From owner-freebsd-stable@freebsd.org Tue Feb 11 14:17:15 2020 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1FBD5236898 for ; Tue, 11 Feb 2020 14:17:15 +0000 (UTC) (envelope-from michal.jakubik@zoho.com) Received: from sender4-pp-o93.zoho.com (sender4-pp-o93.zoho.com [136.143.188.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48H4bZ0zGsz44Rj for ; Tue, 11 Feb 2020 14:17:13 +0000 (UTC) (envelope-from michal.jakubik@zoho.com) ARC-Seal: i=1; a=rsa-sha256; t=1581430626; cv=none; d=zohomail.com; s=zohoarc; b=YKgfFHopc5D6fq5edfGyUsgcuFYjKrkirYeQaMOAPxtTbBrNsE5DT8ie6bzGHEndvPmk46al+Yo87pMRksxcK8f9zYupreT5hz0eqybb6JfSldr5pOqh3DncJJNwHk6qUAXfPr3gwn89UCjoCBo4V6DpBXBDDdRot4+Qx0wnbxw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1581430626; h=Content-Type:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:Reply-To:References:Subject:To; bh=PK+R5YlCq4pOBwzAmeskH0t/5ZEoqh7WmP4kE+rMwDA=; b=LUuhRTg/hz7FqqFa3kOEk3B1+JV2kRZ2sRRMc1/xuORQg2P/FdnNcKQA9rHTnN61XmQmxwVQCBFGmRufgG+5G6Z8qursQN3s3GvXA2ouQlk7PX3HHtuW0OVrrAQxDSf7kftstxbEiGXRW2QuPAwLarcHwg6zQAugmK6PL2usORE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=swiftsmsgateway.com; spf=pass smtp.mailfrom=michal.jakubik@zoho.com; dmarc=pass header.from= header.from= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=zapps768; d=zoho.com; h=date:from:reply-to:to:cc:message-id:in-reply-to:references:subject:mime-version:content-type:user-agent; b=aohPjrS8B5b4AY1WPAzZAef8vaYJk49Rd1o8F3oFraaTorB6mOoFvi6LsbgDQymOz4NcGb+IjaZ6 uYOHQ6N5SqN/tT782snxRojSblwgWLYOx/NtFO5tRGZYmQ0GM7Uq Received: from mail.zoho.com by mx.zohomail.com with SMTP id 1581430621807409.2217152992854; Tue, 11 Feb 2020 06:17:01 -0800 (PST) Date: Tue, 11 Feb 2020 09:17:01 -0500 From: Mike Jakubik Reply-To: mike.jakubik@swiftsmsgateway.com To: "Bob Willcox" Cc: "stable list" Message-Id: <170349c466d.11a568c3a200262.329674455921888667@swiftsmsgateway.com> In-Reply-To: <20200211140712.GJ932@rancor.immure.com> References: <20200211140712.GJ932@rancor.immure.com> Subject: Re: Certificate verification failures on 'make fetchindex' in /usr/ports MIME-Version: 1.0 Importance: Medium User-Agent: Zoho Mail X-Mailer: Zoho Mail X-Rspamd-Queue-Id: 48H4bZ0zGsz44Rj X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of michal.jakubik@zoho.com designates 136.143.188.93 as permitted sender) smtp.mailfrom=michal.jakubik@zoho.com X-Spamd-Result: default: False [-3.57 / 15.00]; MIME_TRACE(0.00)[0:+,1:+,2:~]; HAS_REPLYTO(0.00)[mike.jakubik@swiftsmsgateway.com]; ARC_ALLOW(-1.00)[i=1]; XM_UA_NO_VERSION(0.01)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:136.143.188.0/23]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[swiftsmsgateway.com]; URI_COUNT_ODD(1.00)[21]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[93.188.143.136.list.dnswl.org : 127.0.15.0]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; IP_SCORE(-1.58)[ipnet: 136.143.188.0/24(-4.67), asn: 2639(-3.18), country: US(-0.05)]; FORGED_SENDER(0.30)[mike.jakubik@swiftsmsgateway.com,michal.jakubik@zoho.com]; REPLYTO_ADDR_EQ_FROM(0.00)[]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[zoho.com]; ASN(0.00)[asn:2639, ipnet:136.143.188.0/24, country:US]; FROM_NEQ_ENVFROM(0.00)[mike.jakubik@swiftsmsgateway.com,michal.jakubik@zoho.com]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Feb 2020 14:17:15 -0000 Hi Bob, You need to install the root certificate bundle. cd /usr/ports/security/ca_root_nss/ && make install clean Cheers. ---- On Tue, 11 Feb 2020 09:07:12 -0500 Bob Willcox wrote ---- Hi All, I just installed a recent snapshot of 12.1 on a new system and when I run 'make fetchindex' in the /usr/ports directory I get this: bob@han:0 /usr/ports> make fetchindex /usr/bin/env fetch -am -o /usr/ports/INDEX-12.bz2 https://www.FreeBSD.org/ports/INDEX-12.bz2 Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 34370596864:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915: fetch: https://www.FreeBSD.org/ports/INDEX-12.bz2: Authentication error Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 34370596864:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915: fetch: https://www.FreeBSD.org/ports/INDEX-12.bz2: Authentication error Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 34370596864:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915: fetch: https://www.FreeBSD.org/ports/INDEX-12.bz2: Authentication error Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 34370596864:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915: fetch: https://www.FreeBSD.org/ports/INDEX-12.bz2: Authentication error Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 34370596864:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915: Can anyone tell me how to fix this? Why would I be getting certificate verification failures? What am I missing? This is a brand new install and I have installed very little else (pdksh, ksh93, & bsdrcmds is all). Thanks, Bob -- Bob Willcox | It's possible that the whole purpose of your life is to mailto:bob@immure.com | serve as a warning to others. Austin, TX | _______________________________________________ mailto:freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "mailto:freebsd-stable-unsubscribe@freebsd.org" Mike Jakubik https://www.swiftsmsgateway.com/ Disclaimer: This e-mail and any attachments are intended only for the use of the addressee(s) and may contain information that is privileged or confidential. If you are not the intended recipient, or responsible for delivering the information to the intended recipient, you are hereby notified that any dissemination, distribution, printing or copying of this e-mail and any attachments is strictly prohibited. If this e-mail and any attachments were received in error, please notify the sender by reply e-mail and delete the original message. From owner-freebsd-stable@freebsd.org Tue Feb 11 17:19:04 2020 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8500C23BB64 for ; Tue, 11 Feb 2020 17:19:04 +0000 (UTC) (envelope-from bob@rancor.immure.com) Received: from rancor.immure.com (108-84-10-9.lightspeed.austtx.sbcglobal.net [108.84.10.