From nobody Wed Jan 12 12:29:48 2022 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B1019195D403 for ; Wed, 12 Jan 2022 12:30:03 +0000 (UTC) (envelope-from Axel.Rau@Chaos1.DE) Received: from mailout5.lrau.net (mailout5.lrau.net [IPv6:2a05:bec0:26:5::73]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mailout5.lrau.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JYn2L2BWMz3qrK for ; Wed, 12 Jan 2022 12:30:02 +0000 (UTC) (envelope-from Axel.Rau@Chaos1.DE) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=chaos1.de; s=email1; h=Message-Id:In-Reply-To:To:References:Date:Subject:Mime-Version: Content-Type:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=+eLEFTsp7bqqsk2sd2Hv/N7v1qc6mwgw/wKf9YsNA6c=; b=z1S89K2AKoEbuuZWpxHdC8j2LM 0poW0xoEJREs5oG/OaHVH3utcXbJj7TgDLeJhkJlKUQYV6j6aYYSX1VzwQ6625e9r8Y92BbvqqmiV t1ewHIR/9HCER2XxFq4rgCiSS8pBJ0qfvwBeqh82lQLDZDScZu/B2nXjL6x5jECvC67jxlXIV9pMV fmzsavq5n12zzA0ghBH+uXknFMtxjANmNU6GtqY/BBGN2PHxv5kZFSxaW8hmE5KWJ5iinWSyo2lU9 KIQ8+hJCmMavY0fwPa4u8ogm5uF1LycGotrjiD37fbyRRZeCZgfuah/8i2hjoWpPhc0guLTByUXtL o9F/wRcA==; Received: from [2a05:bec0:26:5::74] (helo=imap5.lrau.net) by mailout5.lrau.net with esmtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1n7clM-0007IF-3d for FreeBSD-security@FreeBSD.org; Wed, 12 Jan 2022 12:30:00 +0000 Received: from Axel.Rau@Chaos1.DE by imap5.lrau.net (Archiveopteryx 3.2.0) with esmtpsa id 1641990599-79947-78689/7/44; Wed, 12 Jan 2022 12:29:59 +0000 From: Axel Rau Content-Type: multipart/signed; protocol="application/pgp-signature"; boundary="Apple-Mail=_46AF78E5-BD2C-43D5-BDDF-1BF5167F147F"; micalg=pgp-sha256 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org Mime-Version: 1.0 Subject: Re: Random failures: "unable to get local issuer certificate" Date: Wed, 12 Jan 2022 13:29:48 +0100 References: <3a5cd966011999f62c7d66a263f12500@patpro.net> To: FreeBSD-security@FreeBSD.org In-Reply-To: <3a5cd966011999f62c7d66a263f12500@patpro.net> Message-Id: X-Mailer: Apple Mail (2.3608.120.23.2.7) X-Rspamd-Queue-Id: 4JYn2L2BWMz3qrK X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=chaos1.de header.s=email1 header.b=z1S89K2A; dmarc=none; spf=none (mx1.freebsd.org: domain of Axel.Rau@Chaos1.DE has no SPF policy when checking 2a05:bec0:26:5::73) smtp.mailfrom=Axel.Rau@Chaos1.DE X-Spamd-Result: default: False [-4.91 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[chaos1.de:s=email1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[chaos1.de:dkim]; MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,multipart/alternative,text/plain]; HAS_ATTACHMENT(0.00)[]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.92)[-0.919]; RCVD_COUNT_THREE(0.00)[3]; DMARC_NA(0.00)[Chaos1.DE]; DKIM_TRACE(0.00)[chaos1.de:+]; NEURAL_HAM_SHORT(-0.99)[-0.986]; SIGNED_PGP(-2.00)[]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:197071, ipnet:2a05:bec0::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[2a05:bec0:26:5::73:from] X-ThisMailContainsUnwantedMimeParts: N --Apple-Mail=_46AF78E5-BD2C-43D5-BDDF-1BF5167F147F Content-Type: multipart/alternative; boundary="Apple-Mail=_BA4CA67E-8199-4721-9942-92D1F920C151" --Apple-Mail=_BA4CA67E-8199-4721-9942-92D1F920C151 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > Am 12.01.2022 um 12:05 schrieb patpro@patpro.net: >=20 > may be (I have not tested) the result is different depending on DNS = reply. I don=E2=80=99t think so, as I have local resolvers which should have = cached the AAAAs. But they have no valid reverse mapping. I just saw 1 jail failing which succeded always in the past. Strange. Axel --- PGP-Key: CDE74120 =E2=98=80 computing @ chaos claudius --Apple-Mail=_BA4CA67E-8199-4721-9942-92D1F920C151 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8

Am 12.01.2022 um 12:05 schrieb patpro@patpro.net:

may be (I = have not tested) the result is different depending on DNS = reply.

I don=E2=80=99t think so, as I have local resolvers = which should have cached the AAAAs.
But  they have = no valid reverse mapping.

I just saw 1 jail failing which succeded always in the = past.

Strange.
Axel
---
PGP-Key: CDE74120 =  =E2=98=80  computing @ chaos = claudius

= --Apple-Mail=_BA4CA67E-8199-4721-9942-92D1F920C151-- --Apple-Mail=_46AF78E5-BD2C-43D5-BDDF-1BF5167F147F Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEl5evOTfnjZdhkBzKaPxTRM3nQSAFAmHeybwACgkQaPxTRM3n QSC3Ag/+Pqbc4EbFrdsoj2WMus657UIbKg9wV26lB4heIjC1zTUlsgZ5lfi0+Ik+ pJmyXwCYTVDd4+gt7j983Vpfp99FOg4u0HDOPolf5Br2of/ZMxzVAB6Z0PWHeEpj ev3t45OASIvL7CjpgjZ00shwsJz1J8HxojYwcjuX54G2A+6ffHa8eiW0zBrb0F4d uyLWKVcX3rg5v4/rrwhrQhFLCnBzzV8M9xGxN9qwPZrRXSnv+r3L/VLplWIstn6q ZuthX4W3jsxnsJTroiDL1CWyr4xkOY26IomeXUCN8Xsx+sg3FYfKuO564p/t2E08 kJLY3YAa0HqQ593eiqCq9wkqiqqRR16I0pTdOZpTUdwc9kReM4tP4Fm6jSO+k288 2QOJJL2B7mRo1tumE62hRq8KzUxchZoq763S4n05PycuhS7gqYw83ckTjCf0i/pO TuKUUL4v0mnLhij49/UFM9gTd6+UJ3bGqXoPaqfMjr3XPzCrvJBQWTqlS+h4/9t8 W7IK1a8DMDoBoji7iiC9VulHN53vSc0uk2s8XL6CkktrNkySVctjFs/VPrF1AnJj V+HrItUahvlL/h0YfcHR/v2SPAJrKUHww5W3eFvEMF5qyXw8vtQbRLdX5hokH8Q7 MsvAwTlt67eIuZxXwwxS2A5xW0EJLsgs0NaYYuMyxRaj0CA3owY= =xbUt -----END PGP SIGNATURE----- --Apple-Mail=_46AF78E5-BD2C-43D5-BDDF-1BF5167F147F--