[DragonFlyBSD - Bug #3337] (Resolved) libressl/tls13_client.c:609

bugtracker-admin at leaf.dragonflybsd.org bugtracker-admin at leaf.dragonflybsd.org
Mon Jan 16 19:31:29 PST 2023


Issue #3337 has been updated by aswell.

Status changed from In Progress to Resolved


*Update:* It is now working properly. Nothing changed with the server, but I just went to test further, and both _pkg_ and _fetch_ work using https, without error.

So, either your mitm hypothesis was correct, or I stumbled on a glitch in the matrix...but either way the problem resolved itself.

Thanks for your feedback, much appreciated.


----------------------------------------
Bug #3337: libressl/tls13_client.c:609
http://bugs.dragonflybsd.org/issues/3337#change-14482

* Author: aswell
* Status: Resolved
* Priority: Normal
* Target version: 6.4
* Start date: 2023-01-16
----------------------------------------
On a fresh install of 6.4, when attempting to install a package, the following message is received:
<pre><code class="shell">
root at server0:/tmp # pkg update                                                                   
Updating Avalon repository catalogue...
Certificate verification failed for /C=US/O=Let's Encrypt/CN=R3
Certificate verification failed for /C=US/O=Let's Encrypt/CN=R3
Certificate verification failed for /C=US/O=Let's Encrypt/CN=R3
34395427332:error:14FFF086:SSL routines:(UNKNOWN)SSL_internal:certificate verify failed:/usr/src/lib/libressl/../../crypto/libressl/ssl/tls13_client.c:609:
pkg: https://mirror-master.dragonflybsd.org/dports/dragonfly:6.6:x86:64/LATEST/packagesite.txz: Authentication error
Unable to update repository Avalon
Error updating repositories!
</code></pre>

Editing /usr/local/etc/pkg/repos/df-latest.conf and changing 'https' to 'http' results in a working update.
 
Also, an attempt to fetch a file:
<pre><code class="shell">
root at server0:/tmp # fetch https://download.freebsd.org/releases/amd64/amd64/ISO-IMAGES/13.1/FreeBSD-13.1-RELEASE-amd64-memstick.img.xz
Certificate verification failed for /C=US/O=Let's Encrypt/CN=R3
Certificate verification failed for /C=US/O=Let's Encrypt/CN=R3
Certificate verification failed for /C=US/O=Let's Encrypt/CN=R3
34380796420:error:14FFF086:SSL routines:(UNKNOWN)SSL_internal:certificate verify failed:/usr/src/lib/libressl/../../crypto/libressl/ssl/tls13_client.c:609:
fetch: https://download.freebsd.org/releases/amd64/amd64/ISO-IMAGES/13.1/FreeBSD-13.1-RELEASE-amd64-memstick.img.xz: Authentication error
</code></pre>

Just for good measure, downloaded source and rebuilt world/kernel and rebooted, but whatever is causing the problem remains. 

Interestingly, a few other machines with recent 6.4 installs do not exhibit this issue.

Suggestions?




-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account



More information about the Bugs mailing list