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "darth.immure.com", Issuer "darth.immure.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48H8dM4WVWz4HZ0 for ; Tue, 11 Feb 2020 17:19:03 +0000 (UTC) (envelope-from bob@rancor.immure.com) Received: from rancor.immure.com (localhost [127.0.0.1]) by rancor.immure.com (8.15.2/8.15.2) with ESMTPS id 01BHJ1j7011480 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 11 Feb 2020 11:19:01 -0600 (CST) (envelope-from bob@rancor.immure.com) Received: (from bob@localhost) by rancor.immure.com (8.15.2/8.15.2/Submit) id 01BHJ1J2011477; Tue, 11 Feb 2020 11:19:01 -0600 (CST) (envelope-from bob) Date: Tue, 11 Feb 2020 11:19:01 -0600 From: Bob Willcox To: Mike Jakubik Cc: stable list Subject: Re: Certificate verification failures on 'make fetchindex' in /usr/ports Message-ID: <20200211171901.GA11453@rancor.immure.com> Reply-To: Bob Willcox References: <20200211140712.GJ932@rancor.immure.com> <170349c466d.11a568c3a200262.329674455921888667@swiftsmsgateway.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <170349c466d.11a568c3a200262.329674455921888667@swiftsmsgateway.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Rspamd-Queue-Id: 48H8dM4WVWz4HZ0 X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of bob@rancor.immure.com has no SPF policy when checking 108.84.10.9) smtp.mailfrom=bob@rancor.immure.com X-Spamd-Result: default: False [2.04 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[bob@immure.com]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_MEDIUM(-0.55)[-0.546,0]; IP_SCORE(0.39)[ip: (0.19), ipnet: 108.64.0.0/11(0.09), asn: 7018(1.71), country: US(-0.05)]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[immure.com]; AUTH_NA(1.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(1.00)[0.996,0]; R_SPF_NA(0.00)[]; FORGED_SENDER(0.30)[bob@immure.com,bob@rancor.immure.com]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:7018, ipnet:108.64.0.0/11, country:US]; FROM_NEQ_ENVFROM(0.00)[bob@immure.com,bob@rancor.immure.com]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Feb 2020 17:19:04 -0000 Thanks alot Mike. That worked for me. Out of curriosity, is this a fairly recent change? For some reason I've never experienced this issue before, though it's been a number of months that I last installed a new system. Bob On Tue, Feb 11, 2020 at 09:17:01AM -0500, Mike Jakubik wrote: > Hi Bob, > > > > You need to install the root certificate bundle. > > > > cd /usr/ports/security/ca_root_nss/ && make install clean > > > > Cheers. > > > ---- On Tue, 11 Feb 2020 09:07:12 -0500 Bob Willcox wrote ---- > > > Hi All, > > I just installed a recent snapshot of 12.1 on a new system and when I run 'make fetchindex' > in the /usr/ports directory I get this: > > bob@han:0 /usr/ports> make fetchindex > /usr/bin/env fetch -am -o /usr/ports/INDEX-12.bz2 https://www.FreeBSD.org/ports/INDEX-12.bz2 > Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > 34370596864:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915: > fetch: https://www.FreeBSD.org/ports/INDEX-12.bz2: Authentication error > Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > 34370596864:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915: > fetch: https://www.FreeBSD.org/ports/INDEX-12.bz2: Authentication error > Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > 34370596864:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915: > fetch: https://www.FreeBSD.org/ports/INDEX-12.bz2: Authentication error > Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > 34370596864:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915: > fetch: https://www.FreeBSD.org/ports/INDEX-12.bz2: Authentication error > Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > 34370596864:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915: > > Can anyone tell me how to fix this? Why would I be getting certificate verification > failures? What am I missing? This is a brand new install and I have installed very > little else (pdksh, ksh93, & bsdrcmds is all). > > Thanks, > Bob > > -- > Bob Willcox | It's possible that the whole purpose of your life is to > mailto:bob@immure.com | serve as a warning to others. > Austin, TX | > _______________________________________________ > mailto:freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "mailto:freebsd-stable-unsubscribe@freebsd.org" > > > > > > Mike Jakubik > > https://www.swiftsmsgateway.com/ > > > > Disclaimer: This e-mail and any attachments are intended only for the use of the addressee(s) and may contain information that is privileged or confidential. If you are not the intended recipient, or responsible for delivering the information to the intended recipient, you are hereby notified that any dissemination, distribution, printing or copying of this e-mail and any attachments is strictly prohibited. If this e-mail and any attachments were received in error, please notify the sender by reply e-mail and delete the original message. -- Bob Willcox | It's possible that the whole purpose of your life is to bob@immure.com | serve as a warning to others. Austin, TX |