net/openntpd with constraint stops working after recent security/ca_root_nss upgrade
Date: Sat, 07 Oct 2023 14:59:31 UTC
Hi I am running net/openntpd with a constraint: … constraint from "9.9.9.9" After the recent upgrade of security/ca_root_nss to 3.93_1 I noticed a lot of warning messages (see end of mail). Now, net/openntpd 6.8p1_7,2 stopped working: Oct 7 09:39:53 <daemon.err> kaan-bock ntpd[932]: constraints configured but none available Oct 7 09:39:53 <daemon.crit> kaan-bock ntpd[934]: constraint: failed to load constraint ca I had to remove that constraint from ntpd.conf in order to get ntpd working again. Is this a bug or feature with recent security/ca_root_nss? Thanks and regards, Michael [13/58] Extracting ca_root_nss-3.93_1: 100% Scanning /usr/share/certs/untrusted for certificates... Scanning /usr/share/certs/trusted for certificates... Skipping untrusted certificate /usr/share/certs/trusted/AddTrust_External_Root.pem (/etc/ssl/untrusted/157753a5.0) Skipping untrusted certificate /usr/share/certs/trusted/AddTrust_Low-Value_Services_Root.pem (/etc/ssl/untrusted/861a399d.0) Skipping untrusted certificate /usr/share/certs/trusted/Camerfirma_Chambers_of_Commerce_Root.pem (/etc/ssl/untrusted/f90208f7.0) Skipping untrusted certificate /usr/share/certs/trusted/Camerfirma_Global_Chambersign_Root.pem (/etc/ssl/untrusted/cb59f961.0) Skipping untrusted certificate /usr/share/certs/trusted/Certum_Root_CA.pem (/etc/ssl/untrusted/442adcac.0) Skipping untrusted certificate /usr/share/certs/trusted/Chambers_of_Commerce_Root_-_2008.pem (/etc/ssl/untrusted/c47d9980.0) Skipping untrusted certificate /usr/share/certs/trusted/D-TRUST_Root_CA_3_2013.pem (/etc/ssl/untrusted/0b7c536a.0) Skipping untrusted certificate /usr/share/certs/trusted/EC-ACC.pem (/etc/ssl/untrusted/349f2832.0) Skipping untrusted certificate /usr/share/certs/trusted/EE_Certification_Centre_Root_CA.pem (/etc/ssl/untrusted/128805a3.0) Skipping untrusted certificate /usr/share/certs/trusted/GeoTrust_Global_CA.pem (/etc/ssl/untrusted/2c543cd1.0) Skipping untrusted certificate /usr/share/certs/trusted/GeoTrust_Primary_Certification_Authority_-_G2.pem (/etc/ssl/untrusted/116bf586.0) Skipping untrusted certificate /usr/share/certs/trusted/GeoTrust_Primary_Certification_Authority_-_G3.pem (/etc/ssl/untrusted/e2799e36.0) Skipping untrusted certificate /usr/share/certs/trusted/GeoTrust_Primary_Certification_Authority.pem (/etc/ssl/untrusted/480720ec.0) Skipping untrusted certificate /usr/share/certs/trusted/GeoTrust_Universal_CA_2.pem (/etc/ssl/untrusted/8867006a.0) Skipping untrusted certificate /usr/share/certs/trusted/GeoTrust_Universal_CA.pem (/etc/ssl/untrusted/ad088e1d.0) Skipping untrusted certificate /usr/share/certs/trusted/Global_Chambersign_Root_-_2008.pem (/etc/ssl/untrusted/0c4c9b6c.0) Skipping untrusted certificate /usr/share/certs/trusted/LuxTrust_Global_Root_2.pem (/etc/ssl/untrusted/def36a68.0) Skipping untrusted certificate /usr/share/certs/trusted/OISTE_WISeKey_Global_Root_GA_CA.pem (/etc/ssl/untrusted/b1b8a7f3.0) Skipping untrusted certificate /usr/share/certs/trusted/QuoVadis_Root_CA.pem (/etc/ssl/untrusted/080911ac.0) Skipping untrusted certificate /usr/share/certs/trusted/Sonera_Class_2_Root_CA.pem (/etc/ssl/untrusted/9c2e7d30.0) Skipping untrusted certificate /usr/share/certs/trusted/Staat_der_Nederlanden_Root_CA_-_G2.pem (/etc/ssl/untrusted/5c44d531.0) Skipping untrusted certificate /usr/share/certs/trusted/Staat_der_Nederlanden_Root_CA_-_G3.pem (/etc/ssl/untrusted/5a4d6896.0) Skipping untrusted certificate /usr/share/certs/trusted/SwissSign_Platinum_CA_-_G2.pem (/etc/ssl/untrusted/a8dee976.0) Skipping untrusted certificate /usr/share/certs/trusted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.pem (/etc/ssl/untrusted/62744ee1.0) Skipping untrusted certificate /usr/share/certs/trusted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem (/etc/ssl/untrusted/26312675.0) Skipping untrusted certificate /usr/share/certs/trusted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.pem (/etc/ssl/untrusted/4d4ba017.0) Skipping untrusted certificate /usr/share/certs/trusted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem (/etc/ssl/untrusted/1320b215.0) Skipping untrusted certificate /usr/share/certs/trusted/Taiwan_GRCA.pem (/etc/ssl/untrusted/6410666e.0) Skipping untrusted certificate /usr/share/certs/trusted/thawte_Primary_Root_CA_-_G2.pem (/etc/ssl/untrusted/c089bbbd.0) Skipping untrusted certificate /usr/share/certs/trusted/thawte_Primary_Root_CA_-_G3.pem (/etc/ssl/untrusted/ba89ed3b.0) Skipping untrusted certificate /usr/share/certs/trusted/thawte_Primary_Root_CA.pem (/etc/ssl/untrusted/2e4eed3c.0) Skipping untrusted certificate /usr/share/certs/trusted/Trustis_FPS_Root_CA.pem (/etc/ssl/untrusted/d853d49e.0) Skipping untrusted certificate /usr/share/certs/trusted/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem (/etc/ssl/untrusted/ee1365c0.0) Skipping untrusted certificate /usr/share/certs/trusted/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem (/etc/ssl/untrusted/dc45b0bd.0) Skipping untrusted certificate /usr/share/certs/trusted/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem (/etc/ssl/untrusted/c0ff1f52.0) Skipping untrusted certificate /usr/share/certs/trusted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem (/etc/ssl/untrusted/7d0b38bd.0) Skipping untrusted certificate /usr/share/certs/trusted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem (/etc/ssl/untrusted/b204d74a.0) Skipping untrusted certificate /usr/share/certs/trusted/VeriSign_Universal_Root_Certification_Authority.pem (/etc/ssl/untrusted/c01cdfa2.0) Scanning /usr/local/share/certs for certificates...