[Bug 222109] sysutils/vm-bhyve: should depend on security/ca_root_nss
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Sep 6 19:00:31 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222109
Bug ID: 222109
Summary: sysutils/vm-bhyve: should depend on
security/ca_root_nss
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: asomers at FreeBSD.org
CC: churchers at gmail.com, ports-secteam at FreeBSD.org
CC: churchers at gmail.com, ports-secteam at FreeBSD.org
"vm iso" uses fetch(1) to download iso files. A major source of iso files is
download.freebsd.org. If no other source of certificates has been installed,
fetch will use OpenSSL's default CA cert and path settings, but those don't
recognize the Let's Encrypt certificate used by download.freebsd.org. The
result is an error like this one:
$ sudo vm iso
https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-bootonly.iso
Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt
Authority X3
34374362520:error:14090086:SSL routines:ssl3_get_server_certificate:certificate
verify failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1264:
fetch:
https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeBSD-11.1-RELEASE-amd64-bootonly.iso:
Authentication error
Installing security/ca_root_nss provides an alternative bundle of root
certificates, which do trust download.freebsd.org. Since download.freebsd.org
is so critically important to most vm-bhyve users, security/ca_root_nss should
be a RUN_DEPENDS.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list