[DragonFlyBSD - Bug #3337] libressl/tls13_client.c:609

bugtracker-admin at leaf.dragonflybsd.org bugtracker-admin at leaf.dragonflybsd.org
Mon Jan 16 18:12:47 PST 2023


Issue #3337 has been updated by aswell.


tuxillo wrote in #note-3:

> BTW, if it's a 6.4 install, why is it looking for packages in "...dragonfly:6.6:x86:64... " ?
Good question. When compiling from source I decided to switch to master, so 6.4 was originally installed, but it's now running 6.6...

> The only thing that comes to mind right now is that there is some device who's doing mitm or so, hence replacing the ssl certificate with one of its own.
I had considered that, but programs that use the userland SSL library appear to work fine. It seems something is not right with the base SSL.

How can one go about replacing or updating the base SSL install?






----------------------------------------
Bug #3337: libressl/tls13_client.c:609
http://bugs.dragonflybsd.org/issues/3337#change-14481

* Author: aswell
* Status: In Progress
* Priority: Normal
* Target version: 6.4
* Start date: 2023-01-16
----------------------------------------
On a fresh install of 6.4, when attempting to install a package, the following message is received:
<pre><code class="shell">
root at server0:/tmp # pkg update                                                                   
Updating Avalon repository catalogue...
Certificate verification failed for /C=US/O=Let's Encrypt/CN=R3
Certificate verification failed for /C=US/O=Let's Encrypt/CN=R3
Certificate verification failed for /C=US/O=Let's Encrypt/CN=R3
34395427332:error:14FFF086:SSL routines:(UNKNOWN)SSL_internal:certificate verify failed:/usr/src/lib/libressl/../../crypto/libressl/ssl/tls13_client.c:609:
pkg: https://mirror-master.dragonflybsd.org/dports/dragonfly:6.6:x86:64/LATEST/packagesite.txz: Authentication error
Unable to update repository Avalon
Error updating repositories!
</code></pre>

Editing /usr/local/etc/pkg/repos/df-latest.conf and changing 'https' to 'http' results in a working update.
 
Also, an attempt to fetch a file:
<pre><code class="shell">
root at server0:/tmp # fetch https://download.freebsd.org/releases/amd64/amd64/ISO-IMAGES/13.1/FreeBSD-13.1-RELEASE-amd64-memstick.img.xz
Certificate verification failed for /C=US/O=Let's Encrypt/CN=R3
Certificate verification failed for /C=US/O=Let's Encrypt/CN=R3
Certificate verification failed for /C=US/O=Let's Encrypt/CN=R3
34380796420:error:14FFF086:SSL routines:(UNKNOWN)SSL_internal:certificate verify failed:/usr/src/lib/libressl/../../crypto/libressl/ssl/tls13_client.c:609:
fetch: https://download.freebsd.org/releases/amd64/amd64/ISO-IMAGES/13.1/FreeBSD-13.1-RELEASE-amd64-memstick.img.xz: Authentication error
</code></pre>

Just for good measure, downloaded source and rebuilt world/kernel and rebooted, but whatever is causing the problem remains. 

Interestingly, a few other machines with recent 6.4 installs do not exhibit this issue.

Suggestions?




-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account


More information about the Bugs mailing list