Closed SmartLayer closed 4 years ago
@colourful-land I can reproduce James' curl output. It seems to download correctly when I try it with Safari.
OpenSSL is able to identify a broken link in the certificate chain in the last certificate (3 of 3).
$ openssl s_client -showcerts -connect repo.tokenscript.org:443
CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = repo.tokenscript.org
verify return:1
---
Certificate chain
0 s:OU = Domain Control Validated, OU = PositiveSSL, CN = repo.tokenscript.org
i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
-----BEGIN CERTIFICATE-----
MIIGCzCCBPOgAwIBAgIQXOyEuTWFhC+ylyxayT37PDANBgkqhkiG9w0BAQsFADCB
jzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQD
Ey5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB
MB4XDTE5MDgyNTAwMDAwMFoXDTIwMDgyNDIzNTk1OVowWDEhMB8GA1UECxMYRG9t
YWluIENvbnRyb2wgVmFsaWRhdGVkMRQwEgYDVQQLEwtQb3NpdGl2ZVNTTDEdMBsG
A1UEAxMUcmVwby50b2tlbnNjcmlwdC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCmW9A4QhZEWs1T4Ia74MtOTi/VogH5CJ5d12CJfRmtb3n0lMJv
FtreE1XstLvef4liBcbf/+kI+Q/IJhUxZYiuIQQJlbawOVZc0ClGFo8Rj9zbftTS
ifN5ceYs4azqPlEGC0CSoT1aHKw2/qvNFfvrOZRGQTLSVRHFILt0i7/P04dd0yc0
o+mMMYy+YSQYPlTJE8Jfh73vXAnoe6+oHL4dWMYoRaEJYsp2uqF03wTKGpeNo2hi
UdMfuCNi0i/EQGMTz5aTDVon6H8WalzikGpiiSyxl6+ZyJVMM6C0AbAT+ybqx15k
ffDnxcJXPqhwTFR84dCU8MghNCUWqSZYHYZBAgMBAAGjggKXMIICkzAfBgNVHSME
GDAWgBSNjF7EVK2K4Xfpm/mbBeG4AY1h4TAdBgNVHQ4EFgQUw4LsNIn6TlqttL3D
/1r3g2FyrKMwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcw
JTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIB
MIGEBggrBgEFBQcBAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGln
by5jb20vU2VjdGlnb1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5j
cnQwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMDkGA1UdEQQy
MDCCFHJlcG8udG9rZW5zY3JpcHQub3Jnghh3d3cucmVwby50b2tlbnNjcmlwdC5v
cmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgCyHgXMi6LNiiBOh2b5K7mKJSBn
a9r6cOeySVMt74uQXgAAAWzIpZ4JAAAEAwBHMEUCIQCmrSwad9fFBX0sH8VdAcZR
um1MzFw5I8UODkAyN+il0AIgDgLb+/SiHVpJ7ytjkqWtWcGnjvE+r0i9j9u4J4Uk
g4QAdwBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAAAWzIpZ4mAAAE
AwBIMEYCIQD2KKxGIaVxkISxMvEndIQ7+P/Q3iYl7o7pGz87Sgdh7AIhALEkTgh4
gi6+bUa6YcoNTpTeTnQuXuRsDLhzldQgQTPvMA0GCSqGSIb3DQEBCwUAA4IBAQAj
Xp0kmhmm0oU+ut37wv4oxodsapqRLJCgkHRGwEv2ueFmO5JcRvHgGSafP7clPXMM
oHVK/m4z+Ogt7OKmQ2clDtxELoyGuSsnFvD9qdHrrB0zMPQe3tTly6W9FaWLufNX
gXdEQziKYrKsa/1wv2VINaHcEDmxhDh3mR5VYGsswoCznYOnaBm9f4VZcd34CMae
s1RteU+hNYwAN4AXwdwbHnh7KmXxpFpmdsmDRzuWWabR/0oVUiO7SDcU1/G2u8d+
LcuvJWK1kj//rISgCqntc8w+2GldnqHee76kvYmhZPOnfLArZpC/Bm+YZqtwB5uW
DlGIcu84gcM3D9Fwzsoj
-----END CERTIFICATE-----
1 s:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
-----BEGIN CERTIFICATE-----
MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx
MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE
ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g
VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N
TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj
eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E
oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk
Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY
uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j
BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb
+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw
CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr
BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv
bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov
L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H
ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH
7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi
H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx
RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv
xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38
sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL
l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq
6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY
LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5
yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K
00u/I5sUKUErmgQfky3xxzlIPK1aEn8=
-----END CERTIFICATE-----
2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt
UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf
jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM
8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm
AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV
Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9
N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF
qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9
HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ
+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv
A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/
BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4
dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0
dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD
lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn
RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ
YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8
Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf
Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p
0fKtirOMxyHNwu8=
-----END CERTIFICATE-----
---
Server certificate
subject=OU = Domain Control Validated, OU = PositiveSSL, CN = repo.tokenscript.org
issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5083 bytes and written 392 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: FA5B947479DFF524C9893DA55E80E4C25A9DE37A14D0E9D2DBAE407EE2488D80
Session-ID-ctx:
Resumption PSK: 8D4B21B6ED9CCA5FCDEA8A0E7BC824C89D240FD40BE2E638DB3B918C083160FBF0A44E427CECEE6E2117F2A32D8FE965
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 61 5a 4b 3a ba d2 2e 89-3c 93 10 a2 73 7e 23 d5 aZK:....<...s~#.
