLF3n8p4b1iFKuGt9tXJxAfixj
rUyxj42o0BwcuP2GGrbZn99sgV6+OdmBUP9SVUiO0c+c7fPi5klCWZZnwrnq
-----END CERTIFICATE-----
1 s:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2024 Q1
i:OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Oct 18 04:09:32 2023 GMT; NotAfter: Oct 18 00:00:00 2025 GMT
-----BEGIN CERTIFICATE-----
MIIEjzCCA3egAwIBAgIQf7ag6lXijARMlS6V1jSfXDANBgkqhkiG9w0BAQsFADBM
MSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xv
YmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0yMzEwMTgwNDA5MzJaFw0y
NTEwMTgwMDAwMDBaMFgxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWdu
IG52LXNhMS4wLAYDVQQDEyVHbG9iYWxTaWduIEF0bGFzIFIzIERWIFRMUyBDQSAy
MDI0IFExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEaiVBcFLmhw
Cb+9eZUNyxuo3ddf1qAqoS9HRUp6bHv50DrPPENoni9Ix4JVu0OUJRv08POUqwGG
+UJrt0V9/UMxb90o2IRIDK/QuNurr36GObMYW+K8bNMG0RKGIlyKVqZMqFaBPjjG
mWZEPslwWDj8qbtywoO2TMnMppxNOymms6M0lilQnBK1yaYiXRjQjO8EwkOM95iK
lXx0axJHUZS5nPkEvrqpyjgiskDK2ETb4xpmE2RAQXAXxM3Fpnn9kxMi1at8AhsW
xCM/pNucU6rb4uqibp9KbbAdhDyd+sI6vPZDS+RtOmv+bTdaAPUDeDc4AV7/N0dO
VMggCp4gDwIDAQABo4IBXzCCAVswDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQW
BBRmwMejms3+8+rOS1MLYV6vMwWz4TAfBgNVHSMEGDAWgBSP8Et/qC5FJK5NUPpj
move4t0bvDB7BggrBgEFBQcBAQRvMG0wLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3Nw
Mi5nbG9iYWxzaWduLmNvbS9yb290cjMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9zZWN1
cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L3Jvb3QtcjMuY3J0MDYGA1UdHwQvMC0w
K6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vcm9vdC1yMy5jcmwwIQYD
VR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAGgMgoBAzANBgkqhkiG9w0BAQsFAAOC
AQEAHVoRr5g39Y/9HMV8B8Vp/gC4sq+jTIaIJwpIPRc0DncvjxJwDUcrhKSMC+Lx
ZP0HxCcef+7iXQwzM/RW4DP0Ao6+vhl1iLfFxdB7atqm3pPAxsiMvvPklqzlmw2e
nCfjta5jA5fqiSii8TXJ8WeG1QxEizqNsq7C+7y9OYlyGXdAYAA4u8Hb4gu559za
OwX8vZTCmjG3u4wrp2/1QTM4qrzWT9ckRtoEBzGImh+q5J3CnjBPX90q2X2KqRP+
xiPsF1tCGmrc7AnYpi+qy65PGhVoIO7Ev9zI7Ucl68I/3rmqBahLR/KB1isYCs0c
57XG+pMmZ14Kr4WCLuEfXEM8sQ==
-----END CERTIFICATE-----
---
Server certificate
subject=CN = flathub.org
issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2024 Q1
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3349 bytes and written 381 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_128_GCM_SHA256
Session-ID: CF9D3E5E60F28BEA8870C7D45A8D36C58A43DDC05B970AFBDFC812521A75D2F8
Session-ID-ctx:
Resumption PSK: 294300B0A2BD93211B2D76AD700D7910C634E4CE1938DF02787855DEDA530DBD
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 3600 (seconds)
TLS session ticket:
0000 - 7e 41 75 61 51 86 f5 12-e8 25 68 ae 46 a9 74 5d ~AuaQ....%h.F.t]
0010 - b7 45 4c 42 72 22 0c 2f-9e cb 93 b5 c2 1f 83 21 .ELBr"./.......!
0020 - a5 83 63 8f 99 58 5d a7-c4 7f 30 7f 3b a0 ad ff ..c..X]...0.;...
0030 - fc 4b 73 3e c7 0e b4 9c-5a 6f 6e f7 3f fe bf 0b .Ks>....Zon.?...
