Date: Sun, 4 Sep 2022 19:37:46 +0200 From: Andrea Venturoli <ml@netfence.it> To: freebsd-security@freebsd.org Subject: Re: pkg 1.18.4 refuses local CAcert on 13.1-RELEASE-p2 Message-ID: <cf16048f-704b-c253-ec4b-5ef620ef3d95@netfence.it> In-Reply-To: <C5DE50D8-F4D7-4346-8E54-8C0E97B2CDD5@Chaos1.DE> References: <C5DE50D8-F4D7-4346-8E54-8C0E97B2CDD5@Chaos1.DE>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/4/22 18:42, Axel Rau wrote: > While accessing my local poudriere repo I’m getting > - - - > Bootstrapping pkg from https://some_fqdn/131amd64-default, please wait... > Certificate verification failed for some_internal_CA > 34391269376:error:1416F086:SSL \ > routines:tls_process_server_certificate:certificate \ > verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921: > - - - > but openssl verify shows successful verification: Can you try getting /usr/local/etc/ssl/cert.pem out of the way? Possibly /etc/ssl/cert.pem too, if you have it. I have the same problem and I solve it by deleting that file. Unfortunately it's recreated every time ca_root_nss is upgraded. bye av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cf16048f-704b-c253-ec4b-5ef620ef3d95>