Site Navigation

Date:      Wed, 30 Jun 2021 11:56:19 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 256902] libfetch breaks usage of certctl managed store when security/ca_root_nss is installed
Message-ID:  <bug-256902-227-BoJqUL3yHn@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-256902-227@https.bugs.freebsd.org/bugzilla/>
References:  <bug-256902-227@https.bugs.freebsd.org/bugzilla/>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D256902

--- Comment #1 from Michael Osipov <michael.osipov@siemens.com> ---
fetch output:
> root@deblndw013x:/usr/ports
> # fetch -v https://deblndw011x.ad001.siemens.net/
> resolving server address: deblndw011x.ad001.siemens.net:443
> SSL options: 82004854
> Peer verification enabled
> Using CA cert file: /usr/local/etc/ssl/cert.pem
> Certificate verification failed for /C=3DDE/ST=3DBayern/L=3DMuenchen/O=3D=
Siemens/serialNumber=3DZZZZZZA1/OU=3DSiemens Trust Center/CN=3DSiemens Root=
 CA V3.0 2016
> 34370727936:error:1416F086:SSL routines:tls_process_server_certificate:ce=
rtificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:19=
15:
> fetch: https://deblndw011x.ad001.siemens.net/: Authentication error

> root@deblndw013x:/usr/ports
> # SSL_CA_CERT_PATH=3D/etc/ssl/certs  fetch -v https://deblndw011x.ad001.s=
iemens.net/
> resolving server address: deblndw011x.ad001.siemens.net:443
> SSL options: 82004854
> Peer verification enabled
> Using CA cert file: /usr/local/etc/ssl/cert.pem
> Using CA cert path: /etc/ssl/certs
> Verify hostname
> TLSv1.3 connection established using TLS_AES_256_GCM_SHA384
> Certificate subject: /C=3DDE/O=3DSiemens/OU=3DLDA DW/CN=3Ddeblndw011x.ad0=
01.siemens.net
> Certificate issuer: /C=3DDE/ST=3DBayern/L=3DMuenchen/O=3DSiemens/serialNu=
mber=3DZZZZZZB7/OU=3DSiemens Trust Center/CN=3DSiemens Issuing CA Intranet =
Server 2017
> requesting https://deblndw011x.ad001.siemens.net/
> remote size / mtime: 45 / 1623218965
> fetch.out                                               45  B  811 kBps  =
  00s

--=20
You are receiving this mail because:
You are the assignee for the bug.=

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-256902-227-BoJqUL3yHn>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact