Site Navigation

Date:      Sun, 4 Sep 2022 18:42:24 +0200
From:      Axel Rau <Axel.Rau@Chaos1.DE>
To:        FreeBSD-security@FreeBSD.org
Subject:   pkg 1.18.4 refuses local CAcert on 13.1-RELEASE-p2
Message-ID:  <C5DE50D8-F4D7-4346-8E54-8C0E97B2CDD5@Chaos1.DE>

---

index | next in thread | raw e-mail

---

While accessing my local poudriere repo I’m getting
- - -
Bootstrapping pkg from https://some_fqdn/131amd64-default, please wait...
Certificate verification failed for some_internal_CA
34391269376:error:1416F086:SSL \
routines:tls_process_server_certificate:certificate \
verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
- - -
but openssl verify shows successful verification:
- - -
# openssl s_client -connect some_fqdn:443 -6 -verify_return_error | grep verify
depth=1 some_internal_CA
verify return:1
depth=0 CN = some_fqdn
verify return:1
- - -
some_fqdn is defined in /etc/hosts only.

related repo.conf has:
- - -
some-repo: {
url: "https://some_fqdn/131amd64-default" ,
mirror_type: "HTTP",
enabled: yes,
IP_VERSION = 6,
signature_type: "pubkey",
pubkey: /usr/local/etc/ssl/certs/repo.cert
priority: 5
}
- - -

Any help appreciated,
Axel
---
PGP-Key: CDE74120  ☀  computing @ chaos claudius

help

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C5DE50D8-F4D7-4346-8E54-8C0E97B2CDD5>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact