From owner-freebsd-ports@freebsd.org  Mon Jun  5 21:54:05 2017
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2612CB7B375
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Mon,  5 Jun 2017 21:54:05 +0000 (UTC)
 (envelope-from fullermd@over-yonder.net)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 0F16B6F2D4
 for <freebsd-ports@freebsd.org>; Mon,  5 Jun 2017 21:54:05 +0000 (UTC)
 (envelope-from fullermd@over-yonder.net)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 0ABEFB7B373; Mon,  5 Jun 2017 21:54:05 +0000 (UTC)
Delivered-To: ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 088CBB7B372
 for <ports@mailman.ysv.freebsd.org>; Mon,  5 Jun 2017 21:54:05 +0000 (UTC)
 (envelope-from fullermd@over-yonder.net)
Received: from mail.infocus-llc.com (mail.infocus-llc.com [199.15.120.13])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id D2AAF6F2D3
 for <ports@FreeBSD.org>; Mon,  5 Jun 2017 21:54:04 +0000 (UTC)
 (envelope-from fullermd@over-yonder.net)
Received: from draco.over-yonder.net (c-75-65-60-66.hsd1.ms.comcast.net
 [75.65.60.66])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.tarragon.infocus-llc.com (Postfix) with ESMTPSA id 3whT3W1v8Pznr;
 Mon,  5 Jun 2017 16:48:55 -0500 (CDT)
Received: by draco.over-yonder.net (Postfix, from userid 100)
 id 3whT3V44Jwz4Gn; Mon,  5 Jun 2017 16:48:54 -0500 (CDT)
Date: Mon, 5 Jun 2017 16:48:54 -0500
From: "Matthew D. Fuller" <fullermd@over-yonder.net>
To: Marcin Cieslak <saper@saper.info>
Cc: ports@FreeBSD.org
Subject: Re: Hosting distfiles on HTTPS w/Let's Encrypt - how? [somehow solved]
Message-ID: <20170605214854.GE79904@over-yonder.net>
References: <nycvar.OFS.7.76.1705312355300.37923@z.fncre.vasb>
 <nycvar.OFS.7.76.6.1706042146350.19072@z.fncre.vasb>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <nycvar.OFS.7.76.6.1706042146350.19072@z.fncre.vasb>
X-Editor: vi
X-OS: FreeBSD <http://www.freebsd.org/>
User-Agent: Mutt/1.8.2 (2017-04-18)
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Jun 2017 21:54:05 -0000

On Sun, Jun 04, 2017 at 09:48:02PM +0000 I heard the voice of
Marcin Cieslak, and lo! it spake thus:
> 
> My temporary solution to this problem is to pin the CA certificate
> in the port itself:

Err...

> -FETCH_ENV=     HTTP_AUTH=basic:*:I\ accept\ www.opensource.org/licenses/cpl:.
> +FETCH_ARGS+=   --ca-cert="${FILESDIR}/dst_root_ca_x3.crt"

bsd.port.mk already sets

FETCH_ENV?=     SSL_NO_VERIFY_PEER=1 SSL_NO_VERIFY_HOSTNAME=1

itself (on !makesum).  If you don't need that FETCH_ENV at all, you
wouldn't need the _ARGS either (and if you do need the _ENV, you'd
probably want to pull in the default as well to match...)


-- 
Matthew Fuller     (MF4839)   |  fullermd@over-yonder.net
Systems/Network Administrator |  http://www.over-yonder.net/~fullermd/
           On the Internet, nobody can hear you scream.