# I am the Watcher. I am your guide through this vast new twtiverse.
# 
# Usage:
#     https://watcher.sour.is/api/plain/users              View list of users and latest twt date.
#     https://watcher.sour.is/api/plain/twt                View all twts.
#     https://watcher.sour.is/api/plain/mentions?uri=:uri  View all mentions for uri.
#     https://watcher.sour.is/api/plain/conv/:hash         View all twts for a conversation subject.
# 
# Options:
#     uri     Filter to show a specific users twts.
#     offset  Start index for quey.
#     limit   Count of items to return (going back in time).
# 
# twt range = 1 15
# self = https://watcher.sour.is/conv/pzoh4ha
movq
www.uninformativ.de
View Thread
So much stuff broke because of that LetsEncrypt root CA expiry … Even OpenBSD had to publish a patch: https://marc.info/?l=openbsd-announce&m=163303141426965&w=2
movq
www.uninformativ.de
View Thread
So much stuff broke because of that LetsEncrypt root CA expiry … Even OpenBSD had to publish a patch: https://marc.info/?l=openbsd-announce&m=163303141426965&w=2
movq
www.uninformativ.de
View Thread
So much stuff broke because of that LetsEncrypt root CA expiry … Even OpenBSD had to publish a patch: https://marc.info/?l=openbsd-announce&m=163303141426965&w=2
prologic
twtxt.net
View Thread
@movq Ooops 😳 🀣
prologic
twtxt.net
View Thread
@movq Ooops 😳 🀣
lyse
lyse.isobeef.org
View Thread
@movq @prologic I got this on an old box, too. curl --cacert chain.pem --capath /tmp/nonexistent still doesn't want to accept the exact same CA chain on that machine. Works fine on others.
movq
www.uninformativ.de
View Thread
@lyse Maybe that web server delivers an intermediate cert that still points to the old expired CA? πŸ€” No idea. Sounds like your call should work. πŸ€”
movq
www.uninformativ.de
View Thread
@lyse Maybe that web server delivers an intermediate cert that still points to the old expired CA? πŸ€” No idea. Sounds like your call should work. πŸ€”
movq
www.uninformativ.de
View Thread
@lyse Maybe that web server delivers an intermediate cert that still points to the old expired CA? πŸ€” No idea. Sounds like your call should work. πŸ€”
lyse
lyse.isobeef.org
View Thread
@movq Your inital link was really helpful, thank you very much! I now just removed the expired DST_Root_CA_X3.pem and everything is working fine. I accidentally included said expired CA in my chain, too. It's quite weird, that an expired CA fails the validation, but omitting it entirely is okay. :-?
lyse
lyse.isobeef.org
View Thread
Oh dear, I realized I even put that expired CA additionally at /usr/local/share/ca-certificates, so the Python certificate validation picked it up and rejected requests. Working now. Let's see, what else I will come across the next days.
movq
www.uninformativ.de
View Thread
@lyse Hehe. In my experience, it’s usually best to not touch CA files – at all. β€œThe distro knows best!” 😁
movq
www.uninformativ.de
View Thread
@lyse Hehe. In my experience, it’s usually best to not touch CA files – at all. β€œThe distro knows best!” 😁
movq
www.uninformativ.de
View Thread
@lyse Hehe. In my experience, it’s usually best to not touch CA files – at all. β€œThe distro knows best!” 😁
lyse
lyse.isobeef.org
View Thread
@movq I fully agree on that.