"Remote server's SSL certificate is invalid" when deployed to server - Root SSL certs not installed or referenced properly?

I'm using the crate idcurl (0.4.0) to read RSS. It works fine on my local environment (macOS 10.15.7 / Rust 1.47 / built as "debug").

However, when I deploy to my server (FreeBSD 12.1 / Rust 1.47 / built as "release"), I get "Remote server's SSL certificate is invalid" error.

I did some investigations like manually accessing the RSS feeds URLS on my local computer to inspect the SSL certificate date, Further, I access the URLs using "curl -vvI" on the server itself to check the SSL cert. The SSL certs are found to be valid.

So, why is this error being thrown by idcurl? Is this error message erroneous?

The code is:

pub fn fetch_rss(source: &'static Source) {
let rss_response_result = idcurl::get(source.url.as_str());
match rss_response_result {
    Ok(mut response) => {
        if response.status().is_success() {
            let response_date = get_response_date(&mut response);
            if should_update_cache(source, response_date) {
                store_rss_data_cache(&source, &mut response, response_date);
            }
        }
    }
    Err(e) => {
        println!("error fetching rss for: {} - {}", source.url, e);
    }
}

}

An example of the output:

error fetching rss for: https://www.coindesk.com/feed - Remote server's SSL certificate is invalid

What is the cause of this problem? And how should I investigate further - given that it works on my Mac but not on my remote FreeBSD server.

Is this because of the root certificate are not properly or adequately installed?

I checked and found there is "ca-root-nss.crt" in the "/usr/local/share/certs" directory (inside the jail).

Is this only cert adequate enough? If not, how to I install more root certs?

And, is the Rust app referencing the certs in this directory? If not, how do I point it to this directory?

At this moment, I highly suspect the root trusted certs are not being installed or referenced by the Rust app. Do you think this is the problem? How can I resolve this?

This question is more about debugging TLS than Rust. Anyway, if you have access to run openssl in the server jail, you can compare the output of the following command on the server vs. on your desktop.

echo | openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -connect www.coindesk.com:443 -showcerts

The path may need adjusted based on your OS, etc, and the output is arcane and can be hard to interpret. And again, it's not a Rust issue really; another forum or searching stackoverflow would probably be better suited to help with this problem.

First, I tried to find the path to the root certificate on my Mac but couldn't locate it. I'm sure it is there because it worked (ie. running the Rust app on my Mac did not present this problem.)

Then, on FreeBSD, I located the certificate at:

/usr/local/share/certs/ca-root-nss.crt

and therefore I executed:

echo | openssl s_client -CAfile /usr/local/share/certs/ca-root-nss.crt -connect www.coindesk.com:443 -showcerts
Output

CONNECTED(00000003)

depth=2 C = US, O = Amazon, CN = Amazon Root CA 1

verify return:1

depth=1 C = US, O = Amazon, OU = Server CA 1B, CN = Amazon

verify return:1

depth=0 CN = coindesk.com

verify return:1


Certificate chain

0 s:CN = coindesk.com

i:C = US, O = Amazon, OU = Server CA 1B, CN = Amazon

-----BEGIN CERTIFICATE-----

MIIFwjCCBKqgAwIBAgIQCpijx3GlSxxkrx48VwyPsjANBgkqhkiG9w0BAQsFADBG

MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg

Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xOTExMTYwMDAwMDBaFw0yMDEyMTYx

