From owner-freebsd-questions@FreeBSD.ORG  Mon Dec 29 02:45:43 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 52B8F97C
 for <freebsd-questions@freebsd.org>; Mon, 29 Dec 2014 02:45:43 +0000 (UTC)
Received: from mail.parts-unknown.org (mail.parts-unknown.org
 [IPv6:2001:470:67:119::4])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2E37964831
 for <freebsd-questions@freebsd.org>; Mon, 29 Dec 2014 02:45:43 +0000 (UTC)
Received: by mail.parts-unknown.org (Postfix, from userid 1001)
 id 4C0446D86BCC; Sun, 28 Dec 2014 18:45:36 -0800 (PST)
Date: Sun, 28 Dec 2014 18:45:36 -0800
From: David Benfell <benfell@parts-unknown.org>
To: Michael Sierchio <kudzu@tenebras.com>
Subject: Re: what's the story with openssl?
Message-ID: <20141229024536.GA43231@home.parts-unknown.org>
References: <20141228184319.GA84504@home.parts-unknown.org>
 <CAHu1Y71ez=Xej1cdBebEmuYpjZBTTjPmEKhaypH1XFYiCyucyw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="huq684BweRXVnRxX"
Content-Disposition: inline
In-Reply-To: <CAHu1Y71ez=Xej1cdBebEmuYpjZBTTjPmEKhaypH1XFYiCyucyw@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Cc: FreeBSD Questions <freebsd-questions@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Dec 2014 02:45:43 -0000


--huq684BweRXVnRxX
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Dec 28, 2014 at 02:57:19PM -0800, Michael Sierchio wrote:
>=20
> fetch (in the base system) uses environment variables, so you could set
> SSL_CA_CERT_FILE to the proper value with fetch. I don't remember of the
> top of my head how defaults are set in wget.

I now have three versions of this. And still no joy. It's badly
affecting some rss feeds I grab in a cron job:

[benfell@home ~]% r2e run
W: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:581) [2] https://www.aclu.org/news/all/feed
W: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:581) [3] https://www.talkingpointsmemo.com/feed/all
W: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:581) [5] https://www.eff.org/rss/updates.xml
W: error 404 [15]
http://www.rollingstone.com/siteServices/rss/nationalAffairs
W: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:581) [50]
https://www.reddit.com/.rss?feed=3Dc2b643a98368cf2de1899f7b58ee18043ac8ac7b=
&user=3Dn4rky
[benfell@home ~]% env | grep SSL
SSL_CA_CERT_FILE=3D/usr/local/openssl/cert.pem
SSL_CERT_DIR=3D/usr/local/openssl/certs
SSL_CERT_FILE=3D/usr/local/openssl/cert.pem
[benfell@home ~]%=20

And just for completeness:

--2014-12-28 18:44:53--  https://google.com/
Resolving google.com (google.com)... 2607:f8b0:4010:801::1009, 74.125.239.3=
7, 74.125.239.33, ...
Connecting to google.com (google.com)|2607:f8b0:4010:801::1009|:443... conn=
ected.
ERROR: cannot verify google.com's certificate, issued by =E2=80=98/C=3DUS/O=
=3DGoogle Inc/CN=3DGoogle Internet Authority G2=E2=80=99:
  Unable to locally verify the issuer's authority.
To connect to google.com insecurely, use `--no-check-certificate'.

Thanks!
--=20
David Benfell <benfell@parts-unknown.org>
See https://parts-unknown.org/node/2 if you don't understand the
attachment.

--huq684BweRXVnRxX
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUoMBQAAoJEBV64x4SNmArVpgP/2VPi1iZ4hVmGqAbJ6B8Mdxz
A8dAMbhG2rUbqcuiVGqWngM1Neidv1saYD/tOvIho+0u8cjxSbcLKYJUA/170Q9Z
ipEyJcBNEdXo5Q+Gl3fl4+0UXXPDTqPK1o5fMsfvYHcWniZotoZ+ZbpblRJ8pfXK
tmqgP2mMK2w+FJO622u9ZcVdOGJqe6aK7DfjEHWctbrp+jkD1nNGQz7hYExCfbw/
MntPUMtN6NII9EVaMKbIegfgQfPtSM9cpqpjqp7jip9pvUNf1euZS1ILjcC8ZFE2
hASlJuVZi6WXAnKk64lLF6P0WkIIGD3gYG9aSzEAYgM4QdsEuWHx2s2A54JTMte4
9d+CQIACC526P+y1c5k1CBhUC1ajHUymeJ76e0wfYXWoX8oQDWohYCJBP37eKNMx
6yzMnOciCl3VQk3HWAVPO5nGpQiQhVUBxUiI/uojChINsbUylDUPAWWUc5WOhtBa
Rc2HCtmhk1KH7w4dd+twS35B8z0TikN8CPn0We6w7tW3EefHcTx3RuwKKUq0hcbS
66lotr1GxfKLLrBG1F29nujWltbyqd0ypdf+eKo0wXfCTcELv4W9CSrLO1ZExV3R
vnvV/zrKQ1MJVJq+7UZuVskvtGZdsy5s8dXxzApGZSFE9f1qRS1HzfWsXJl00Skk
Vzz9GS4gvZ/dk6ZcLmQB
=rklC
-----END PGP SIGNATURE-----

--huq684BweRXVnRxX--