Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 4 Sep 2022 18:42:24 +0200
From:      Axel Rau <Axel.Rau@Chaos1.DE>
To:        FreeBSD-security@FreeBSD.org
Subject:   pkg 1.18.4 refuses local CAcert on 13.1-RELEASE-p2
Message-ID:  <C5DE50D8-F4D7-4346-8E54-8C0E97B2CDD5@Chaos1.DE>

next in thread | raw e-mail | index | archive | help
While accessing my local poudriere repo I=E2=80=99m getting
- - -
Bootstrapping pkg from https://some_fqdn/131amd64-default, please wait...
Certificate verification failed for some_internal_CA
34391269376:error:1416F086:SSL \
routines:tls_process_server_certificate:certificate \
verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
- - -
but openssl verify shows successful verification:
- - -
# openssl s_client -connect some_fqdn:443 -6 -verify_return_error | grep =
verify
depth=3D1 some_internal_CA
verify return:1
depth=3D0 CN =3D some_fqdn
verify return:1
- - -
some_fqdn is defined in /etc/hosts only.

related repo.conf has:
- - -
some-repo: {
url: "https://some_fqdn/131amd64-default" ,
mirror_type: "HTTP",
enabled: yes,
IP_VERSION =3D 6,
signature_type: "pubkey",
pubkey: /usr/local/etc/ssl/certs/repo.cert
priority: 5
}
- - -

Any help appreciated,
Axel
=2D--
PGP-Key: CDE74120  =E2=98=80  computing @ chaos claudius




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C5DE50D8-F4D7-4346-8E54-8C0E97B2CDD5>