From owner-freebsd-arm@freebsd.org  Mon Jul 16 01:53:09 2018
Return-Path: <owner-freebsd-arm@freebsd.org>
Delivered-To: freebsd-arm@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B41881034FA3
 for <freebsd-arm@mailman.ysv.freebsd.org>;
 Mon, 16 Jul 2018 01:53:09 +0000 (UTC)
 (envelope-from freebsd-arm@sentry.org)
Received: from shadow.sentry.org (shadow.sentry.org [210.8.237.106])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "shadow.sentry.org",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id D7FC67A0A2
 for <freebsd-arm@freebsd.org>; Mon, 16 Jul 2018 01:53:08 +0000 (UTC)
 (envelope-from freebsd-arm@sentry.org)
Received: from shadow.sentry.org (localhost [127.0.0.1])
 by shadow.sentry.org (8.15.2/8.15.2) with ESMTP id w6G1qwAF075811
 for <freebsd-arm@freebsd.org>; Mon, 16 Jul 2018 11:52:58 +1000 (AEST)
 (envelope-from freebsd-arm@sentry.org)
Subject: Re: Problem with Fetch using Let's Encrypt Certificates on Arm?
To: freebsd-arm@freebsd.org
References: <CABx9NuSQn+zK3UK+Ox3MWe67cMLSKdWgFJX18R-8n=q7Ea=9VQ@mail.gmail.com>
From: Trev <freebsd-arm@sentry.org>
Message-ID: <f63e2556-d37f-efc7-f7cd-7b55ee31aeec@sentry.org>
Date: Mon, 16 Jul 2018 11:52:58 +1000
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Firefox/52.0 SeaMonkey/2.49.4
MIME-Version: 1.0
In-Reply-To: <CABx9NuSQn+zK3UK+Ox3MWe67cMLSKdWgFJX18R-8n=q7Ea=9VQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2
 (shadow.sentry.org [0.0.0.0]); Mon, 16 Jul 2018 11:52:58 +1000 (AEST)
X-BeenThere: freebsd-arm@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Porting FreeBSD to ARM processors." <freebsd-arm.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-arm>,
 <mailto:freebsd-arm-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arm/>
List-Post: <mailto:freebsd-arm@freebsd.org>
List-Help: <mailto:freebsd-arm-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-arm>,
 <mailto:freebsd-arm-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jul 2018 01:53:09 -0000

Russell Haley wrote on 16/07/2018 08:41:
> I'm attempting to pull in a patch from the reviews board and I get the
> following error:
> 
> freebsd@imx6:~ % fetch
> https://reviews.freebsd.org/file/data/wa7jc7bpnhvjhm5espm7/PHID-FILE-6tz3dv32poii5fmqh5ve/D13690.diff
> Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt
> Authority X3
> 539735016:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify
> failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269:
[...]
> Thoughts?

Do you have ca_root_nss-3.38 - Root certificate bundle from the Mozilla 
Project installed?