MjAwMDBaMBcxFTATBgNVBAMTDGNvaW5kZXNrLmNvbTCCASIwDQYJKoZIhvcNAQEB

BQADggEPADCCAQoCggEBAMwWeRec4Mb2nm5W18R4Ss3/vqlPvqnXU2+ouU9Nuczf

EgM6fmCHVwWQvCSAgXCjIDflFzHr5uLgXtCrDIy/XVpOIl8klqvGa5NKPUqSfL2S

IPTcSjsDC0Xj73//J2AFUu+iafJ+tsWpfeJEVrS2fw6WFpVZzRS/xkyW9NUb2RIw

x5cPt46upxqpXp7ApOkxnRC6y2HsPJT1G4G6ppNj7GVStCOFR2VbJHG7pWkMwRb0

TdDy7HEapG3bg4kNqhm2TtxRApTY9bDEw9ji5ZlotNxGnbAl2NxDZKn6kM90Mngj

yVpsHdGPdzNkxWy0Cc1eBNI9u5jALhXaymk44ToVChsCAwEAAaOCAtkwggLVMB8G

A1UdIwQYMBaAFFmkZgZSoHuVkjyjlAcnlnRb+T3QMB0GA1UdDgQWBBRKggSW2RDZ

KecfGeCHTVrCNtzmITB3BgNVHREEcDBuggxjb2luZGVzay5jb22CE3N0YXRpYy5j

b2luZGVzay5jb22CF3Byb2R1Y3Rpb24uY29pbmRlc2suY29tghB3d3cuY29pbmRl

c2suY29tgh5wcm9kdWN0aW9uLnN0YXRpYy5jb2luZGVzay5jb20wDgYDVR0PAQH/

BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAy

MDCgLqAshipodHRwOi8vY3JsLnNjYTFiLmFtYXpvbnRydXN0LmNvbS9zY2ExYi5j

cmwwIAYDVR0gBBkwFzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMHUGCCsGAQUFBwEB

BGkwZzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3Auc2NhMWIuYW1hem9udHJ1c3Qu

Y29tMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LnNjYTFiLmFtYXpvbnRydXN0LmNv

bS9zY2ExYi5jcnQwDAYDVR0TAQH/BAIwADCCAQUGCisGAQQB1nkCBAIEgfYEgfMA

8QB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABbnXZXsIAAAQD

AEcwRQIhAPd1Laqv9zzOw9jDCb0BzU1GbsX8TCygZhyynm4/od/LAiB39v2hsTUQ

3cGRTjdYku4wJBN6vTpaneXUiQ3Vc4H7dwB3AId1v+dZfPiMQ5lfvfNu/1aNR1Y2

/0q1YMG06v9eoIMPAAABbnXZX1cAAAQDAEgwRgIhAMfwDA9ldLW7RgX3xfz3vIxJ

QfT0ZL0Ob57MpxrXzDe2AiEApB0EGhnN7C2/XuRs6kCQ/+kgUfJNyGytB3Wrn7/x

YigwDQYJKoZIhvcNAQELBQADggEBAG1WI5ZxQQK2EggkQrvDqZxOEIQnMUbASTCt

FM/qsvN72L9Z+sS5bAocfA+BAfFjYjECkpPqwjPFMKG8ZVQ2ew2am1+OykRzM8sR

JoP+lLDTvrqJU9mugHPpqKoW0QsuP4KsvcGI4aAbP3Ksk+rlScJOml2+42x26bDG

/Ys301YQ1bR9fed/PotAwJZ+AoHojN0bh6GkxgdCEg3q6A1DiPNqgUE3E/sJix5A

sK85ihTApNivfrtojDE/fFIzO57C1yH6E+XxgCP9wXyiAFOzgONM0bfn4IRlIgvj

aMXdUKZXGYknncn9z7tT4cE+gl+UCzXkFV4kZMaiVy5p5syF9S4=

-----END CERTIFICATE-----

1 s:C = US, O = Amazon, OU = Server CA 1B, CN = Amazon

i:C = US, O = Amazon, CN = Amazon Root CA 1

-----BEGIN CERTIFICATE-----

MIIESTCCAzGgAwIBAgITBn+UV4WH6Kx33rJTMlu8mYtWDTANBgkqhkiG9w0BAQsF

ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6

b24gUm9vdCBDQSAxMB4XDTE1MTAyMjAwMDAwMFoXDTI1MTAxOTAwMDAwMFowRjEL

MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENB

IDFCMQ8wDQYDVQQDEwZBbWF6b24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK

AoIBAQDCThZn3c68asg3Wuw6MLAd5tES6BIoSMzoKcG5blPVo+sDORrMd4f2AbnZ

cMzPa43j4wNxhplty6aUKk4T1qe9BOwKFjwK6zmxxLVYo7bHViXsPlJ6qOMpFge5

blDP+18x+B26A0piiQOuPkfyDyeR4xQghfj66Yo19V+emU3nazfvpFA+ROz6WoVm

B5x+F2pV8xeKNR7u6azDdU5YVX1TawprmxRC1+WsAYmz6qP+z8ArDITC2FMVy2fw

0IjKOtEXc/VfmtTFch5+AfGYMGMqqvJ6LcXiAhqG5TI+Dr0RtM88k+8XUBCeQ8IG

KuANaL7TiItKZYxK1MMuTJtV9IblAgMBAAGjggE7MIIBNzASBgNVHRMBAf8ECDAG

AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUWaRmBlKge5WSPKOUByeW

dFv5PdAwHwYDVR0jBBgwFoAUhBjMhTTsvAyUlC4IWZzHshBOCggwewYIKwYBBQUH

AQEEbzBtMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5yb290Y2ExLmFtYXpvbnRy

