Psi (and Psi-plus) aren't able to validate certificates

OpenSubmitted by Jack Hill.
Details
One participant
  • Jack Hill
Owner
unassigned
Severity
normal
J
J
Jack Hill wrote on 23 Mar 2021 00:50
(address . bug-guix@gnu.org)(name . Raghav Gururajan)(address . rg@raghavgururajan.name)
alpine.DEB.2.21.2103221936100.8138@marsh.hcoop.net
Hi Guix,

I'm using Guix System with commit 17b408e6a219d64643717cfde16ce04eea0a4590
and both the psi and psi-plus package are unable to validate the
certificate of the XMPP server when connecting. When logging into an
account, a popup error appears saying "The member.fsf.org certificate
failed the authenticity test. Invalid CA certificate." Clicking on
"details…" results in the attached screenshot. It appears that a valid
certificate is being presented by the server, but psi doesn't have
certificate authority in its trust store. I've tried it with both psi
installed in my default user profile and nss-certs installed in the system
profile as well and with `guix environment --ad-hoc psi nss-certs -- psi`.

My environment variable appear to be set correctly:

jackhill@alperton ~$ env|grep -i ssl
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs
SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt

The problem appears across different XMPP servers. I've tried the ones
for member.fsf.org, duke.edu, and hcoop.net. The IM Observatory doesn't
report any problems with the configuration of member.fsf.org [0]. I see
the exact same problem and error messages with both psi and psi-plus.


Best,
Jack
Attachment: psi.png
?