Date: Sat, 7 Oct 2023 21:03:19 +0900 From: Koichiro Iwao <meta@freebsd.org> To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= <des@freebsd.org> Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org, ports@freebsd.org Subject: Re: git: 483e74f44b82 - main - security/ca_root_nss: Use certctl instead of a symlink. Message-ID: <j5hsadyeheayonhr5zudy2xurjtujxt3o6ilyyv4z7eej4zxnl@ptiztdqopea2> In-Reply-To: <868r8eeja5.fsf@ltc.des.no> References: <202310061549.396Fn8xF027032@gitrepo.freebsd.org> <u5u2xbbkwwmnicmloyujjmaslmtnpmnegksa337odkhhwrr2cd@s4ejluqaephk> <868r8eeja5.fsf@ltc.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Oct 07, 2023 at 01:58:26PM +0200, Dag-Erling Smørgrav wrote: > Koichiro Iwao <meta@freebsd.org> writes: > > % LANG=C wget -O - https://www.freebsd.org > > --2023-10-07 19:50:58-- https://www.freebsd.org/ > > Resolving www.freebsd.org (www.freebsd.org)... 2402:3d00:fb5d::50:2, 2405:f000:202:2541::50:3, 192.50.199.250, ... > > Connecting to www.freebsd.org (www.freebsd.org)|2402:3d00:fb5d::50:2|:443... connected. > > ERROR: cannot verify www.freebsd.org's certificate, issued by 'CN=R3,O=Let\'s Encrypt,C=US': > > Unable to locally verify the issuer's authority. > > To connect to www.freebsd.org insecurely, use `--no-check-certificate'. > > I'm unable to reproduce this on 13.2. Running wget under ktrace shows > that although it first looks for the nonexistent bundle, it correctly > falls back to the system trust store. > > $ ktrace wget -O /dev/null https://www.freebsd.org/ > --2023-10-07 13:57:20-- https://www.freebsd.org/ > Resolving www.freebsd.org (www.freebsd.org)... 147.28.184.45, 2604:1380:4091:a001::50:3 > Connecting to www.freebsd.org (www.freebsd.org)|147.28.184.45|:443... connected. > HTTP request sent, awaiting response... 200 OK > Length: 15539 (15K) [text/html] > Saving to: ‘/dev/null’ > > /dev/null 100%[===================>] 15.17K --.-KB/s in 0.001s > > 2023-10-07 13:57:20 (16.3 MB/s) - ‘/dev/null’ saved [15539/15539] > > $ kdump -tn | grep etc/ssl > 606 wget NAMI "/etc/ssl/openssl.cnf" > 606 wget NAMI "/etc/ssl/cert.pem" > 606 wget NAMI "/etc/ssl/certs/8d33f237.0" > 606 wget NAMI "/etc/ssl/certs/4042bcee.0" > 606 wget NAMI "/etc/ssl/certs/4042bcee.0" > 606 wget NAMI "/etc/ssl/certs/4042bcee.1" > 606 wget NAMI "/etc/ssl/certs/4042bcee.1" > 606 wget NAMI "/etc/ssl/certs/4042bcee.2" Thanks for the confirmation. I will check again. -- meta <meta@FreeBSD.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?j5hsadyeheayonhr5zudy2xurjtujxt3o6ilyyv4z7eej4zxnl>