dXN0LmNvbTA6BggrBgEFBQcwAoYuaHR0cDovL2NydC5yb290Y2ExLmFtYXpvbnRy

dXN0LmNvbS9yb290Y2ExLmNlcjA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3Js

LnJvb3RjYTEuYW1hem9udHJ1c3QuY29tL3Jvb3RjYTEuY3JsMBMGA1UdIAQMMAow

CAYGZ4EMAQIBMA0GCSqGSIb3DQEBCwUAA4IBAQCFkr41u3nPo4FCHOTjY3NTOVI1

59Gt/a6ZiqyJEi+752+a1U5y6iAwYfmXss2lJwJFqMp2PphKg5625kXg8kP2CN5t

6G7bMQcT8C8xDZNtYTd7WPD8UZiRKAJPBXa30/AbwuZe0GaFEQ8ugcYQgSn+IGBI

8/LwhBNTZTUVEWuCUUBVV18YtbAiPq3yXqMB48Oz+ctBWuZSkbvkNodPLamkB2g1

upRyzQ7qDn1X8nn8N8V7YJ6y68AtkHcNSRAnpTitxBKjtKPISLMVCx7i4hncxHZS

yLyKQXhw2W2Xs0qLeC1etA+jTGDK4UfLeC0SF7FSi8o5LL21L8IzApar2pR/

-----END CERTIFICATE-----

2 s:C = US, O = Amazon, CN = Amazon Root CA 1

i:C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2

-----BEGIN CERTIFICATE-----

MIIEkjCCA3qgAwIBAgITBn+USionzfP6wq4rAfkI7rnExjANBgkqhkiG9w0BAQsF

ADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNj

b3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4x

OzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1

dGhvcml0eSAtIEcyMB4XDTE1MDUyNTEyMDAwMFoXDTM3MTIzMTAxMDAwMFowOTEL

MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv

b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj

ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM

9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw

IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6

VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L

93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm

jgSubJrIqg0CAwEAAaOCATEwggEtMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/

BAQDAgGGMB0GA1UdDgQWBBSEGMyFNOy8DJSULghZnMeyEE4KCDAfBgNVHSMEGDAW

gBScXwDfqgHXMCs4iKK4bUqc8hGRgzB4BggrBgEFBQcBAQRsMGowLgYIKwYBBQUH

MAGGImh0dHA6Ly9vY3NwLnJvb3RnMi5hbWF6b250cnVzdC5jb20wOAYIKwYBBQUH

MAKGLGh0dHA6Ly9jcnQucm9vdGcyLmFtYXpvbnRydXN0LmNvbS9yb290ZzIuY2Vy

MD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwucm9vdGcyLmFtYXpvbnRydXN0

LmNvbS9yb290ZzIuY3JsMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsF

AAOCAQEAYjdCXLwQtT6LLOkMm2xF4gcAevnFWAu5CIw+7bMlPLVvUOTNNWqnkzSW

MiGpSESrnO09tKpzbeR/FoCJbM8oAxiDR3mjEH4wW6w7sGDgd9QIpuEdfF7Au/ma

eyKdpwAJfqxGF4PcnCZXmTA5YpaP7dreqsXMGz7KQ2hsVxa81Q4gLv7/wmpdLqBK

bRRYh5TmOTFffHPLkIhqhBGWJ6bt2YFGpn6jcgAKUj6DiAdjd4lpFw85hdKrCEVN

0FE6/V1dN2RMfjCyVSRCnTawXZwXgWHxyvkQAiSr6w10kY17RSlQOYiypok1JR4U

akcjMS9cmvqtmg5iUaQqqcT5NJ0hGA==

-----END CERTIFICATE-----

3 s:C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2

i:C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority

-----BEGIN CERTIFICATE-----

MIIEdTCCA12gAwIBAgIJAKcOSkw0grd/MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV

BAYTAlVTMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTIw

MAYDVQQLEylTdGFyZmllbGQgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0

eTAeFw0wOTA5MDIwMDAwMDBaFw0zNDA2MjgxNzM5MTZaMIGYMQswCQYDVQQGEwJV

UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UE

ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjE7MDkGA1UEAxMyU3RhcmZp

ZWxkIFNlcnZpY2VzIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEi

MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVDDrEKvlO4vW+GZdfjohTsR8/

y8+fIBNtKTrID30892t2OGPZNmCom15cAICyL1l/9of5JUOG52kbUpqQ4XHj2C0N

Tm/2yEnZtvMaVq4rtnQU68/7JuMauh2WLmo7WJSJR1b/JaCTcFOD2oR0FMNnngRo

Ot+OQFodSk7PQ5E751bWAHDLUu57fa4657wx+UX2wmDPE1kCK4DMNEffud6QZW0C

zyyRpqbn3oUYSXxmTqM6bam17jQuug0DuDPfR+uxa40l2ZvOgdFFRjKWcIfeAg5J

Q4W2bHO7ZOphQazJ1FTfhy/HIrImzJ9ZVGif/L4qL8RVHHVAYBeFAlU5i38FAgMB

AAGjgfAwge0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0O

BBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMB8GA1UdIwQYMBaAFL9ft9HO3R+G9FtV

rNzXEMIOqYjnME8GCCsGAQUFBwEBBEMwQTAcBggrBgEFBQcwAYYQaHR0cDovL28u

c3MyLnVzLzAhBggrBgEFBQcwAoYVaHR0cDovL3guc3MyLnVzL3guY2VyMCYGA1Ud

HwQfMB0wG6AZoBeGFWh0dHA6Ly9zLnNzMi51cy9yLmNybDARBgNVHSAECjAIMAYG

BFUdIAAwDQYJKoZIhvcNAQELBQADggEBACMd44pXyn3pF3lM8R5V/cxTbj5HD9/G

VfKyBDbtgB9TxF00KGu+x1X8Z+rLP3+QsjPNG1gQggL4+C/1E2DUBc7xgQjB3ad1

l08YuW3e95ORCLp+QCztweq7dp4zBncdDQh/U90bZKuCJ/Fp1U1ervShw3WnWEQt

8jxwmKy6abaVd38PMV4s/KCHOkdp8Hlf9BRUpJVeEXgSYCfOn8J3/yNTd126/+pZ

59vPr5KW7ySaNRB6nJHGDn2Z9j8Z3/VyVOEVqQdZe4O/Ui5GjLIAZHYcSNPYeehu

VsyuLAOQ1xk4meTKCRlb/weWsKh/NEnfVqn3sF/tM+2MR7cwA130A4w=

-----END CERTIFICATE-----


Server certificate

subject=CN = coindesk.com

issuer=C = US, O = Amazon, OU = Server CA 1B, CN = Amazon


No client certificate CA names sent

Peer signing digest: SHA256

Peer signature type: RSA-PSS

Server Temp Key: X25519, 253 bits


SSL handshake has read 5457 bytes and written 384 bytes

Verification: OK


New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256

Server public key is 2048 bit

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

Early data was not sent

Verify return code: 0 (ok)


DONE

Looks like the response is legitimate.

Further, I removed the "-CACert" option and executed to following command to TEST:

echo | openssl s_client -connect www.coindesk.com:443 -showcerts

and got (I think similar) results:

Output

CONNECTED(00000003)

depth=2 C = US, O = Amazon, CN = Amazon Root CA 1

verify return:1

depth=1 C = US, O = Amazon, OU = Server CA 1B, CN = Amazon

verify return:1

depth=0 CN = coindesk.com

verify return:1


Certificate chain

0 s:CN = coindesk.com

i:C = US, O = Amazon, OU = Server CA 1B, CN = Amazon

-----BEGIN CERTIFICATE-----

MIIFwjCCBKqgAwIBAgIQCpijx3GlSxxkrx48VwyPsjANBgkqhkiG9w0BAQsFADBG

MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg

Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xOTExMTYwMDAwMDBaFw0yMDEyMTYx

MjAwMDBaMBcxFTATBgNVBAMTDGNvaW5kZXNrLmNvbTCCASIwDQYJKoZIhvcNAQEB

BQADggEPADCCAQoCggEBAMwWeRec4Mb2nm5W18R4Ss3/vqlPvqnXU2+ouU9Nuczf

EgM6fmCHVwWQvCSAgXCjIDflFzHr5uLgXtCrDIy/XVpOIl8klqvGa5NKPUqSfL2S

IPTcSjsDC0Xj73//J2AFUu+iafJ+tsWpfeJEVrS2fw6WFpVZzRS/xkyW9NUb2RIw

x5cPt46upxqpXp7ApOkxnRC6y2HsPJT1G4G6ppNj7GVStCOFR2VbJHG7pWkMwRb0

TdDy7HEapG3bg4kNqhm2TtxRApTY9bDEw9ji5ZlotNxGnbAl2NxDZKn6kM90Mngj

yVpsHdGPdzNkxWy0Cc1eBNI9u5jALhXaymk44ToVChsCAwEAAaOCAtkwggLVMB8G

A1UdIwQYMBaAFFmkZgZSoHuVkjyjlAcnlnRb+T3QMB0GA1UdDgQWBBRKggSW2RDZ

KecfGeCHTVrCNtzmITB3BgNVHREEcDBuggxjb2luZGVzay5jb22CE3N0YXRpYy5j

b2luZGVzay5jb22CF3Byb2R1Y3Rpb24uY29pbmRlc2suY29tghB3d3cuY29pbmRl

c2suY29tgh5wcm9kdWN0aW9uLnN0YXRpYy5jb2luZGVzay5jb20wDgYDVR0PAQH/

BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAy

MDCgLqAshipodHRwOi8vY3JsLnNjYTFiLmFtYXpvbnRydXN0LmNvbS9zY2ExYi5j

cmwwIAYDVR0gBBkwFzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMHUGCCsGAQUFBwEB

BGkwZzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3Auc2NhMWIuYW1hem9udHJ1c3Qu

Y29tMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LnNjYTFiLmFtYXpvbnRydXN0LmNv

bS9zY2ExYi5jcnQwDAYDVR0TAQH/BAIwADCCAQUGCisGAQQB1nkCBAIEgfYEgfMA

8QB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABbnXZXsIAAAQD

AEcwRQIhAPd1Laqv9zzOw9jDCb0BzU1GbsX8TCygZhyynm4/od/LAiB39v2hsTUQ

3cGRTjdYku4wJBN6vTpaneXUiQ3Vc4H7dwB3AId1v+dZfPiMQ5lfvfNu/1aNR1Y2

/0q1YMG06v9eoIMPAAABbnXZX1cAAAQDAEgwRgIhAMfwDA9ldLW7RgX3xfz3vIxJ

QfT0ZL0Ob57MpxrXzDe2AiEApB0EGhnN7C2/XuRs6kCQ/+kgUfJNyGytB3Wrn7/x

YigwDQYJKoZIhvcNAQELBQADggEBAG1WI5ZxQQK2EggkQrvDqZxOEIQnMUbASTCt

FM/qsvN72L9Z+sS5bAocfA+BAfFjYjECkpPqwjPFMKG8ZVQ2ew2am1+OykRzM8sR

JoP+lLDTvrqJU9mugHPpqKoW0QsuP4KsvcGI4aAbP3Ksk+rlScJOml2+42x26bDG

/Ys301YQ1bR9fed/PotAwJZ+AoHojN0bh6GkxgdCEg3q6A1DiPNqgUE3E/sJix5A

sK85ihTApNivfrtojDE/fFIzO57C1yH6E+XxgCP9wXyiAFOzgONM0bfn4IRlIgvj

aMXdUKZXGYknncn9z7tT4cE+gl+UCzXkFV4kZMaiVy5p5syF9S4=

-----END CERTIFICATE-----

1 s:C = US, O = Amazon, OU = Server CA 1B, CN = Amazon

i:C = US, O = Amazon, CN = Amazon Root CA 1

-----BEGIN CERTIFICATE-----

MIIESTCCAzGgAwIBAgITBn+UV4WH6Kx33rJTMlu8mYtWDTANBgkqhkiG9w0BAQsF

ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6

b24gUm9vdCBDQSAxMB4XDTE1MTAyMjAwMDAwMFoXDTI1MTAxOTAwMDAwMFowRjEL

MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENB

IDFCMQ8wDQYDVQQDEwZBbWF6b24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK

