pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkgin doesn't work with https and proxy
* On 2024-04-05 at 03:53 BST, Ryota Ozaki wrote:
I installed pkgin via pkg_add on NetBSD 10.0, but it doesn't work
with https and proxy.
pkgin update failed with the following error:
netbsd10# pkgin update
processing remote summary
(https://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/x86_64/10.0/All)...
0048552D667B0000:error:0A000126:SSL routines:ssl3_read_n:unexpected
eof while reading:/usr/src/crypto/external/bsd/openssl/dist/ssl/record/rec_layer_s3.c:303:
0048552D667B0000:error:0A000126:SSL routines:ssl3_read_n:unexpected
eof while reading:/usr/src/crypto/external/bsd/openssl/dist/ssl/record/rec_layer_s3.c:303:
0048552D667B0000:error:0A000126:SSL routines:ssl3_read_n:unexpected
eof while reading:/usr/src/crypto/external/bsd/openssl/dist/ssl/record/rec_layer_s3.c:303:
pkgin: Could not fetch
https://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/x86_64/10.0/All/pkg_summary.gz:
Authentication error
pkgin 23.12.0 now requires valid certificates for https transport. Make
sure that you have installed e.g. mozilla-rootcerts-openssl, though I
thought NetBSD 10 now shipped with certificates installed by default?
Just to verify that it wasn't proxy connections that were affected, I
tested this myself with tinyproxy installed from pkgsrc:
$ pkgin up
processing remote summary (https://pkgsrc.smartos.org/packages/SmartOS/trunk/x86_64/All)...
database for https://pkgsrc.smartos.org/packages/SmartOS/trunk/x86_64/All is up-to-date
$ env http_proxy=http://localhost:8888/ pkgin up
processing remote summary (https://pkgsrc.smartos.org/packages/SmartOS/trunk/x86_64/All)...
database for https://pkgsrc.smartos.org/packages/SmartOS/trunk/x86_64/All is up-to-date
$ tail /var/log/tinyproxy/tinyproxy.log
INFO Apr 05 09:41:56.974 [38073]: Setting "Via" header to 'tinyproxy'
NOTICE Apr 05 09:41:56.997 [38073]: Reloading config file finished
CONNECT Apr 05 09:42:08.148 [38073]: Connect (file descriptor 4): ::1
CONNECT Apr 05 09:42:08.175 [38073]: Request (file descriptor 4): CONNECT pkgsrc.smartos.org:443 HTTP/1.1
INFO Apr 05 09:42:08.186 [38073]: No upstream proxy for pkgsrc.smartos.org
INFO Apr 05 09:42:08.196 [38073]: opensock: opening connection to pkgsrc.smartos.org:443
INFO Apr 05 09:42:09.058 [38073]: opensock: getaddrinfo returned for pkgsrc.smartos.org:443
CONNECT Apr 05 09:42:09.166 [38073]: Established connection to host "pkgsrc.smartos.org" using file descriptor 5.
INFO Apr 05 09:42:09.176 [38073]: Not sending client headers to remote machine
INFO Apr 05 09:42:09.612 [38073]: Closed connection between local client (fd:4) and remote client (fd:5)
ftp(1) command can fetch pkg_summary.gz under the same environment:
I don't believe ftp checks certificates, at least by default.
The version of pkgin:
netbsd10# pkgin -v
pkgin 23.8.1 (using SQLite 3.26.0)
Oh, that's strange. That version of pkgin doesn't even perform
validation. I guess this is a libfetch issue on NetBSD, or the SSL
errors above aren't related to verification.
--
Jonathan Perkin - mnx.io - pkgsrc.smartos.org
Open Source Complete Cloud www.tritondatacenter.com
Home |
Main Index |
Thread Index |
Old Index