[Bug 193871] New: Certificates in /etc/ssl/certs not considered by pkg and fetch
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Sep 23 12:42:11 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193871
Bug ID: 193871
Summary: Certificates in /etc/ssl/certs not considered by pkg
and fetch
Product: Base System
Version: 9.3-RELEASE
Hardware: Any
OS: Any
Status: Needs Triage
Severity: Affects Many People
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: freebsd.ports at webstyle.ch
I'm trying to set up a pkg repository (with poudriere) accessible via HTTPS.
However, running 'pkg update' I'm getting errors like:
Certificate verification failed for /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
4286:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:997:
Doing some investigation with ktrace/kdump, pkg doesn't seem to access content
under /etc/ssl/certs at all and fetch only tries to read the inexistent file
/etc/ssl/cert.pem.
The certificates however are properly installed and 'openssl verify
thecert.pem' prints "OK":
# for cert in /etc/ssl/certs/*; do echo $cert; openssl x509 -noout -issuer
-subject -hash < $cert; echo; done
/etc/ssl/certs/2f2c2f7c.0
issuer= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
subject= /C=US/O=GeoTrust, Inc./CN=RapidSSL CA
2f2c2f7c
/etc/ssl/certs/594f1775.0
issuer= /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
subject= /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
594f1775
/etc/ssl/certs/7999be0d.0
issuer= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
subject= /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
7999be0d
# openssl verify thecert.pem
thecert.pem: OK
Is it true that pkg or fetch do not properly support SSL?
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list