[Bug 193871] New: Certificates in /etc/ssl/certs not considered by pkg and fetch

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Tue Sep 23 12:42:11 UTC 2014


            Bug ID: 193871
           Summary: Certificates in /etc/ssl/certs not considered by pkg
                    and fetch
           Product: Base System
           Version: 9.3-RELEASE
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: freebsd.ports at webstyle.ch

I'm trying to set up a pkg repository (with poudriere) accessible via HTTPS.
However, running 'pkg update' I'm getting errors like:
Certificate verification failed for /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
4286:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
Doing some investigation with ktrace/kdump, pkg doesn't seem to access content
under /etc/ssl/certs at all and fetch only tries to read the inexistent file

The certificates however are properly installed and 'openssl verify
thecert.pem' prints "OK":
# for cert in /etc/ssl/certs/*; do echo $cert; openssl x509 -noout -issuer
-subject -hash < $cert; echo; done
issuer= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
subject= /C=US/O=GeoTrust, Inc./CN=RapidSSL CA

issuer= /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
subject= /C=US/O=Equifax/OU=Equifax Secure Certificate Authority

issuer= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
subject= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA

# openssl verify thecert.pem
thecert.pem: OK

Is it true that pkg or fetch do not properly support SSL?

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list