Date: Mon, 20 Sep 2021 15:20:38 +0000 From: "Dave Cottlehuber" <dch@skunkwerks.at> To: "Stefan Parvu" <sparvu@kronometrix.org> Cc: freebsd-arm <freebsd-arm@freebsd.org> Subject: Re: FreeBSD 13 source code using git clone fails Message-ID: <597b8064-8acb-4ac4-87ff-8c609a9bc602@www.fastmail.com> In-Reply-To: <F1F1C175-2E41-4597-A356-FB7B1A73A663@kronometrix.org> References: <F1F1C175-2E41-4597-A356-FB7B1A73A663@kronometrix.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 20 Sep 2021, at 14:47, Stefan Parvu wrote: > Hi, >=20 > Im trying to get the source code, for FreeBSD 13 release. I did: >=20 > # cd /usr > # git clone -b releng/13.0 https://git.freebsd.org/src.git src > Cloning into 'src'... > fatal: unable to access 'https://git.freebsd.org/src.git/': SSL=20 > certificate problem: certificate is not yet valid >=20 > or >=20 > # git clone -o freebsd https://git.FreeBSD.org/src.git src > Cloning into 'src'... > fatal: unable to access 'https://git.FreeBSD.org/src.git/': SSL=20 > certificate problem: certificate is not yet valid >=20 > !? I have ca_root_nss installed version 3.63 =E2=80=A6 Anything I need= to know,=20 > or am I doing something wrong? >=20 > Thanks, > Stefan Likely your local clock is out of sync, try running ntpdate to check: ## query only $ ntpdate -v -q pool.ntp.org 20 Sep 15:15:34 ntpdate[53]: ntpdate 4.2.8p15-a (1) server 178.251.64.52, stratum 2, offset -0.001053, delay 0.03278 server 83.137.41.12, stratum 2, offset -0.000837, delay 0.04124 server 91.206.8.34, stratum 2, offset -0.001008, delay 0.03271 server 83.68.137.76, stratum 2, offset -0.001622, delay 0.03415 And update as needed. I have this in /etc/rc.conf ntpd_enable=3DYES ntpd_sync_on_start=3DYES which should bring it into line immediately on system boot, or `service ntpd restart`. You should be able to check cert status using curl: $ curl --cert-status -kvsSLo /dev/null https://git.FreeBSD.org/src.git * Trying 139.178.72.204:443... * Connected to git.FreeBSD.org (139.178.72.204) port 443 (#0) <---------- * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /usr/local/share/certs/ca-root-nss.crt * CApath: none } [5 bytes data] * TLSv1.3 (OUT), TLS handshake, Client hello (1): } [512 bytes data] * TLSv1.3 (IN), TLS handshake, Server hello (2): { [112 bytes data] * TLSv1.2 (IN), TLS handshake, Certificate (11): { [4279 bytes data] * TLSv1.2 (IN), TLS handshake, Server key exchange (12): { [556 bytes data] * TLSv1.2 (IN), TLS handshake, Server finished (14): { [4 bytes data] * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): } [37 bytes data] * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): } [1 bytes data] * TLSv1.2 (OUT), TLS handshake, Finished (20): } [16 bytes data] * TLSv1.2 (IN), TLS handshake, Finished (20): { [16 bytes data] * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: CN=3Dgit.freebsd.org * start date: Sep 10 20:14:08 2021 GMT <------------ * expire date: Dec 9 20:14:07 2021 GMT <------------ * issuer: C=3DUS; O=3DLet's Encrypt; CN=3DR3 * SSL certificate verify ok. * No OCSP response received * Closing connection 0 } [5 bytes data] * TLSv1.2 (OUT), TLS alert, close notify (256): } [2 bytes data] curl: (91) No OCSP response received I'm clearly connecting to gitmir.pkt.freebsd.org, yours could be differe= nt. If so, paste full curl response so we see the IP and the TLS cert de= tails. Best to use freebsd-questions list next time. A+ Dave
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?597b8064-8acb-4ac4-87ff-8c609a9bc602>