0010 - ec 8d 9a 5b 03 86 85 2b-b0 38 f0 90 5f 40 75 e4 ...[...+.8.._@u.
Start Time: 1590991981
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 6D3CFDC878D05C6851E72A109C8E5D0D8855AB59EE163A61E70F85497C31AFC8
Session-ID-ctx:
Resumption PSK: 1C7D9A70532D7D6EBEA59AA80D66F6F21264A62F72DBDD92943FD16D3311672E52700D279B03E8C3CA48AF809FDB8773
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 1b 0d cd 25 48 a4 ed a9-bd 6c 18 9f 0f b2 3f 91 ...%H....l....?.
0010 - c0 35 7c 77 de ac 21 3e-9d a8 6a cd d4 e5 e1 2c .5|w..!>..j....,
Start Time: 1590991981
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
Validity issue:
$ openssl x509 -inform pem -noout -text
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt
UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf
jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM
8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm
AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV
Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9
N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF
qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9
HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ
+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv
A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/
BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4
dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0
dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD
lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn
RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ
YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8
Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf
Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p
0fKtirOMxyHNwu8=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Signature Algorithm: sha384WithRSAEncryption
Issuer: C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
Validity
Not Before: May 30 10:48:38 2000 GMT
Not After : May 30 10:48:38 2020 GMT
Subject: C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:80:12:65:17:36:0e:c3:db:08:b3:d0:ac:57:0d:
76:ed:cd:27:d3:4c:ad:50:83:61:e2:aa:20:4d:09:
2d:64:09:dc:ce:89:9f:cc:3d:a9:ec:f6:cf:c1:dc:
f1:d3:b1:d6:7b:37:28:11:2b:47:da:39:c6:bc:3a:
19:b4:5f:a6:bd:7d:9d:a3:63:42:b6:76:f2:a9:3b:
2b:91:f8:e2:6f:d0:ec:16:20:90:09:3e:e2:e8:74:
c9:18:b4:91:d4:62:64:db:7f:a3:06:f1:88:18:6a:
90:22:3c:bc:fe:13:f0:87:14:7b:f6:e4:1f:8e:d4:
e4:51:c6:11:67:46:08:51:cb:86:14:54:3f:bc:33:
fe:7e:6c:9c:ff:16:9d:18:bd:51:8e:35:a6:a7:66:
c8:72:67:db:21:66:b1:d4:9b:78:03:c0:50:3a:e8:
cc:f0:dc:bc:9e:4c:fe:af:05:96:35:1f:57:5a:b7:
ff:ce:f9:3d:b7:2c:b6:f6:54:dd:c8:e7:12:3a:4d:
ae:4c:8a:b7:5c:9a:b4:b7:20:3d:ca:7f:22:34:ae:
7e:3b:68:66:01:44:e7:01:4e:46:53:9b:33:60:f7:
94:be:53:37:90:73:43:f3:32:c3:53:ef:db:aa:fe:
74:4e:69:c7:6b:8c:60:93:de:c4:c7:0c:df:e1:32:
ae:cc:93:3b:51:78:95:67:8b:ee:3d:56:fe:0c:d0:
69:0f:1b:0f:f3:25:26:6b:33:6d:f7:6e:47:fa:73:
