From owner-freebsd-ports@freebsd.org Mon Jun 5 21:54:05 2017 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2612CB7B375 for ; Mon, 5 Jun 2017 21:54:05 +0000 (UTC) (envelope-from fullermd@over-yonder.net) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 0F16B6F2D4 for ; Mon, 5 Jun 2017 21:54:05 +0000 (UTC) (envelope-from fullermd@over-yonder.net) Received: by mailman.ysv.freebsd.org (Postfix) id 0ABEFB7B373; Mon, 5 Jun 2017 21:54:05 +0000 (UTC) Delivered-To: ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 088CBB7B372 for ; Mon, 5 Jun 2017 21:54:05 +0000 (UTC) (envelope-from fullermd@over-yonder.net) Received: from mail.infocus-llc.com (mail.infocus-llc.com [199.15.120.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D2AAF6F2D3 for ; Mon, 5 Jun 2017 21:54:04 +0000 (UTC) (envelope-from fullermd@over-yonder.net) Received: from draco.over-yonder.net (c-75-65-60-66.hsd1.ms.comcast.net [75.65.60.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.tarragon.infocus-llc.com (Postfix) with ESMTPSA id 3whT3W1v8Pznr; Mon, 5 Jun 2017 16:48:55 -0500 (CDT) Received: by draco.over-yonder.net (Postfix, from userid 100) id 3whT3V44Jwz4Gn; Mon, 5 Jun 2017 16:48:54 -0500 (CDT) Date: Mon, 5 Jun 2017 16:48:54 -0500 From: "Matthew D. Fuller" To: Marcin Cieslak Cc: ports@FreeBSD.org Subject: Re: Hosting distfiles on HTTPS w/Let's Encrypt - how? [somehow solved] Message-ID: <20170605214854.GE79904@over-yonder.net> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Editor: vi X-OS: FreeBSD User-Agent: Mutt/1.8.2 (2017-04-18) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Jun 2017 21:54:05 -0000 On Sun, Jun 04, 2017 at 09:48:02PM +0000 I heard the voice of Marcin Cieslak, and lo! it spake thus: > > My temporary solution to this problem is to pin the CA certificate > in the port itself: Err... > -FETCH_ENV= HTTP_AUTH=basic:*:I\ accept\ www.opensource.org/licenses/cpl:. > +FETCH_ARGS+= --ca-cert="${FILESDIR}/dst_root_ca_x3.crt" bsd.port.mk already sets FETCH_ENV?= SSL_NO_VERIFY_PEER=1 SSL_NO_VERIFY_HOSTNAME=1 itself (on !makesum). If you don't need that FETCH_ENV at all, you wouldn't need the _ARGS either (and if you do need the _ENV, you'd probably want to pull in the default as well to match...) -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ On the Internet, nobody can hear you scream.