SSL CA cert issue

Antonio Huete Jiménez tuxillo at quantumachine.net
Sun Apr 30 11:01:11 PDT 2017


Hi,

What about system utilities like fetch(1)?
Do they show the same behaviour?

Regards,
Antonio Huete

Tim Darby <t+dfbsd at timdarby.net> escribió:

> Actually, that's what I normally do, but I'm running a builder program that
> needs to do a git clone with https. BTW, curl has the same issue:
>
> % curl https://www.github.com
> curl: (60) SSL certificate problem: unable to get local issuer certificate
> More details here: https://curl.haxx.se/docs/sslcerts.html
>
> curl performs SSL certificate verification by default, using a "bundle"
>  of Certificate Authority (CA) public keys (CA certs). If the default
>  bundle file isn't adequate, you can specify an alternate file
>  using the --cacert option.
> If this HTTPS server uses a certificate signed by a CA represented in
>  the bundle, the certificate verification probably failed due to a
>  problem with the certificate (it might be expired, or the name might
>  not match the domain name in the URL).
> If you'd like to turn off curl's verification of the certificate, use
>  the -k (or --insecure) option.
>
> Tim
>
> On Sun, Apr 30, 2017 at 10:16 AM, Zachary Crownover <
> zachary.crownover at gmail.com> wrote:
>
>> Easiest fix is to just use SSH for your git connections. change https:///
>> github.com/DragonFlyBSD/DragonFlyBSD.git to  
>> git at github.com:DragonFlyBSD/DragonFlyBSD.git
>> and you won't have that issue.
>>
>> On Sun, Apr 30, 2017 at 10:13 AM, PeerCorps Trust Fund <
>> ipc at peercorpstrust.org> wrote:
>>
>>> Same issue here. Running on 4.9-DEVELOPMENT DragonFly
>>> v4.9.0.223.g4f0ea-DEVELOPMENT. Also after a pkg upgrade.
>>>
>>> Michael
>>>
>>>
>>> On 04/30/2017 05:28 PM, Tim Darby wrote:
>>>
>>>> I did a pkg upgrade at the same time, so I wonder if libressl is to
>>>> blame.
>>>>
>>>> Tim
>>>>
>>>> On Sun, Apr 30, 2017 at 7:16 AM, Tim Darby <t+dfbsd at timdarby.net> wrote:
>>>>
>>>> I just updated to the latest master and noticed this:
>>>>>
>>>>> % git clone https://github.com/DragonFlyBSD/DragonFlyBSD.git
>>>>> Cloning into 'DragonFlyBSD'...
>>>>> fatal: unable to access 'https://github.com/DragonFlyB
>>>>> SD/DragonFlyBSD.git/':
>>>>> SSL certificate problem: unable to get local issuer certificate
>>>>>
>>>>> I've never had to tell git where to find its CA certs:
>>>>>
>>>>> % git config --global http.sslCAinfo /etc/ssl/certs/cert.pem
>>>>> % git clone https://github.com/DragonFlyBSD/DragonFlyBSD.git
>>>>> Cloning into 'DragonFlyBSD'...
>>>>> remote: Counting objects: 508865, done.
>>>>> remote: Compressing objects: 100% (52/52), done.
>>>>>
>>>>> Tim
>>>>>
>>>>>
>>>>
>>
>>
>> --
>> Sincerely,
>>
>> Zachary Crownover
>>





More information about the Users mailing list