Date: Sat, 7 Oct 2023 16:59:31 +0200 From: Michael Grimm <trashcan@ellael.org> To: freebsd-ports@freebad.org, freebsd-security@freebsd.org Subject: net/openntpd with constraint stops working after recent security/ca_root_nss upgrade Message-ID: <123E9280-CBF1-4E00-B803-86AE4438C9D7@ellael.org>
next in thread | raw e-mail | index | archive | help
Hi I am running net/openntpd with a constraint: =E2=80=A6 constraint from "9.9.9.9" After the recent upgrade of security/ca_root_nss to 3.93_1 I noticed a = lot of warning messages (see end of mail). Now, net/openntpd 6.8p1_7,2 stopped working: Oct 7 09:39:53 <daemon.err> kaan-bock ntpd[932]: constraints = configured but none available Oct 7 09:39:53 <daemon.crit> kaan-bock ntpd[934]: constraint: = failed to load constraint ca I had to remove that constraint from ntpd.conf in order to get ntpd = working again. Is this a bug or feature with recent security/ca_root_nss? Thanks and regards, Michael [13/58] Extracting ca_root_nss-3.93_1: 100% Scanning /usr/share/certs/untrusted for certificates... Scanning /usr/share/certs/trusted for certificates... Skipping untrusted certificate = /usr/share/certs/trusted/AddTrust_External_Root.pem = (/etc/ssl/untrusted/157753a5.0) Skipping untrusted certificate = /usr/share/certs/trusted/AddTrust_Low-Value_Services_Root.pem = (/etc/ssl/untrusted/861a399d.0) Skipping untrusted certificate = /usr/share/certs/trusted/Camerfirma_Chambers_of_Commerce_Root.pem = (/etc/ssl/untrusted/f90208f7.0) Skipping untrusted certificate = /usr/share/certs/trusted/Camerfirma_Global_Chambersign_Root.pem = (/etc/ssl/untrusted/cb59f961.0) Skipping untrusted certificate = /usr/share/certs/trusted/Certum_Root_CA.pem = (/etc/ssl/untrusted/442adcac.0) Skipping untrusted certificate = /usr/share/certs/trusted/Chambers_of_Commerce_Root_-_2008.pem = (/etc/ssl/untrusted/c47d9980.0) Skipping untrusted certificate = /usr/share/certs/trusted/D-TRUST_Root_CA_3_2013.pem = (/etc/ssl/untrusted/0b7c536a.0) Skipping untrusted certificate /usr/share/certs/trusted/EC-ACC.pem = (/etc/ssl/untrusted/349f2832.0) Skipping untrusted certificate = /usr/share/certs/trusted/EE_Certification_Centre_Root_CA.pem = (/etc/ssl/untrusted/128805a3.0) Skipping untrusted certificate = /usr/share/certs/trusted/GeoTrust_Global_CA.pem = (/etc/ssl/untrusted/2c543cd1.0) Skipping untrusted certificate = /usr/share/certs/trusted/GeoTrust_Primary_Certification_Authority_-_G2.pem= (/etc/ssl/untrusted/116bf586.0) Skipping untrusted certificate = /usr/share/certs/trusted/GeoTrust_Primary_Certification_Authority_-_G3.pem= (/etc/ssl/untrusted/e2799e36.0) Skipping untrusted certificate = /usr/share/certs/trusted/GeoTrust_Primary_Certification_Authority.pem = (/etc/ssl/untrusted/480720ec.0) Skipping untrusted certificate = /usr/share/certs/trusted/GeoTrust_Universal_CA_2.pem = (/etc/ssl/untrusted/8867006a.0) Skipping untrusted certificate = /usr/share/certs/trusted/GeoTrust_Universal_CA.pem = (/etc/ssl/untrusted/ad088e1d.0) Skipping untrusted certificate = /usr/share/certs/trusted/Global_Chambersign_Root_-_2008.pem = (/etc/ssl/untrusted/0c4c9b6c.0) Skipping untrusted