AoIBAQDCThZn3c68asg3Wuw6MLAd5tES6BIoSMzoKcG5blPVo+sDORrMd4f2AbnZ

cMzPa43j4wNxhplty6aUKk4T1qe9BOwKFjwK6zmxxLVYo7bHViXsPlJ6qOMpFge5

blDP+18x+B26A0piiQOuPkfyDyeR4xQghfj66Yo19V+emU3nazfvpFA+ROz6WoVm

B5x+F2pV8xeKNR7u6azDdU5YVX1TawprmxRC1+WsAYmz6qP+z8ArDITC2FMVy2fw

0IjKOtEXc/VfmtTFch5+AfGYMGMqqvJ6LcXiAhqG5TI+Dr0RtM88k+8XUBCeQ8IG

KuANaL7TiItKZYxK1MMuTJtV9IblAgMBAAGjggE7MIIBNzASBgNVHRMBAf8ECDAG

AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUWaRmBlKge5WSPKOUByeW

dFv5PdAwHwYDVR0jBBgwFoAUhBjMhTTsvAyUlC4IWZzHshBOCggwewYIKwYBBQUH

AQEEbzBtMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5yb290Y2ExLmFtYXpvbnRy

dXN0LmNvbTA6BggrBgEFBQcwAoYuaHR0cDovL2NydC5yb290Y2ExLmFtYXpvbnRy

dXN0LmNvbS9yb290Y2ExLmNlcjA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3Js

LnJvb3RjYTEuYW1hem9udHJ1c3QuY29tL3Jvb3RjYTEuY3JsMBMGA1UdIAQMMAow

CAYGZ4EMAQIBMA0GCSqGSIb3DQEBCwUAA4IBAQCFkr41u3nPo4FCHOTjY3NTOVI1

59Gt/a6ZiqyJEi+752+a1U5y6iAwYfmXss2lJwJFqMp2PphKg5625kXg8kP2CN5t

6G7bMQcT8C8xDZNtYTd7WPD8UZiRKAJPBXa30/AbwuZe0GaFEQ8ugcYQgSn+IGBI

8/LwhBNTZTUVEWuCUUBVV18YtbAiPq3yXqMB48Oz+ctBWuZSkbvkNodPLamkB2g1

upRyzQ7qDn1X8nn8N8V7YJ6y68AtkHcNSRAnpTitxBKjtKPISLMVCx7i4hncxHZS

yLyKQXhw2W2Xs0qLeC1etA+jTGDK4UfLeC0SF7FSi8o5LL21L8IzApar2pR/

-----END CERTIFICATE-----

2 s:C = US, O = Amazon, CN = Amazon Root CA 1

i:C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2

-----BEGIN CERTIFICATE-----

MIIEkjCCA3qgAwIBAgITBn+USionzfP6wq4rAfkI7rnExjANBgkqhkiG9w0BAQsF

ADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNj

b3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4x

OzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1

dGhvcml0eSAtIEcyMB4XDTE1MDUyNTEyMDAwMFoXDTM3MTIzMTAxMDAwMFowOTEL

MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv

b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj

ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM

9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw

IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6

VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L

93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm

jgSubJrIqg0CAwEAAaOCATEwggEtMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/

BAQDAgGGMB0GA1UdDgQWBBSEGMyFNOy8DJSULghZnMeyEE4KCDAfBgNVHSMEGDAW

gBScXwDfqgHXMCs4iKK4bUqc8hGRgzB4BggrBgEFBQcBAQRsMGowLgYIKwYBBQUH

MAGGImh0dHA6Ly9vY3NwLnJvb3RnMi5hbWF6b250cnVzdC5jb20wOAYIKwYBBQUH

MAKGLGh0dHA6Ly9jcnQucm9vdGcyLmFtYXpvbnRydXN0LmNvbS9yb290ZzIuY2Vy

MD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwucm9vdGcyLmFtYXpvbnRydXN0

