Re: bin/57456: ftp fails for https in netbsd-10 due to missing certificates

To: gnats-bugs%netbsd.org@localhost
Subject: Re: bin/57456: ftp fails for https in netbsd-10 due to missing certificates
From: David Brownlee <abs%absd.org@localhost>
Date: Wed, 21 Jun 2023 20:50:01 +0100

On Thu, 8 Jun 2023 at 22:10, Martin Husemann <martin%duskware.de@localhost> wrote:
>
>  Actually the installer issue is quite simple: I'll make it check
>  for any root certs in it's /etc/openssl/certs and if none is found
>  set FTPSSLNOVERIFY.

That looks like a good change for the installer (and worth making
independent of any other fix), but this issue is still outstanding for
netbsd-10

Without installing mozilla-rootcerts-openssl or similar from pkgsrc,
ftp will fail on any http URL with:

18446744073709551615:error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify
failed:/usr/src/crypto/external/bsd/openssl/dist/ssl/statem/statem_clnt.c:1919:

including downloading https://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc.tar.xz

I'm inclined to suggest this should be a blocker for netbsd-10

David

References:
- Re: bin/57456: ftp fails for https in netbsd-10 due to missing certificates
  - From: Martin Husemann

Prev by Date: Re: port-amd64/56815 (Lenovo ThinkCentre with i915drmkms graphics fails to boot)
Next by Date: Re: bin/57456: ftp fails for https in netbsd-10 due to missing certificates
Previous by Thread: Re: bin/57456: ftp fails for https in netbsd-10 due to missing certificates
Next by Thread: Re: bin/57456: ftp fails for https in netbsd-10 due to missing certificates
Indexes:

Home | Main Index | Thread Index | Old Index