Re: unable to use git with github: SSL certificate OpenSSL verify result: unable to get local issuer certificate (20)

[Greg Troxel <gdt%lexort.com@localhost>]

Riccardo Mottola <riccardo.mottola%libero.it@localhost> writes:

> mozilla-rootcerts-1.1.20260211 Root CA certificates from the Mozilla Project
> mozilla-rootcerts-openssl-2.21 Wedge for installing and managing
> mozilla-rootcerts
> p5-Mozilla-CA-20250602nb1 Mozilla's CA cert bundle for Perl
> openssl-3.6.1        Secure Socket Layer and cryptographic library
> gnutls-3.8.13        Transport Layer Security library
> libcurl-gnutls-8.20.0 Client that groks URLs

Now you have two copies of openssl because 9 is old.  9 does not have
OS-installed trust anchors ('root certs').

So, the first advice is to update to 10.  9 is ancient - it's been more
than 6 years now, and IMHO nobody should be using it.  It's going to be
formally desupported when 11 is released, more or less (which has been
"soon" for quite a while now :-( ).
>
> # mozilla-rootcerts install
> ERROR: /etc/openssl/certs already contains certificates, aborting.

The second bit of advice is to look not only in /etc/openssl but also in
/usr/pkg/etc/openssl.   I am really unclear on the plan of where pkgsrc
looks for config.

For what it's worth, on a NetBSD 9 box I can access (there are only 2),
git works (with a server with an LE cert).

Then you can use ktrace and kdump -m8 and look at the NAMI calls to see
where it is reading certs from.