Date: Sun, 14 May 2023 16:54:09 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 271418] devel/ocaml-opam: strange certificate problem Message-ID: <bug-271418-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D271418 Bug ID: 271418 Summary: devel/ocaml-opam: strange certificate problem Product: Ports & Packages Version: Latest Hardware: arm64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: alexey@ocaml.nl CC: hannes@mehnert.org CC: hannes@mehnert.org Flags: maintainer-feedback?(hannes@mehnert.org) I have FreeBSD 13.2 / arm64 machine in the cloud. Recently it has developed= a strange problem: opam update does not work anymore (it was before): =E2=9D=AF opam update <><> Updating package repositories ><><><><><><><><><><><><><><><><><><><><><><> [ERROR] Could not update repository "default": OpamDownload.Download_fail(_, "Download command failed: \"/usr/bin/fetch -o /tmp/opam-1764-d4375b/index.tar.gz.part --user-agent opam/2.1.2 -- https://opam.ocaml.org/index.tar.gz\" exited with code 1 \"5612291346432:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:\"") Indeed, fetch fails: =E2=9D=AF fetch https://opam.ocaml.org/index.tar.gz Certificate verification failed for /C=3D--/ST=3DSomeState/L=3DSomeCity/O=3DSomeOrganization/OU=3DSomeOrganizat= ionalUnit/CN=3Dscw-serene-panini/emailAddress=3Droot@scw-serene-panini 109905102000128:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921: fetch: https://opam.ocaml.org/index.tar.gz: Authentication error OpenSSL produces something that does not look good and is vastly different = from my home FreeBSD / amd64 machines: CONNECTED(00000004) depth=3D0 C =3D --, ST =3D SomeState, L =3D SomeCity, O =3D SomeOrganizatio= n, OU =3D SomeOrganizationalUnit, CN =3D scw-serene-panini, emailAddress =3D root@scw-serene-panini verify error:num=3D18:self signed certificate verify return:1 depth=3D0 C =3D --, ST =3D SomeState, L =3D SomeCity, O =3D SomeOrganizatio= n, OU =3D SomeOrganizationalUnit, CN =3D scw-serene-panini, emailAddress =3D root@scw-serene-panini verify return:1 --- Certificate chain 0 s:C =3D --, ST =3D SomeState, L =3D SomeCity, O =3D SomeOrganization, OU= =3D SomeOrganizationalUnit, CN =3D scw-serene-panini, emailAddress =3D root@scw-serene-panini i:C =3D --, ST =3D SomeState, L =3D SomeCity, O =3D SomeOrganization, OU= =3D SomeOrganizationalUnit, CN =3D scw-serene-panini, emailAddress =3D root@scw-serene-panini --- ... Just in case I have tried to remove /usr/local/etc/ssl/cert.pem and reinsta= ll security/ca_root_nss, to no avail (pkg works). I have another machine (albeit Ubuntu / amd64) in the same cloud, where ope= nssl returns the same result as above, and opam update works. What am I doing wr= ong? =E2=9D=AF opam --version 2.1.2 =E2=9D=AF uname -a FreeBSD tuathal 13.2-RELEASE FreeBSD 13.2-RELEASE releng/13.2-n254617-525ecfdad597 GENERIC arm64 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-271418-7788>