From nobody Sat Oct 07 11:58:26 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4S2kMm38jvz4wrmB; Sat, 7 Oct 2023 11:58:28 +0000 (UTC) (envelope-from des@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4S2kMm2kZtz3gF8; Sat, 7 Oct 2023 11:58:28 +0000 (UTC) (envelope-from des@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1696679908; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=s+rNtGH/FGLNex1Hz4XRcwg4MGmOiZkEhdjKwXVdjyM=; b=WvESoN4sXPTTwaNwADz/qbLDYlJOdaUajaRrHg60n0rW2DDNHDQjUfAAMBuzHwY4M9ftEZ f39H6HtBM5QLNkr/zomPhR1DbPoVrDNTiFTt1qlswUYJlrQiQk8vRTIA/2dC6LiXXCNgxd suF293XIAWYs1U36MhBvNLrugLpRGUQckU6FZZbD6GRTPqJgR6UdL6r1kXEDU0mogSY7/H H4FL7qgGdJ9HTxQP50lC9Tc3X2ZiWFP1/6FlvukP/kU/3QGo7LbBQfLvt3bMVPpjyGYfgW cAZ8Qk5GNUe4osUnq9Z0OJzvQP/IsS/rZujE9NAqE2xGwIPdhN7wzj+FTNi+hA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1696679908; a=rsa-sha256; cv=none; b=QOqn36Uw9Fcq0zYcMdW+5RkKUpug54vwYPB45xX+dwes2oCi0ma6P50jwvl+iphrYnVdbE JTaFiHj5Oay9CBiVTR3MV5Qh/j98K5tmyvDl62MB8Q5obWlV7Jt5M2VfP/SN1VxG/V9RVY LvCMqy9tEms0bwI5gWECAJe+zHY3hVk5oKEF/4Ick5/kemsB7IRF0H/n5QA7kvUoqWUGIO +hTW3YsX7Xdx0VIqjwhUZGaBE3oXB8Qq9kY2yL9/2ovqmhl6lQEVBCiRfaS7g/Pl7wTpsb wdX3CKSuEadibOYX17PxtWUeYJVOt8jUX1PuSdT0dRhLe8f/t8o983xa+DncRQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1696679908; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=s+rNtGH/FGLNex1Hz4XRcwg4MGmOiZkEhdjKwXVdjyM=; b=l5PEOoUZch2ML/ewfrdZUDGUApKw+gPy13Ov+hCGBKkXPXGWg4V7QXRi6ebSTvqaZlYP6p tp5B1cX6pdTXazifdQtf7W2hQ6tx7OjPThvjzteBs9llpWlCB+wz9RiNBaKqXi4dvTmfhP 7YTfwv9nUdT+hZwcFNT2vqeRXmLHOdmh9obMwc95Agzp3bP5dKKKe8JwjRxxhxEoF2XuLi 9KiEiBQKJbWjZvzqtWuM1UpyXSImSyo1JXi0dVZSZbF63EMYowFZ/Tk9S+up7gZUCYgnkA TIU5GuXxohiZpS+U4BzLMrwyZ0aU9AWJ6aZktMDzIMck1a6qutJCBvSIZ+mP8w== Received: from ltc.des.no (48.115.65.81.rev.sfr.net [81.65.115.48]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: des) by smtp.freebsd.org (Postfix) with ESMTPSA id 4S2kMm0Xljzl4j; Sat, 7 Oct 2023 11:58:28 +0000 (UTC) (envelope-from des@freebsd.org) Received: by ltc.des.no (Postfix, from userid 1001) id 4861C7599F; Sat, 7 Oct 2023 13:58:26 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Koichiro Iwao Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org, ports@freebsd.org Subject: Re: git: 483e74f44b82 - main - security/ca_root_nss: Use certctl instead of a symlink. In-Reply-To: (Koichiro Iwao's message of "Sat, 7 Oct 2023 19:56:54 +0900") References: <202310061549.396Fn8xF027032@gitrepo.freebsd.org> User-Agent: Gnus/5.13 (Gnus v5.13) Date: Sat, 07 Oct 2023 13:58:26 +0200 Message-ID: <868r8eeja5.fsf@ltc.des.no> List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Koichiro Iwao writes: > % LANG=3DC wget -O - https://www.freebsd.org > --2023-10-07 19:50:58-- https://www.freebsd.org/ > Resolving www.freebsd.org (www.freebsd.org)... 2402:3d00:fb5d::50:2, 2405= :f000:202:2541::50:3, 192.50.199.250, ... > Connecting to www.freebsd.org (www.freebsd.org)|2402:3d00:fb5d::50:2|:443= ... connected. > ERROR: cannot verify www.freebsd.org's certificate, issued by 'CN=3DR3,O= =3DLet\'s Encrypt,C=3DUS': > Unable to locally verify the issuer's authority. > To connect to www.freebsd.org insecurely, use `--no-check-certificate'. I'm unable to reproduce this on 13.2. Running wget under ktrace shows that although it first looks for the nonexistent bundle, it correctly falls back to the system trust store. $ ktrace wget -O /dev/null https://www.freebsd.org/ --2023-10-07 13:57:20-- https://www.freebsd.org/ Resolving www.freebsd.org (www.freebsd.org)... 147.28.184.45, 2604:1380:409= 1:a001::50:3 Connecting to www.freebsd.org (www.freebsd.org)|147.28.184.45|:443... conne= cted. HTTP request sent, awaiting response... 200 OK Length: 15539 (15K) [text/html] Saving to: =E2=80=98/dev/null=E2=80=99 /dev/null 100%[=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D>] 15.17K --.-KB/s in 0.001s=20=20 2023-10-07 13:57:20 (16.3 MB/s) - =E2=80=98/dev/null=E2=80=99 saved [15539/= 15539] $ kdump -tn | grep etc/ssl 606 wget NAMI "/etc/ssl/openssl.cnf" 606 wget NAMI "/etc/ssl/cert.pem" 606 wget NAMI "/etc/ssl/certs/8d33f237.0" 606 wget NAMI "/etc/ssl/certs/4042bcee.0" 606 wget NAMI "/etc/ssl/certs/4042bcee.0" 606 wget NAMI "/etc/ssl/certs/4042bcee.1" 606 wget NAMI "/etc/ssl/certs/4042bcee.1" 606 wget NAMI "/etc/ssl/certs/4042bcee.2" DES --=20 Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org