pkg/49040: pkgsrc fails to fetch via https from github

[martin%NetBSD.org@localhost]

>Number:         49040
>Category:       pkg
>Synopsis:       pkgsrc fails to fetch via https from github
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jul 27 11:15:00 +0000 2014
>Originator:     Martin Husemann
>Release:        NetBSD 6.99.49
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD night-owl.duskware.de 6.99.49 NetBSD 6.99.49 (NIGHT-OWL) #268: 
Sat Jul 26 16:50:44 CEST 2014 
martin%night-owl.duskware.de@localhost:/usr/src/sys/arch/amd64/compile/NIGHT-OWL
 amd64
Architecture: x86_64
Machine: amd64
>Description:

Trying to fetch the "rhino" part of pkgsrc/lang/openjdk7 fails to fetch
https://github.com/downloads/mozilla/rhino/rhino1_7R4.zip
with unparsable error messages like:

140187570456068:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert 
handshake failure:/usr/src/crypto/external/bsd/openssl/dist/ssl/s23_clnt.c:762:

This is an unacceptable error message from a user perspective.

Trying wget instead, the error is:

Resolving github.com (github.com)... 192.30.252.129
Connecting to github.com (github.com)|192.30.252.129|:443... connected.
ERROR: cannot verify github.com's certificate, issued by '/C=US/O=DigiCert 
Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA':
  Unable to locally verify the issuer's authority.
To connect to github.com insecurely, use `--no-check-certificate'.

and using --no-check-certificate successfully downloads the file.

>How-To-Repeat:
make do-fetch in pkgsrc/lang/openjdk7

>Fix:
n/a