[Bug 291483] RELEASE installation fails to fetch from non-resolving pkgbase.FreeBSD.org: No error

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291483

--- Comment #7 from Vassili Tchersky <vt+freebsd@vbcy.org> ---
After some debugging with openssl s_client I got "certificate is not yet valid"
and I knew ... the motherboard is pristine and so the RTC was set to year 2018.
After running ntpdate from the installer console, pkg update works and so the
installer.

No obvious error was given by "pkg -dd" except for "curl_open, fetcher
pkg+https" and then "pkg: Failed to fetch [...]: No Error".

When using the binary /usr/bin/fetch that uses the same libfetch than pkg (or
pkg-static), it returns "pkgbase.freebsd.org: Address family for host not
supported" (and I get it now, the SRV looking is a pkg-specific behaviour).

My problem is resolved, the bug may be closed. However, I think the certificate
error should be more clearly reported in the pkg logs.

(package signing with HTTP was good enough IMHO, and the security of HTTPS here
is not obvious: the certificate is checked against whatever the SRV lookup
returned and pkg/libfetch resolver does not seem to check for DNSSEC)

-- 
You are receiving this mail because:
You are the assignee for the bug.