Re: cryptic pkgin SSL cert error

To: David Brownlee <abs%absd.org@localhost>
Subject: Re: cryptic pkgin SSL cert error
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Tue, 23 Apr 2024 07:45:34 -0400

David Brownlee <abs%absd.org@localhost> writes:

> Do you have security/mozilla-rootcerts-openssl installed? (which
> should provide a full set of certs in /etc/openssl). Alternatively
> what do you have in /etc/openssl
>
> For netbsd-10 /etc/openssl is populated by the OS, but doing that
> would be a breaking change on netbsd-9, however it may be that the
> latest pkgin is enforcing SSL certificates by default on netbsd-9
> which would be... unhelpful in this case

I don't see it as uhelpful -- doctrine has always been that the sysadmin
should choose which CAs to configure as trust anchors.  In 10, that's
still more or less doctrine, except the default set is mozilla (or ish)
rather than the empty set.  If you haven't set up trust anchors, lots of
things are troubled.

Follow-Ups:
- Re: cryptic pkgin SSL cert error
  - From: David Brownlee

References:
- cryptic pkgin SSL cert error
  - From: beaker
- Re: cryptic pkgin SSL cert error
  - From: David Brownlee

Prev by Date: Re: cryptic pkgin SSL cert error
Next by Date: Re: NetBSD 9.3 to 10.0 upgrade failure - check for DOS fs
Previous by Thread: Re: cryptic pkgin SSL cert error
Next by Thread: Re: cryptic pkgin SSL cert error
Indexes:

Home | Main Index | Thread Index | Old Index