Date: Wed, 06 Sep 2017 19:00:29 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 222109] sysutils/vm-bhyve: should depend on security/ca_root_nss Message-ID: <bug-222109-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222109 Bug ID: 222109 Summary: sysutils/vm-bhyve: should depend on security/ca_root_nss Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: asomers@FreeBSD.org CC: churchers@gmail.com, ports-secteam@FreeBSD.org CC: churchers@gmail.com, ports-secteam@FreeBSD.org "vm iso" uses fetch(1) to download iso files. A major source of iso files = is download.freebsd.org. If no other source of certificates has been installe= d, fetch will use OpenSSL's default CA cert and path settings, but those don't recognize the Let's Encrypt certificate used by download.freebsd.org. The result is an error like this one: $ sudo vm iso https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeB= SD-11.1-RELEASE-amd64-bootonly.iso Certificate verification failed for /C=3DUS/O=3DLet's Encrypt/CN=3DLet's En= crypt Authority X3 34374362520:error:14090086:SSL routines:ssl3_get_server_certificate:certifi= cate verify failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1264: fetch: https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/11.1/FreeB= SD-11.1-RELEASE-amd64-bootonly.iso: Authentication error Installing security/ca_root_nss provides an alternative bundle of root certificates, which do trust download.freebsd.org. Since download.freebsd.= org is so critically important to most vm-bhyve users, security/ca_root_nss sho= uld be a RUN_DEPENDS. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-222109-13>