Date: Mon, 13 Dec 2021 14:31:40 +0000 From: tech-lists <tech-lists@zyxst.net> To: freebsd-questions@freebsd.org Cc: pkg@freebsd.org Subject: ssl errors with pkg.freebsd.org and recent stable/13 and poudriere-devel (amd64) Message-ID: <YbdZTOF5SrZQzSbU@ceres.zyxst.net>
next in thread | raw e-mail | index | archive | help
--DCvqdQlYoD+4OTNA Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, (not quite sure where this should go, hence Cc: to pkg@) context: stable/13-n248258-2b890871f7d, built Nov 29th ca_root_nss-3.71 % uname -mKU amd64 1300522 1300522 poudriere-devel-3.3.99.20211130 using the following in poudriere.conf: [...] # Set to always attempt to fetch packages or dependencies before building. # XXX: This is subject to change # Default: off; requires -b <branch> for bulk or testport. PACKAGE_FETCH_BRANCH=3Dlatest # The branch will be appended to the URL: PACKAGE_FETCH_URL=3Dpkg+https://pkg.FreeBSD.org/\${ABI} # Packages which should never be fetched. This is useful for ports that # you have local patches for as otherwise the patches would be ignored if # a remote package is used instead. #PACKAGE_FETCH_BLACKLIST=3D"" # Alternatively a whitelist can be created to only allow specific packages = to # be fetched. # Default: everything PACKAGE_FETCH_WHITELIST=3D"gcc* rust* llvm* ghc* hs* qt5-webe* texlive*" [ends] I see the following output from poudriere when it tries to connect to=20 https://pkg.freebsd.org : [...] [00:02:01] Calculating ports order and dependencies [00:02:14] Trimming IGNORED and blacklisted ports [00:02:14] Ignoring security/gputty | gputty-0.9.10: is marked as broken: U= nfetchable [00:02:15] Package fetch: Looking for missing packages to fetch from pkg+ht= tps://pkg.FreeBSD.org/${ABI}/latest Updating FreeBSD repository catalogue... Certificate verification failed for /CN=3Dpkg.freebsd.org 34372419584:error:1416F086:SSL routines:tls_process_server_certificate:cert= ificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1916: Certificate verification failed for /CN=3Dpkg.freebsd.org 34372419584:error:1416F086:SSL routines:tls_process_server_certificate:cert= ificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1916: Certificate verification failed for /CN=3Dpkg.freebsd.org 34372419584:error:1416F086:SSL routines:tls_process_server_certificate:cert= ificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1916: [...] eventually this happens: [...] Unable to update repository FreeBSD Error updating repositories! [00:02:37] Cleaning up [00:02:41] Unmounting file systems [...] By default, in poudriere.conf, this line: PACKAGE_FETCH_URL=3Dpkg+https://pkg.FreeBSD.org/\${ABI} is htt*p* not https. I can work around the problem by changing it back to http. But the exact sa= me=20 config (apart from the http being https) on a -current system=20 (main-n251261-25d0ccbe101 built Dec 2nd), works. Why doesn't it work on rec= ent=20 stable/13? fetch works for https: % fetch https://pkg.freebsd.org/FreeBSD:13:amd64/latest/packagesite.pkg packagesite.pkg 6554 kB 2906 kBps = 02s % fetch https://pkg.freebsd.org/FreeBSD:13:amd64/latest/packagesite.txz packagesite.txz 6554 kB 3906 kBps = 01s I rebuilt ca_root_nss and poudriere-devel from a ports tree updated=20 today Mon Dec 13 12:20:14 n568073 =20 poudriere-devel options: Options : BASH : on CERTS : on DIALOG4PORTS : on EXAMPLES : on QEMU : on ZSH : on Annotations : FreeBSD_version: 1300522 thanks, --=20 J. --DCvqdQlYoD+4OTNA Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE8n3tWhxW11Ccvv9/s8o7QhFzNAUFAmG3WUAACgkQs8o7QhFz NAX63A//bTwDxXA5coDP5DoQB5t/gwNPEkZ07HPHWblUq8947/8uqOKaCKgm0X35 ymXNTuF4K28G2BULBM8OIdPBR8Aij4/aUawfTBpFynY3OkCpsxoJnRmPvf156Vqi wmTG8L4cZa+Tfm/CFTdl33t12KprbytgEf7BRdOjxF58ZHafQlbesx/WAnbKW4tK b8oYPExDyasYrQ6nUuIdO5DKa3tm4Om8fnM/2/1r7YE2K5Ps4RFyOtSUOZ7bBqp6 Gp+tTZ0lgXBSHaYpc0ZvqO6M4by8x7HibZjlLHVoQBAopQn0IQ9e1Yojg/NFa0aq k6vqDrdGuVf24MbVs9wnA7QZymAJduRfbq0/dVcb+vlLmr6R35kEvHfz7CAIB+Mv lh9+ZhFVNQ9iyYlw4hs8ROsbiOEjWQeJnIlj/uosi9oeDrIVqIb8Y6eTUUtlsgcH cKOg7MH38HivL7WLURXPXeFGlj4j9tmsK06rbF8STBwnp9IsWLQ8ib6uoewUu8tU AXqnHLYKAl6KpGqRv1R2JCkHhzLUyroAmcmpRSxRp+ibkBrxNzY/OjRw7NPAhrYx qXDZXNR3SjhFApGA9PUGK2SV9nmzBguwXS+DJDwsni1znkmdAaSQ0bl39F+y3OO5 NvIoW1nku7dj6BK3h8JJEAkpM5OTVaWuAsYqlP+8MIy2iZdDdw4= =uIKZ -----END PGP SIGNATURE----- --DCvqdQlYoD+4OTNA--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YbdZTOF5SrZQzSbU>