From owner-freebsd-questions@freebsd.org Wed Mar 27 09:04:13 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DF1A01549694 for ; Wed, 27 Mar 2019 09:04:12 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.netfence.it (net-2-44-121-52.cust.vodafonedsl.it [2.44.121.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mailserver.netfence.it", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B7C06CC67 for ; Wed, 27 Mar 2019 09:04:00 +0000 (UTC) (envelope-from ml@netfence.it) Received: from guardian.ventu (net-93-70-118-123.cust.vodafonedsl.it [93.70.118.123]) (authenticated bits=0) by soth.netfence.it (8.15.2/8.15.2) with ESMTPSA id x2R93R5R044229 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 27 Mar 2019 10:03:32 +0100 (CET) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.netfence.it: Host net-93-70-118-123.cust.vodafonedsl.it [93.70.118.123] claimed to be guardian.ventu Subject: Re: security/ca_root_nss missing Let's Encrypt X3 certificate To: Lorenzo Salvadore , FreeBSD Questions References: <20190326.195821.2023506369953085466.yasu@utahime.org> <2ed32cc3-ab80-7a0c-58c2-152bee067f7a@netfence.it> From: Andrea Venturoli Message-ID: <98e7fc73-6525-d7f8-e085-23843abe0167@netfence.it> Date: Wed, 27 Mar 2019 10:03:27 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.83 X-Rspamd-Queue-Id: 4B7C06CC67 X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [2.88 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; NEURAL_SPAM_SHORT(0.73)[0.731,0]; IP_SCORE(0.12)[ip: (0.38), ipnet: 2.44.0.0/16(0.19), asn: 30722(-0.05), country: IT(0.05)]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; DMARC_NA(0.00)[netfence.it]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.88)[0.883,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[mx.netfence.it,mx.netfence.it,mx.netfence.it,mx.netfence.it,mx.netfence.it,mx.netfence.it,mx.netfence.it,mx.netfence.it]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.26)[0.264,0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:30722, ipnet:2.44.0.0/16, country:IT]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[123.118.70.93.zen.spamhaus.org : 127.0.0.11] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Mar 2019 09:04:13 -0000 On 3/26/19 4:10 PM, Lorenzo Salvadore via freebsd-questions wrote: > I sometimes experienced similar strange behaviors with certificates. > I do not know very well how certificates work, but I think time is a factor > and if responses arrive too late the certificate is not correctly recognized > (please, be patient if I'm wrong, my knowledge on the topic is vague). > > I notice that we are both from Italy: I wonder if the problem is that our > connections sometimes are too slow to have certificates work correctly. I confirm I have a slow line (can't get anything better here unfortunately). However, AFAIK, a slow line can't cause certificate misvalidation (I waited some time before answering, hoping someone more expert than me did). bye & Thanks av.