[DragonFlyBSD - Bug #3337] libressl/tls13_client.c:609

bugtracker-admin at leaf.dragonflybsd.org bugtracker-admin at leaf.dragonflybsd.org
Mon Jan 16 16:13:50 PST 2023


Issue #3337 has been updated by tuxillo.


> 
> Unfortunately the machine with the issue is remote, good machines are local. Any suggestions on how to resolve?

The only thing that comes to mind right now is that there is some device who's doing mitm or so, hence replacing the ssl certificate with one of its own.

BTW, if it's a 6.4 install, why is it looking for packages in "...dragonfly:6.6:x86:64... " ?

----------------------------------------
Bug #3337: libressl/tls13_client.c:609
http://bugs.dragonflybsd.org/issues/3337#change-14480

* Author: aswell
* Status: In Progress
* Priority: Normal
* Target version: 6.4
* Start date: 2023-01-16
----------------------------------------
On a fresh install of 6.4, when attempting to install a package, the following message is received:
<pre><code class="shell">
root at server0:/tmp # pkg update                                                                   
Updating Avalon repository catalogue...
Certificate verification failed for /C=US/O=Let's Encrypt/CN=R3
Certificate verification failed for /C=US/O=Let's Encrypt/CN=R3
Certificate verification failed for /C=US/O=Let's Encrypt/CN=R3
34395427332:error:14FFF086:SSL routines:(UNKNOWN)SSL_internal:certificate verify failed:/usr/src/lib/libressl/../../crypto/libressl/ssl/tls13_client.c:609:
pkg: https://mirror-master.dragonflybsd.org/dports/dragonfly:6.6:x86:64/LATEST/packagesite.txz: Authentication error
Unable to update repository Avalon
Error updating repositories!
</code></pre>

Editing /usr/local/etc/pkg/repos/df-latest.conf and changing 'https' to 'http' results in a working update.
 
Also, an attempt to fetch a file:
<pre><code class="shell">
root at server0:/tmp # fetch https://download.freebsd.org/releases/amd64/amd64/ISO-IMAGES/13.1/FreeBSD-13.1-RELEASE-amd64-memstick.img.xz
Certificate verification failed for /C=US/O=Let's Encrypt/CN=R3
Certificate verification failed for /C=US/O=Let's Encrypt/CN=R3
Certificate verification failed for /C=US/O=Let's Encrypt/CN=R3
34380796420:error:14FFF086:SSL routines:(UNKNOWN)SSL_internal:certificate verify failed:/usr/src/lib/libressl/../../crypto/libressl/ssl/tls13_client.c:609:
fetch: https://download.freebsd.org/releases/amd64/amd64/ISO-IMAGES/13.1/FreeBSD-13.1-RELEASE-amd64-memstick.img.xz: Authentication error
</code></pre>

Just for good measure, downloaded source and rebuilt world/kernel and rebooted, but whatever is causing the problem remains. 

Interestingly, a few other machines with recent 6.4 installs do not exhibit this issue.

Suggestions?




-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account


More information about the Bugs mailing list