0040 - f5 f0 ae 87 4e 96 a8 72-04 a7 5c 9d 47 dc 4c 6f ....N..r..\.G.Lo
0050 - 17 23 f2 ca 7b 76 86 27-c1 f1 16 d9 37 8f 7a b7 .#..{v.'....7.z.
0060 - 05 c3 e1 78 b6 d0 72 14-9c 3b f3 52 ee 0a 5c d9 ...x..r..;.R..\.
0070 - 96 00 8b 18 48 04 b3 54-9a c7 ab 6b 0c 34 4e 45 ....H..T...k.4NE
0080 - 24 bc ab 82 f9 a8 64 0c-79 0d 5f 99 af 6a ec ca $.....d.y._..j..
0090 - 76 92 1b 5e 33 6b 5b ab-a5 2f da d9 39 c7 22 51 v..^3k[../..9."Q
Start Time: 1710667717
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: no
Max Early Data: 8192
---
read R BLOCK
DONE
Code: Select all
jezekilj@jeza-laptop:~$ gnutls-cli -p443 flathub.org </dev/null
Processed 130 CA certificate(s).
Resolving 'flathub.org:443'...
Connecting to '199.232.57.91:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `CN=flathub.org', issuer `CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1,O=GlobalSign nv-sa,C=BE', serial 0x01197502e3e78cb57f4ac6f1967be328, RSA key 2048 bits, signed using RSA-SHA256, activated `2024-03-02 14:20:12 UTC', expires `2025-04-03 14:20:11 UTC', pin-sha256="sRmRCpGgbI2v2bnlN/391m0j+f+E7bfEG2QKlPMhCxw="
Public Key ID:
sha1:9438fbbc6d8d959d37631f4e0a25786a47a6d917
sha256:b119910a91a06c8dafd9b9e537fdfdd66d23f9ff84edb7c41b640a94f3210b1c
Public Key PIN:
pin-sha256:sRmRCpGgbI2v2bnlN/391m0j+f+E7bfEG2QKlPMhCxw=
- Certificate[1] info:
- subject `CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1,O=GlobalSign nv-sa,C=BE', issuer `CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3', serial 0x7fb6a0ea55e28c044c952e95d6349f5c, RSA key 2048 bits, signed using RSA-SHA256, activated `2023-10-18 04:09:32 UTC', expires `2025-10-18 00:00:00 UTC', pin-sha256="sIyusJrUkgaV+NuUk41j/lNmX1HYRzOm0UglcO11Dok="
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
Code: Select all
jezekilj@jeza-laptop:~$ gnutls-cli -p443 dl.flathub.org </dev/null
Processed 130 CA certificate(s).
Resolving 'dl.flathub.org:443'...
Connecting to '146.75.117.91:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `CN=dl.flathub.org', issuer `CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1,O=GlobalSign nv-sa,C=BE', serial 0x012b88acc17f2890437c55a43e9e6892, RSA key 2048 bits, signed using RSA-SHA256, activated `2024-03-06 21:50:11 UTC', expires `2025-04-07 21:50:10 UTC', pin-sha256="sRmRCpGgbI2v2bnlN/391m0j+f+E7bfEG2QKlPMhCxw="
Public Key ID:
sha1:9438fbbc6d8d959d37631f4e0a25786a47a6d917
sha256:b119910a91a06c8dafd9b9e537fdfdd66d23f9ff84edb7c41b640a94f3210b1c
Public Key PIN:
pin-sha256:sRmRCpGgbI2v2bnlN/391m0j+f+E7bfEG2QKlPMhCxw=
- Certificate[1] info:
- subject `CN=GlobalSign Atlas R3 DV TLS CA 2024 Q1,O=GlobalSign nv-sa,C=BE', issuer `CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3', serial 0x7fb6a0ea55e28c044c952e95d6349f5c, RSA key 2048 bits, signed using RSA-SHA256, activated `2023-10-18 04:09:32 UTC', expires `2025-10-18 00:00:00 UTC', pin-sha256="sIyusJrUkgaV+NuUk41j/lNmX1HYRzOm0UglcO11Dok="
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
For last to checks I had to install
However in my case nothing was wrong with system clock. Starts to seem like Debian created huge problems for flatpak users.