LmNvbS9yb290ZzIuY3JsMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsF

AAOCAQEAYjdCXLwQtT6LLOkMm2xF4gcAevnFWAu5CIw+7bMlPLVvUOTNNWqnkzSW

MiGpSESrnO09tKpzbeR/FoCJbM8oAxiDR3mjEH4wW6w7sGDgd9QIpuEdfF7Au/ma

eyKdpwAJfqxGF4PcnCZXmTA5YpaP7dreqsXMGz7KQ2hsVxa81Q4gLv7/wmpdLqBK

bRRYh5TmOTFffHPLkIhqhBGWJ6bt2YFGpn6jcgAKUj6DiAdjd4lpFw85hdKrCEVN

0FE6/V1dN2RMfjCyVSRCnTawXZwXgWHxyvkQAiSr6w10kY17RSlQOYiypok1JR4U

akcjMS9cmvqtmg5iUaQqqcT5NJ0hGA==

-----END CERTIFICATE-----

3 s:C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2

i:C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority

-----BEGIN CERTIFICATE-----

MIIEdTCCA12gAwIBAgIJAKcOSkw0grd/MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV

BAYTAlVTMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTIw

MAYDVQQLEylTdGFyZmllbGQgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0

eTAeFw0wOTA5MDIwMDAwMDBaFw0zNDA2MjgxNzM5MTZaMIGYMQswCQYDVQQGEwJV

UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UE

ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjE7MDkGA1UEAxMyU3RhcmZp

ZWxkIFNlcnZpY2VzIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEi

MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVDDrEKvlO4vW+GZdfjohTsR8/

y8+fIBNtKTrID30892t2OGPZNmCom15cAICyL1l/9of5JUOG52kbUpqQ4XHj2C0N

Tm/2yEnZtvMaVq4rtnQU68/7JuMauh2WLmo7WJSJR1b/JaCTcFOD2oR0FMNnngRo

Ot+OQFodSk7PQ5E751bWAHDLUu57fa4657wx+UX2wmDPE1kCK4DMNEffud6QZW0C

zyyRpqbn3oUYSXxmTqM6bam17jQuug0DuDPfR+uxa40l2ZvOgdFFRjKWcIfeAg5J

Q4W2bHO7ZOphQazJ1FTfhy/HIrImzJ9ZVGif/L4qL8RVHHVAYBeFAlU5i38FAgMB

AAGjgfAwge0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0O

BBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMB8GA1UdIwQYMBaAFL9ft9HO3R+G9FtV

rNzXEMIOqYjnME8GCCsGAQUFBwEBBEMwQTAcBggrBgEFBQcwAYYQaHR0cDovL28u

c3MyLnVzLzAhBggrBgEFBQcwAoYVaHR0cDovL3guc3MyLnVzL3guY2VyMCYGA1Ud

HwQfMB0wG6AZoBeGFWh0dHA6Ly9zLnNzMi51cy9yLmNybDARBgNVHSAECjAIMAYG

BFUdIAAwDQYJKoZIhvcNAQELBQADggEBACMd44pXyn3pF3lM8R5V/cxTbj5HD9/G

VfKyBDbtgB9TxF00KGu+x1X8Z+rLP3+QsjPNG1gQggL4+C/1E2DUBc7xgQjB3ad1

l08YuW3e95ORCLp+QCztweq7dp4zBncdDQh/U90bZKuCJ/Fp1U1ervShw3WnWEQt

8jxwmKy6abaVd38PMV4s/KCHOkdp8Hlf9BRUpJVeEXgSYCfOn8J3/yNTd126/+pZ

59vPr5KW7ySaNRB6nJHGDn2Z9j8Z3/VyVOEVqQdZe4O/Ui5GjLIAZHYcSNPYeehu

VsyuLAOQ1xk4meTKCRlb/weWsKh/NEnfVqn3sF/tM+2MR7cwA130A4w=

-----END CERTIFICATE-----


Server certificate

subject=CN = coindesk.com

issuer=C = US, O = Amazon, OU = Server CA 1B, CN = Amazon


No client certificate CA names sent

Peer signing digest: SHA256

Peer signature type: RSA-PSS

Server Temp Key: X25519, 253 bits


SSL handshake has read 5457 bytes and written 384 bytes

Verification: OK


New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256

Server public key is 2048 bit

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

Early data was not sent

Verify return code: 0 (ok)


DONE

I switched to another crate called " curl-rust" and it seems that the ssl problem is resolved. The responses are all 200 and data being read. I did not change any settings within the FreeBSD environment.

1 Like