Re: cryptic pkgin SSL cert error

To: David Brownlee <abs%absd.org@localhost>
Subject: Re: cryptic pkgin SSL cert error
From: Martin Husemann <martin%duskware.de@localhost>
Date: Tue, 23 Apr 2024 16:24:55 +0200

On Tue, Apr 23, 2024 at 03:17:14PM +0100, David Brownlee wrote:
> However, while better checking of trust anchors is a better end state
> - assuming I am understanding the situation correctly: in an
> effectively unannounced change, pkgin on a -9 system without either
> security/mozilla-rootcerts-openssl installed or /etc/openssl will now
> just fail, including any attempt to install mozilla-rootcerts-openssl
> to resolve.

Only if the binary pkgs repository URL was using https.
Default setup used to be http:

> This requires manual intervention to set an environment variable to
> allow mozilla-rootcerts-openssl to be installed, or otherwise setup
> /etc/openssl. That would appear to be an unhelpful change, to the
> extent that I would propose pkgin on netbsd < 10 might be better to
> default to disabling checking trust anchors (with a warning).

Edit the URL, install mozilla-rootcerts-openssl, change the URL back.

Martin

Follow-Ups:
- Re: cryptic pkgin SSL cert error
  - From: David Brownlee

References:
- cryptic pkgin SSL cert error
  - From: beaker
- Re: cryptic pkgin SSL cert error
  - From: David Brownlee
- Re: cryptic pkgin SSL cert error
  - From: Greg Troxel
- Re: cryptic pkgin SSL cert error
  - From: David Brownlee

Prev by Date: Re: cryptic pkgin SSL cert error
Next by Date: Re: cryptic pkgin SSL cert error
Previous by Thread: Re: cryptic pkgin SSL cert error
Next by Thread: Re: cryptic pkgin SSL cert error
Indexes:

Home | Main Index | Thread Index | Old Index