From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.81]) by mx.groups.io with SMTP id smtpd.web12.3508.1590604366703919431 for ; Wed, 27 May 2020 11:32:46 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=UWPy6NDc; spf=pass (domain: redhat.com, ip: 207.211.31.81, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590604365; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wgM64oqtdr4dTOzgN0v2xFyapLI8uCT4vB1H3RvVXok=; b=UWPy6NDcPkHYpx5PdyEu+W/0wA4gz0jIyvstfFqwpaJL+x5npkovyzIj8Ah40VibR0uzZN OQu8lYmXQelxJnljmHmERBFBsPNGgNFamUzqRoS03VLBQBh0yNNCZRkfyq1BpLLc+PMkeb u0yWN1wnRqY2YtJZasXaqRkyU7y9ttk= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-113-6iqOjTFnO4KkgeXsFqSiXw-1; Wed, 27 May 2020 14:32:42 -0400 X-MC-Unique: 6iqOjTFnO4KkgeXsFqSiXw-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8EF05100CCC2; Wed, 27 May 2020 18:32:40 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-113-77.ams2.redhat.com [10.36.113.77]) by smtp.corp.redhat.com (Postfix) with ESMTP id 88F5D78B2C; Wed, 27 May 2020 18:32:38 +0000 (UTC) Subject: Re: [EXTERNAL] [edk2-devel] [edk2-rfc] GitHub Pull Request based Code Review Process To: devel@edk2.groups.io, rebecca@bsdio.com, rfc@edk2.groups.io, Bret Barkelew , Andrew Fish Cc: "spbrogan@outlook.com" , "Desimone, Nathaniel L" , "Kinney, Michael D" , "Leif Lindholm (Nuvia address)" References: <2107AEA7-9145-4FC9-9E1A-C396F23877ED@apple.com> From: "Laszlo Ersek" Message-ID: Date: Wed, 27 May 2020 20:32:37 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit On 05/28/20 00:07, Rebecca Cran wrote: > I also tried using my openSUSE WSL installation, but it failed with: > > STARTTLS failed! SSL connect attempt failed error:1416F086:SSL > routines:tls_process_server_certificate:certificate verify failed at > /usr/lib/git/git-send-email line 1548. That's different -- in this case, peer certificate verification was attempted, but it failed, because the root certificate in the peer's cert chain is not trusted by your system (your openSUSE WSL environment). The fix for that should be identical to what you'd do on a standalone openSUSE installation -- (1) figure out what CA cert is the root of the peer's cert chain, and (2) decide consciously whether you trust that CA cert to sign other certificates, (3) import said CA cert persistently into your "store of trusted CA certs". Examples: (1) I think one command that works is: $ openssl s_client -showcerts -connect HOST:PORT