Re: Random failures: "unable to get local issuer certificate"
Date: Wed, 12 Jan 2022 11:05:43 UTC
Hi, Is that possible that the destination is the culprit? $ host sh.rustup.rs sh.rustup.rs is an alias for dks7yomi95k2d.cloudfront.net. dks7yomi95k2d.cloudfront.net has address 54.192.66.29 dks7yomi95k2d.cloudfront.net has address 54.192.66.52 dks7yomi95k2d.cloudfront.net has address 54.192.66.99 dks7yomi95k2d.cloudfront.net has address 54.192.66.5 dks7yomi95k2d.cloudfront.net has IPv6 address 2600:9000:2022:b200:0:9a61:7540:93a1 dks7yomi95k2d.cloudfront.net has IPv6 address 2600:9000:2022:5400:0:9a61:7540:93a1 dks7yomi95k2d.cloudfront.net has IPv6 address 2600:9000:2022:5e00:0:9a61:7540:93a1 dks7yomi95k2d.cloudfront.net has IPv6 address 2600:9000:2022:ee00:0:9a61:7540:93a1 dks7yomi95k2d.cloudfront.net has IPv6 address 2600:9000:2022:f600:0:9a61:7540:93a1 dks7yomi95k2d.cloudfront.net has IPv6 address 2600:9000:2022:1200:0:9a61:7540:93a1 dks7yomi95k2d.cloudfront.net has IPv6 address 2600:9000:2022:a400:0:9a61:7540:93a1 dks7yomi95k2d.cloudfront.net has IPv6 address 2600:9000:2022:2600:0:9a61:7540:93a1 may be (I have not tested) the result is different depending on DNS reply. patpro January 12, 2022 11:56 AM, "Axel Rau" <Axel.Rau@chaos1.de> wrote: > Hi all, > > I’m running the download > curl https://sh.rustup.rs -sSf | sh > this works fine, but the rust installer it calls fails on random hosts > and jails with > > error sending request \ > for url (https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256): \ > error trying to connect: error:1416F086:SSL \ > routines:tls_process_server_certificate:certificate \ > verify failed:ssl/statem/statem_clnt.c:1915: \ > (unable to get local issuer certificate) > > All tested systems/jails are running 12.2p7 and habe identical cert stores, > kept up-to-date with freebsd-update. > OpenSSL 1.1.1h-freebsd from base. > > Which knobs are influencing local issuer list? > Where can I dig to resolve this issue? > > Any help appreciated, > Axel > --- > PGP-Key: CDE74120 ☀ computing @ chaos claudius