43:e5:7e:0e:a5:66:b1:29:7c:32:84:63:55:89:c4:
0d:c1:93:54:30:19:13:ac:d3:7d:37:a7:eb:5d:3a:
6c:35:5c:db:41:d7:12:da:a9:49:0b:df:d8:80:8a:
09:93:62:8e:b5:66:cf:25:88:cd:84:b8:b1:3f:a4:
39:0f:d9:02:9e:eb:12:4c:95:7c:f3:6b:05:a9:5e:
16:83:cc:b8:67:e2:e8:13:9d:cc:5b:82:d3:4c:b3:
ed:5b:ff:de:e5:73:ac:23:3b:2d:00:bf:35:55:74:
09:49:d8:49:58:1a:7f:92:36:e6:51:92:0e:f3:26:
7d:1c:4d:17:bc:c9:ec:43:26:d0:bf:41:5f:40:a9:
44:44:f4:99:e7:57:87:9e:50:1f:57:54:a8:3e:fd:
74:63:2f:b1:50:65:09:e6:58:42:2e:43:1a:4c:b4:
f0:25:47:59:fa:04:1e:93:d4:26:46:4a:50:81:b2:
de:be:78:b7:fc:67:15:e1:c9:57:84:1e:0f:63:d6:
e9:62:ba:d6:5f:55:2e:ea:5c:c6:28:08:04:25:39:
b8:0e:2b:a9:f2:4c:97:1c:07:3f:0d:52:f5:ed:ef:
2f:82:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
X509v3 Subject Key Identifier:
53:79:BF:5A:AA:2B:4A:CF:54:80:E1:D8:9B:C0:9D:F2:B2:03:66:CB
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Certificate Policies:
Policy: X509v3 Any Policy
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.usertrust.com/AddTrustExternalCARoot.crl
Authority Information Access:
OCSP - URI:http://ocsp.usertrust.com
Signature Algorithm: sha384WithRSAEncryption
93:65:f6:37:83:95:0f:5e:c3:82:1c:1f:d6:77:e7:3c:8a:c0:
aa:09:f0:e9:0b:26:f1:e0:c2:6a:75:a1:c7:79:c9:b9:52:60:
c8:29:12:0e:f0:ad:03:d6:09:c4:76:df:e5:a6:81:95:a7:46:
da:82:57:a9:95:92:c5:b6:8f:03:22:6c:33:77:c1:7b:32:17:
6e:07:ce:5a:14:41:3a:05:24:1b:f6:14:06:3b:a8:25:24:0e:
bb:cc:2a:75:dd:b9:70:41:3f:7c:d0:63:36:21:07:1f:46:ff:
60:a4:91:e1:67:bc:de:1f:7e:19:14:c9:63:67:91:ea:67:07:
6b:b4:8f:8b:c0:6e:43:7d:c3:a1:80:6c:b2:1e:bc:53:85:7d:
dc:90:a1:a4:bc:2d:ef:46:72:57:35:05:bf:bb:46:bb:6e:6d:
37:99:b6:ff:23:92:91:c6:6e:40:f8:8f:29:56:ea:5f:d5:5f:
14:53:ac:f0:4f:61:ea:f7:22:cc:a7:56:0b:e2:b8:34:1f:26:
d9:7b:19:05:68:3f:ba:3c:d4:38:06:a2:d3:e6:8f:0e:e3:b4:
71:6d:40:42:c5:84:b4:40:95:2b:f4:65:a0:48:79:f6:1d:81:
63:96:9d:4f:75:e0:f8:7c:e4:8e:a9:d1:f2:ad:8a:b3:8c:c7:
21:cd:c2:ef
@colourful-land works for me now:
$ curl https://repo.tokenscript.org/2020/06/0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 > /dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 119k 100 119k 0 0 58458 0 0:00:02 0:00:02 --:--:-- 58458
Solved by reissuing the SSL cert.
@colourful-land also fixed on my side. Cheers
@colourful-land also fixed on my side. Cheers
Just to let you know, the root cause of the problem is the root certificate expiry, exactly as you proposed. However, root certificate expiry shouldn't affect the downstream certificate, and curl on your oxs misreported the issue. (I am using a newer version of curl on my box) I reïssued anyway because if curl falters, who knows how many other libraries (android/ios) might falter.
who knows how many other libraries (android/ios) might falter.
FWIW, I observed this error when running AlphaWallet in the iOS simulator. It's a simulator, so might not have the same behaviour on a device.
Works for me:
But according to @James-Sangalli