Date: Sat, 07 Oct 2023 13:58:26 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@FreeBSD.org> To: Koichiro Iwao <meta@freebsd.org> Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org, ports@freebsd.org Subject: Re: git: 483e74f44b82 - main - security/ca_root_nss: Use certctl instead of a symlink. Message-ID: <868r8eeja5.fsf@ltc.des.no> In-Reply-To: <u5u2xbbkwwmnicmloyujjmaslmtnpmnegksa337odkhhwrr2cd@s4ejluqaephk> (Koichiro Iwao's message of "Sat, 7 Oct 2023 19:56:54 %2B0900") References: <202310061549.396Fn8xF027032@gitrepo.freebsd.org> <u5u2xbbkwwmnicmloyujjmaslmtnpmnegksa337odkhhwrr2cd@s4ejluqaephk>
next in thread | previous in thread | raw e-mail | index | archive | help
Koichiro Iwao <meta@freebsd.org> writes: > % LANG=3DC wget -O - https://www.freebsd.org > --2023-10-07 19:50:58-- https://www.freebsd.org/ > Resolving www.freebsd.org (www.freebsd.org)... 2402:3d00:fb5d::50:2, 2405= :f000:202:2541::50:3, 192.50.199.250, ... > Connecting to www.freebsd.org (www.freebsd.org)|2402:3d00:fb5d::50:2|:443= ... connected. > ERROR: cannot verify www.freebsd.org's certificate, issued by 'CN=3DR3,O= =3DLet\'s Encrypt,C=3DUS': > Unable to locally verify the issuer's authority. > To connect to www.freebsd.org insecurely, use `--no-check-certificate'. I'm unable to reproduce this on 13.2. Running wget under ktrace shows that although it first looks for the nonexistent bundle, it correctly falls back to the system trust store. $ ktrace wget -O /dev/null https://www.freebsd.org/ --2023-10-07 13:57:20-- https://www.freebsd.org/ Resolving www.freebsd.org (www.freebsd.org)... 147.28.184.45, 2604:1380:409= 1:a001::50:3 Connecting to www.freebsd.org (www.freebsd.org)|147.28.184.45|:443... conne= cted. HTTP request sent, awaiting response... 200 OK Length: 15539 (15K) [text/html] Saving to: =E2=80=98/dev/null=E2=80=99 /dev/null 100%[=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D>] 15.17K --.-KB/s in 0.001s=20=20 2023-10-07 13:57:20 (16.3 MB/s) - =E2=80=98/dev/null=E2=80=99 saved [15539/= 15539] $ kdump -tn | grep etc/ssl 606 wget NAMI "/etc/ssl/openssl.cnf" 606 wget NAMI "/etc/ssl/cert.pem" 606 wget NAMI "/etc/ssl/certs/8d33f237.0" 606 wget NAMI "/etc/ssl/certs/4042bcee.0" 606 wget NAMI "/etc/ssl/certs/4042bcee.0" 606 wget NAMI "/etc/ssl/certs/4042bcee.1" 606 wget NAMI "/etc/ssl/certs/4042bcee.1" 606 wget NAMI "/etc/ssl/certs/4042bcee.2" DES --=20 Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?868r8eeja5.fsf>