From owner-freebsd-questions@freebsd.org Fri Oct 1 01:15:00 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A9FC2674327 for ; Fri, 1 Oct 2021 01:15:00 +0000 (UTC) (envelope-from tech-lists@zyxst.net) Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4HLBwz1Pwyz58s1 for ; Fri, 1 Oct 2021 01:14:59 +0000 (UTC) (envelope-from tech-lists@zyxst.net) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 25373320079B for ; Thu, 30 Sep 2021 21:14:58 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Thu, 30 Sep 2021 21:14:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zyxst.net; h= date:from:to:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm3; bh=BsUY4jHaoVz8g4keZ0wGrztQt7z coRUH/SNwfgT1MEc=; b=gwnKoMB0e1wSzFsu2u2myYSsKUWpmW8yyw8jQw56zuZ BclEo61Qiq94O0+XNhQ538of0wX1v2eYJik7vZ+auAjf4jkUcN6xDImFAmIcPseK BONGV0KcI+N2XLrtusvWnjb/+S66m7YPXWBO6RkID5v+TttaBWjMQusnTADjwnmh 5IPOd3Tef8+Wsskxe3QurOAXUnFa7iXBRdKZADfxRUFPpDoGwLQQo7TTDg5OsMGt 0vPoRbmivYPmhBobs4BWfbYoFtDAm+hMx5OpnOASZqy5HhpEMG8N/ZiaTOYVar+3 CYmE7T20fZDo8xnaIBynWAHnoaSEofnVt/n+Ddoqvyw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=BsUY4j HaoVz8g4keZ0wGrztQt7zcoRUH/SNwfgT1MEc=; b=O1/1aurhHyn5Qmea+ZD4bB SuyuF6nnM516yXogQYgq/43NFcXtc9upQJoAwPHwjg//7eF4YJ6aaZLTviErGe6E J6ts+ZGQu7e3ksUY0dg/oQFySMd6LyzcC6ZToVVDq75F7qrkjawzuJ6dE7U3y33Y vQ75czwl+sig+UkiHYN0S+t1G2EhUf4E9ALVCUz54xk5xWvzMOnbQlWXCspfeJQM VRNYl+0M1K/rLpoEbKCdXBiBF/LBNPTByGsM9Ko2yjboOS7fEFwo9/Qmo9BPQgmG kOEc9Di6UG8YbsUl/5dPrTMUo9O1K7g5iIHZxVtnivk8C/Ol6OS6Y4FLT6AuEbKA == X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrudekhedggeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujgesghdtre ertddtudenucfhrhhomhepthgvtghhqdhlihhsthhsuceothgvtghhqdhlihhsthhsseii hiigshhtrdhnvghtqeenucggtffrrghtthgvrhhnpeevffeujefggefhfeekudetvdehtd ehudfgffeigeefveefheegvddvtdehffeljeenucevlhhushhtvghrufhiiigvpedtnecu rfgrrhgrmhepmhgrihhlfhhrohhmpehtvggthhdqlhhishhtshesiiihgihsthdrnhgvth X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Thu, 30 Sep 2021 21:14:57 -0400 (EDT) Date: Fri, 1 Oct 2021 02:14:55 +0100 From: tech-lists To: freebsd-questions@freebsd.org Subject: Re: expired Lets Encrypt CA and fetch Message-ID: Mail-Followup-To: freebsd-questions@freebsd.org References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="/aLlHImdz615w1yu" Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 4HLBwz1Pwyz58s1 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=zyxst.net header.s=fm3 header.b=gwnKoMB0; dkim=pass header.d=messagingengine.com header.s=fm3 header.b="O1/1aurh"; dmarc=none; spf=none (mx1.freebsd.org: domain of tech-lists@zyxst.net has no SPF policy when checking 64.147.123.25) smtp.mailfrom=tech-lists@zyxst.net X-Spamd-Result: default: False [-6.50 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; MID_RHS_MATCH_FROMTLD(0.00)[]; DKIM_TRACE(0.00)[zyxst.net:+,messagingengine.com:+]; NEURAL_HAM_SHORT(-1.00)[-1.000]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:11403, ipnet:64.147.123.0/24, country:US]; RCVD_IN_DNSWL_LOW(-0.10)[64.147.123.25:from]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[zyxst.net:s=fm3,messagingengine.com:s=fm3]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[zyxst.net]; RCPT_COUNT_ONE(0.00)[1]; DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim]; R_SPF_NA(0.00)[no SPF record]; RWL_MAILSPIKE_POSSIBLE(0.00)[64.147.123.25:from]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Oct 2021 01:15:00 -0000 --/aLlHImdz615w1yu Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, On Thu, Sep 30, 2021 at 11:46:50AM -0400, mike tancsa wrote: >fails on releng11 and some RELENG_12, but not recent releng13.=A0 Does >anyone know whats going on and why its so inconsistent ? If I remove the >expired CA entry from the bundle, it works but I dont have to on all >clients ? Anyone know whats going on ? It fails for me on 12.2-p7 and 13.0-p4 and stable/13 as of a few days ago with fetch. On the stable/13 the site works in firefox-93.0,2 On lynx-2.8.9.1_1,1 on the same system I get a warning if I want to continue as it's expired (n) choose (y) and it loads On 12.2-p7 lynx-current-2.9.0d9 is the same. I have no clue why your recent releng13 works. Maybe your fetch on=20 there is linked to the ssl a browser would use?=20 --=20 J. --/aLlHImdz615w1yu Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE8n3tWhxW11Ccvv9/s8o7QhFzNAUFAmFWYQUACgkQs8o7QhFz NAWoERAAiNEeGpDw3R25bUxbnMKUE11HXAKVeneHLvyiriLtkLZ80hbW4U1VtR3F Am3qONyG4e9/xidnZAqTlRzhwQXUud22iRmzNpessg3+GzAiQFBGBx1T8kfrEfuh NcVPE6e2XJ3HJtQRpM0CmmQMb5JuUPxa6mfhGw80x0ES4ZnHuVJHFPB24mAaXB1z swifx+wIrM4rFf9J3zcJs+aQREXRsV2yfzovSH5uZXgXpd8Fp/JWkdkiZetTrj/W zZJcdP8S1BcJUDi/JWNe0z5hZAr3lTE0FgOPyeohiG90H1o5HBq55xkhHOjtec0E pvRtSV2Nl8STN9VzVnyEMGDY9H0JZdrWTIVmSDUfEMQHyC0WUkCMmThps82NXPs0 Kykd35Etts+FDKND5JPXQTC9m9AZDpamkB2NdcPrI7Pmbu9wuHnGhW4Z31MHyjhD nEn1jDAJJ/5HIX01BxpZ38TeIzVfnxHWTALx8BS+wJgDxtMj2lz8Y9B8Ta+Tmm7a VNjicRe3E7jRAWUc6gn5Y0MxL1ECl8OKdAxsWVttrm4iPO4t3Sv7HcMblXqj63Da lRYRHRtalQWEpKBGyGeHdXD3h2mJ31svGoxGX41rNjL2aKUE18OaZV41W72VJttt kRwQvRbIpLE1UDqxhnDmnXjcp60oIAqBQ8oK97f+owlxjJTiiU4= =2UQD -----END PGP SIGNATURE----- --/aLlHImdz615w1yu--