certificate = /usr/share/certs/trusted/LuxTrust_Global_Root_2.pem = (/etc/ssl/untrusted/def36a68.0) Skipping untrusted certificate = /usr/share/certs/trusted/OISTE_WISeKey_Global_Root_GA_CA.pem = (/etc/ssl/untrusted/b1b8a7f3.0) Skipping untrusted certificate = /usr/share/certs/trusted/QuoVadis_Root_CA.pem = (/etc/ssl/untrusted/080911ac.0) Skipping untrusted certificate = /usr/share/certs/trusted/Sonera_Class_2_Root_CA.pem = (/etc/ssl/untrusted/9c2e7d30.0) Skipping untrusted certificate = /usr/share/certs/trusted/Staat_der_Nederlanden_Root_CA_-_G2.pem = (/etc/ssl/untrusted/5c44d531.0) Skipping untrusted certificate = /usr/share/certs/trusted/Staat_der_Nederlanden_Root_CA_-_G3.pem = (/etc/ssl/untrusted/5a4d6896.0) Skipping untrusted certificate = /usr/share/certs/trusted/SwissSign_Platinum_CA_-_G2.pem = (/etc/ssl/untrusted/a8dee976.0) Skipping untrusted certificate = /usr/share/certs/trusted/Symantec_Class_1_Public_Primary_Certification_Aut= hority_-_G4.pem (/etc/ssl/untrusted/62744ee1.0) Skipping untrusted certificate = /usr/share/certs/trusted/Symantec_Class_1_Public_Primary_Certification_Aut= hority_-_G6.pem (/etc/ssl/untrusted/26312675.0) Skipping untrusted certificate = /usr/share/certs/trusted/Symantec_Class_2_Public_Primary_Certification_Aut= hority_-_G4.pem (/etc/ssl/untrusted/4d4ba017.0) Skipping untrusted certificate = /usr/share/certs/trusted/Symantec_Class_2_Public_Primary_Certification_Aut= hority_-_G6.pem (/etc/ssl/untrusted/1320b215.0) Skipping untrusted certificate /usr/share/certs/trusted/Taiwan_GRCA.pem = (/etc/ssl/untrusted/6410666e.0) Skipping untrusted certificate = /usr/share/certs/trusted/thawte_Primary_Root_CA_-_G2.pem = (/etc/ssl/untrusted/c089bbbd.0) Skipping untrusted certificate = /usr/share/certs/trusted/thawte_Primary_Root_CA_-_G3.pem = (/etc/ssl/untrusted/ba89ed3b.0) Skipping untrusted certificate = /usr/share/certs/trusted/thawte_Primary_Root_CA.pem = (/etc/ssl/untrusted/2e4eed3c.0) Skipping untrusted certificate = /usr/share/certs/trusted/Trustis_FPS_Root_CA.pem = (/etc/ssl/untrusted/d853d49e.0) Skipping untrusted certificate = /usr/share/certs/trusted/Verisign_Class_1_Public_Primary_Certification_Aut= hority_-_G3.pem (/etc/ssl/untrusted/ee1365c0.0) Skipping untrusted certificate = /usr/share/certs/trusted/Verisign_Class_2_Public_Primary_Certification_Aut= hority_-_G3.pem (/etc/ssl/untrusted/dc45b0bd.0) Skipping untrusted certificate = /usr/share/certs/trusted/Verisign_Class_3_Public_Primary_Certification_Aut= hority_-_G3.pem (/etc/ssl/untrusted/c0ff1f52.0) Skipping untrusted certificate = /usr/share/certs/trusted/VeriSign_Class_3_Public_Primary_Certification_Aut= hority_-_G4.pem (/etc/ssl/untrusted/7d0b38bd.0) Skipping untrusted certificate = /usr/share/certs/trusted/VeriSign_Class_3_Public_Primary_Certification_Aut= hority_-_G5.pem (/etc/ssl/untrusted/b204d74a.0) Skipping untrusted certificate = /usr/share/certs/trusted/VeriSign_Universal_Root_Certification_Authority.p= em (/etc/ssl/untrusted/c01cdfa2.0) Scanning /usr/local/share/certs for certificates...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?123E9280-CBF1-4E00-B803-86AE4438C9D7>