pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/55125: "mozilla-rootcerts install" fails the second time

>Number:         55125
>Category:       pkg
>Synopsis:       "mozilla-rootcerts install" fails the second time
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Mar 30 08:45:00 +0000 2020
>Originator:     Andreas Gustafsson
>Release:        NetBSD 8.1

System: NetBSD
Architecture: x86_64
Machine: amd64

When I run "mozilla-rootcerts install" as instructed by "pkg_info -D
mozilla-rootcerts", I get the error message

  ERROR: /etc/openssl/certs already contains certificates, aborting.

Presumably this is because I have already run "mozilla-rootcerts
install" once, back in 2016 judging from the timestamps of the files
in /etc/openssl/certs.  Since these four year old certificates no
longer work and there is no documented way of updating them, I'm
sometimes forced to disable certificate checking, for example when
downloading files over HTTPS using wget.  This is obviously bad
for security.

This issue was discussed on pkgsrc-users in 2018:

but apparently never resolved as the discussion was sidetracked into a
bikeshed about whether you should need to run "mozilla-rootcerts
install" in the first place.  Since that's orthogonal to the issue
at hand, please keep that discussion out of this PR.


Install the mozilla-rootcerts package and run "mozilla-rootcerts install"


Home | Main Index | Thread Index | Old Index