two attempts to connect to freenode with weechat-git

gistfile1.txt

19:45:09             freenode     | irc: reconnecting to server...
19:45:09             freenode     | irc: connecting to server chat.us.freenode.net/7070 (SSL)...
19:45:09             freenode     | gnutls: connected using 1024-bit Diffie-Hellman shared secret exchange
19:45:09             freenode =!= | gnutls: peer's certificate is NOT trusted
19:45:09             freenode =!= | gnutls: peer's certificate issuer is unknown
19:45:09             freenode     | gnutls: receiving 2 certificates   
19:45:09             freenode     |  - certificate[1] info:
19:45:09             freenode     |    - subject `OU=Domain Control Validated,OU=Gandi Standard Wildcard SSL,CN=*.freenode.net', issuer `C=FR,O=GANDI SAS,CN=Gandi Standard SSL CA', RSA key 2048 bits, signed using
                                  | RSA-SHA1, activated `2011-01-14 00:00:00 UTC', expires `2012-01-14 23:59:59 UTC', SHA-1 fingerprint `acd50e69ad93f5db08fefb67180d871415858664'
19:45:09             freenode     |  - certificate[2] info:
19:45:09             freenode     |    - subject `C=FR,O=GANDI SAS,CN=Gandi Standard SSL CA', issuer `C=US,ST=UT,L=Salt Lake City,O=The USERTRUST Network,OU=http://www.usertrust.com,CN=UTN-USERFirst-Hardware', RSA
                                  | key 2048 bits, signed using RSA-SHA1, activated `2008-10-23 00:00:00 UTC', expires `2020-05-30 10:48:38 UTC', SHA-1 fingerprint `a9f79883a075ce82d20d274d1368e876140d33b3'
19:45:09             freenode =!= | gnutls: the hostname in the certificate does NOT match "chat.us.freenode.net"
19:45:09             freenode =!= | irc: TLS handshake failed   
19:45:09             freenode =!= | irc: error: Error in the certificate.
19:45:09             freenode     | irc: reconnecting to server in 40 seconds

gistfile2.txt

19:51:34    chat.freenode.net     | irc: connecting to server chat.freenode.net/7000 (SSL)...
19:51:35    chat.freenode.net     | gnutls: connected using 2048-bit Diffie-Hellman shared secret exchange
19:51:35    chat.freenode.net =!= | gnutls: peer's certificate is NOT trusted
19:51:35    chat.freenode.net =!= | gnutls: peer's certificate issuer is unknown
19:51:35    chat.freenode.net     | gnutls: receiving 2 certificates
19:51:35    chat.freenode.net     |  - certificate[1] info:
19:51:35    chat.freenode.net     |    - subject `OU=Domain Control Validated,OU=Gandi Standard Wildcard SSL,CN=*.freenode.net', issuer `C=FR,O=GANDI SAS,CN=Gandi Standard SSL CA', RSA key 2048 bits, signed using
                                  | RSA-SHA1, activated `2011-01-14 00:00:00 UTC', expires `2012-01-14 23:59:59 UTC', SHA-1 fingerprint `acd50e69ad93f5db08fefb67180d871415858664'
19:51:35    chat.freenode.net     |  - certificate[2] info:
19:51:35    chat.freenode.net     |    - subject `C=FR,O=GANDI SAS,CN=Gandi Standard SSL CA', issuer `C=US,ST=UT,L=Salt Lake City,O=The USERTRUST Network,OU=http://www.usertrust.com,CN=UTN-USERFirst-Hardware', RSA
                                  | key 2048 bits, signed using RSA-SHA1, activated `2008-10-23 00:00:00 UTC', expires `2020-05-30 10:48:38 UTC', SHA-1 fingerprint `a9f79883a075ce82d20d274d1368e876140d33b3'
19:51:35    chat.freenode.net =!= | irc: TLS handshake failed
19:51:35    chat.freenode.net =!= | irc: error: Error in the certificate.
19:51:35    chat.freenode.net     | irc: reconnecting to server in 10 seconds

I just started using weechat and hit this same problem but it's easy to solve. Get the UTA CA-bundle from www.comodo.com:

UTNAddTrustServerCA.crt

I've added the key to my local ca-bundle (from http://curl.haxx.se/docs/caextract.html)
cat ~/Downloads/UTNAddTrustServerCA.crt >> /path/to/my/ca-bundle.pem

Finally set weechat to use that ca-bundle and save the configuration:
/set weechat.network.gnutls_ca_file /path/to/my/ca-bundle.pem
/save

Now you may connect to freenode all secure like.

Thx a lot!

Also you can get the cert: openssl s_client -showcerts -connect chat.freenode.net:6697
See how it use there.

echo "" | openssl s_client -host chat.freenode.net -port 6697 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'  > cert.pem

echo "" | openssl s_client -host chat.freenode.net -port 6697 -showcerts | awk '/BEGIN CERT/ {p=1} ; p==1; /END CERT/ {p=0}' > allcerts.pem