求助gnutls certificate问题

公司的mac上最近更新了certificate,导致gnutls没法验证了,

➜ gnutls-cli -p 443 elpa.gnu.org

Processed 170 CA certificate(s).
Resolving 'elpa.gnu.org:443'...
Connecting to '209.51.188.89:443'...
- Certificate type: X.509- Got a certificate list of 2 certificates.
- Certificate[0] info: 
 - subject `CN=elpa.gnu.org', issuer `CN=ssl-decrypt.XXXX...
- Certificate[1] info: 
  - subject `CN=ssl-decrypt. XXXXXXXX....
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.

具体certificate信息我就不贴了。怎么让gnutls验证三方的证书呢?

稍微顶一下。别就这么沉了。

我目前得用emacs-plus with --without-gnutls编译,安装包貌似没什么问题,但很慌,怕有什么包需要gnutls没法用了

有个证书路径,这个路径 openssl 也识别的。

具体要怎么操作呢?有文档吗?

gnutls-trustfiles

我设置了(add-to-list 'gnutls-trustfiles "/path/to/my/cert.pem") 但是用 (url-retrieve-synchronously "https://my.website/") 的时候还是报错了。

报错信息:

Debugger entered--Lisp error: (error "The x509 certificate does not match \"x.x.x.x\"")
  gnutls-boot(#<process x.x.x.x> gnutls-x509pki (:complete-negotiation t :priority "SECURE128:+SECURE192:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2" :hostname "x.x.x.x" :loglevel 0 :min-prime-bits 3072 :trustfiles ("/Users/strong/Documents/cert.pem" "/etc/ssl/cert.pem") :crlfiles nil :keylist nil :verify-flags nil :verify-error t :callbacks nil))
  gnutls-negotiate(:process #<process x.x.x.x> :type gnutls-x509pki :hostname "x.x.x.x")
  open-gnutls-stream("x.x.x.x" #<buffer  *url-http-temp*> "x.x.x.x" 443 nil)
  network-stream-open-tls("x.x.x.x" #<buffer  *url-http-temp*> "x.x.x.x" 443 (:type tls :nowait nil))
  open-network-stream("x.x.x.x" #<buffer  *url-http-temp*> "x.x.x.x" 443 :type tls :nowait nil)
  url-open-stream("x.x.x.x" #<buffer  *url-http-temp*> "x.x.x.x" 443 tls)
  url-http-find-free-connection("x.x.x.x" 443 tls)
  url-http(#s(url :type "https" :user nil :password nil :host "x.x.x.x" :portspec nil :filename "/" :target nil :attributes nil :fullness t :silent nil :use-cookies t :asynchronous nil) #f(compiled-function (&rest ignored) #<bytecode 0x4553f7cd>) (nil) nil tls)
  url-https(#s(url :type "https" :user nil :password nil :host "x.x.x.x" :portspec nil :filename "/" :target nil :attributes nil :fullness t :silent nil :use-cookies t :asynchronous nil) #f(compiled-function (&rest ignored) #<bytecode 0x4553f7cd>) (nil))
  url-retrieve-internal("https://x.x.x.x/" #f(compiled-function (&rest ignored) #<bytecode 0x4553f7cd>) (nil) nil nil)
  url-retrieve("https://x.x.x.x/" #f(compiled-function (&rest ignored) #<bytecode 0x4553f7cd>) nil nil nil)
  url-retrieve-synchronously("https://x.x.x.x/")
  (progn (url-retrieve-synchronously "https://x.x.x.x/"))
  eval((progn (url-retrieve-synchronously "https://x.x.x.x/")) t)