Re: pkg/55125: "mozilla-rootcerts install" fails the second time

[Andreas Gustafsson <gson%gson.org@localhost>]

The following reply was made to PR pkg/55125; it has been noted by GNATS.

From: Andreas Gustafsson <gson%gson.org@localhost>
To: Benny Siegert <bsiegert%gmail.com@localhost>
Cc: gnats-bugs%netbsd.org@localhost
Subject: Re: pkg/55125: "mozilla-rootcerts install" fails the second time
Date: Mon, 30 Mar 2020 12:49:42 +0300

 Benny Siegert wrote:
 >  What would you like the fix to be? Should it delete existing
 >  certificates from /etc/openssl/certs and replace them with the ones it
 >  is installing? Or should there be some kind of "force" option to do
 >  that?
 
 I just want there to be a documented procedure that I can follow to
 make "wget https://google.com/"; work like it does on other operating
 systems, instead of yielding
 
   $ wget https://google.com/
   --2020-03-30 12:29:19--  https://google.com/
   Resolving google.com (google.com)... 2a00:1450:400f:80a::200e, 172.217.21.174
   Connecting to google.com (google.com)|2a00:1450:400f:80a::200e|:443... failed: No route to host.
   Connecting to google.com (google.com)|172.217.21.174|:443... connected.
   ERROR: cannot verify google.com's certificate, issued by 'CN=GTS CA 1O1,O=Google Trust Services,C=US':
     Unable to locally verify the issuer's authority.
   To connect to google.com insecurely, use `--no-check-certificate'.
 
 When it comes to OpenSSL, I'm just an end user, and I have no idea
 whether, for example, "deleting existing certificates from
 /etc/openssl/certs" is the right thing to do.  I just follow the
 instructions, and currently the instructions don't work.
 -- 
 Andreas Gustafsson, gson%gson.org@localhost