Install fails in Mac with "certificate rejected: unknown public key OID: [1,3,14,3,2,12]" reason

[aramallo]

OS: Mac OS X (El Capitan) 10.11.6 Elm Version: 0.17.1

The following is an example, but it fails with every package.

❯❯❯ elm package install elm-lang/html
Some new packages are needed. Here is the upgrade plan.

  Install:
    elm-lang/core 4.0.5
    elm-lang/html 1.1.0
    elm-lang/virtual-dom 1.1.1

Do you approve of this plan? [Y/n] y
Starting downloads...

  ✗ elm-lang/core 4.0.5
  ✗ elm-lang/html 1.1.0
  ✗ elm-lang/virtual-dom 1.1.1
Error: The following HTTP request failed.
<https://github.com/elm-lang/core/zipball/4.0.5/>

TlsExceptionHostPort (HandshakeFailed (Error_Protocol ("certificate rejected: unknown public key OID: [1,3,14,3,2,12]",True,CertificateUnknown))) "github.com" 443

[process-bot]

Thanks for the issue! Make sure it satisfies this checklist. My human colleagues will appreciate it!

Here is what to expect next, and if anyone wants to comment, keep these things in mind.

[aramallo]

So, I am not a haskell guy but googling I found this is definitively a Haskell TLS exception.

So, I installed ghc, stack, cabal and buddies and did the following, getting the exact same error. Any Ideas?

BTW OID: [1,3,14,3,2,12] stands for DSA algorithm

❯❯❯ cabal install tls-debug
❯❯❯ cabal exec tls-retrievecertificate -- github.com 443 --verify                                                    ⏎
connecting to github.com on port 443 ...
serial:   15938810608981134066197160231674485287
issuer:   DistinguishedName {getDistinguishedElements = [([2,5,4,6],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "US"}),([2,5,4,10],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "DigiCert Inc"}),([2,5,4,11],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "www.digicert.com"}),([2,5,4,3],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "DigiCert SHA2 Extended Validation Server CA"})]}
subject:  DistinguishedName {getDistinguishedElements = [([2,5,4,15],ASN1CharacterString {characterEncoding = UTF8, getCharacterStringRawData = "Private Organization"}),([1,3,6,1,4,1,311,60,2,1,3],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "US"}),([1,3,6,1,4,1,311,60,2,1,2],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "Delaware"}),([2,5,4,5],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "5157550"}),([2,5,4,9],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "88 Colin P Kelly, Jr Street"}),([2,5,4,17],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "94107"}),([2,5,4,6],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "US"}),([2,5,4,8],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "California"}),([2,5,4,7],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "San Francisco"}),([2,5,4,10],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "GitHub, Inc."}),([2,5,4,3],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "github.com"})]}
validity: DateTime {dtDate = Date {dateYear = 2016, dateMonth = March, dateDay = 10}, dtTime = TimeOfDay {todHour = 0h, todMin = 0m, todSec = 0s, todNSec = 0ns}} to DateTime {dtDate = Date {dateYear = 2018, dateMonth = May, dateDay = 17}, dtTime = TimeOfDay {todHour = 12h, todMin = 0m, todSec = 0s, todNSec = 0ns}}
### certificate chain trust
tls-retrievecertificate: unknown public key OID: [1,3,14,3,2,12]
CallStack (from HasCallStack):
  error, called at ./Data/X509/PublicKey.hs:135:23 in x509-1.6.3-B8QQl20I2pFHRBKHO0jkKo:Data.X509.PublicKey

[aramallo]

In the end this was a corrupted keychain on the mac!!! all working now!