Michael Schumacher created an issue:
First things first, I know about
- https://mail.gnome.org/archives/desktop-devel-list/2020-June/msg00000.html
- https://gitlab.com/gnutls/gnutls/-/issues/1008
and, as I use Debian Sid, also
which is a backport of the fix to gnutls 3.6.13 and supposed to fix the issue mentioned above, and it is installed on my system. My system is also fully up-to-date otherwise.
Nevertheless, the connection issue persists, and I still get the following:
12:34 -- irc: connecting to server irc.gimp.org/6697 (SSL)...
12:34 -- gnutls: connected using 2048-bit Diffie-Hellman shared secret exchange
12:34 -- gnutls: receiving 3 certificates
12:34 -- - certificate[1] info:
12:34 -- - subject `CN=irc.gnome.org,OU=PositiveSSL Multi-Domain,OU=Domain Control Validated', issuer `CN=Gandi Standard SSL CA 2,O=Gandi,L=Paris,ST=Paris,C=FR', serial 0x00890580a592bc67ea906766d386c32d4a, RSA key 4096 bits, signed using RSA-SHA256, activated `2018-11-14 00:00:00 UTC', expires `2020-12-30 23:59:59 UTC', pin-sha256="hRLegUBfHkJGiNA5XMVInHIcwwhsbUaoFwpakAOs74o="
12:34 -- - certificate[2] info:
12:34 -- - subject `CN=Gandi Standard SSL CA 2,O=Gandi,L=Paris,ST=Paris,C=FR', issuer `CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US', serial 0x05e4dc3b9438ab3b8597cba6a19850e3, RSA key 2048 bits, signed using RSA-SHA384, activated `2014-09-12 00:00:00 UTC', expires `2024-09-11 23:59:59 UTC', pin-sha256="WGJkyYjx1QMdMe0UqlyOKXtydPDVrk7sl2fV+nNm1r4="
12:34 -- - certificate[3] info:
12:34 -- - subject `CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US', issuer `CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE', serial 0x13ea28705bf4eced0c36630980614336, RSA key 4096 bits, signed using RSA-SHA384, activated `2000-05-30 10:48:38 UTC', expires `2020-05-30 10:48:38 UTC', pin-sha256="x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4="
12:34 =!= gnutls: certificate has expired
12:34 -- gnutls: peer's certificate is trusted
12:34 =!= irc: TLS handshake failed
12:34 =!= irc: error: Error in the certificate.
12:34 -- irc: reconnecting to server in 40 seconds
[...]
I went to the #weechat channel on Freenode and told the weechat developers about that issue, who then tried to connect to irc.gimp.org/6697, apparently got the same issue, but concluded that:
- this is something server ops should fix in their cert setup
- gnutls is bad
So it seem like they see no reason to do anything about this, but I have not gotten the whole discussion there, as my connection was pretty slow and unreliable at that time and got me many disconnects. Maybe the discussion will be different when actual server admins show up there instead of arbitrary users.