Re: FreeBSD 13 source code using git clone fails
- Reply: Stefan Parvu : "Re: FreeBSD 13 source code using git clone fails"
- In reply to: Stefan Parvu : "FreeBSD 13 source code using git clone fails"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 20 Sep 2021 15:20:38 UTC
On Mon, 20 Sep 2021, at 14:47, Stefan Parvu wrote: > Hi, > > Im trying to get the source code, for FreeBSD 13 release. I did: > > # cd /usr > # git clone -b releng/13.0 https://git.freebsd.org/src.git src > Cloning into 'src'... > fatal: unable to access 'https://git.freebsd.org/src.git/': SSL > certificate problem: certificate is not yet valid > > or > > # git clone -o freebsd https://git.FreeBSD.org/src.git src > Cloning into 'src'... > fatal: unable to access 'https://git.FreeBSD.org/src.git/': SSL > certificate problem: certificate is not yet valid > > !? I have ca_root_nss installed version 3.63 … Anything I need to know, > or am I doing something wrong? > > Thanks, > Stefan Likely your local clock is out of sync, try running ntpdate to check: ## query only $ ntpdate -v -q pool.ntp.org 20 Sep 15:15:34 ntpdate[53]: ntpdate 4.2.8p15-a (1) server 178.251.64.52, stratum 2, offset -0.001053, delay 0.03278 server 83.137.41.12, stratum 2, offset -0.000837, delay 0.04124 server 91.206.8.34, stratum 2, offset -0.001008, delay 0.03271 server 83.68.137.76, stratum 2, offset -0.001622, delay 0.03415 And update as needed. I have this in /etc/rc.conf ntpd_enable=YES ntpd_sync_on_start=YES which should bring it into line immediately on system boot, or `service ntpd restart`. You should be able to check cert status using curl: $ curl --cert-status -kvsSLo /dev/null https://git.FreeBSD.org/src.git * Trying 139.178.72.204:443... * Connected to git.FreeBSD.org (139.178.72.204) port 443 (#0) <---------- * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /usr/local/share/certs/ca-root-nss.crt * CApath: none } [5 bytes data] * TLSv1.3 (OUT), TLS handshake, Client hello (1): } [512 bytes data] * TLSv1.3 (IN), TLS handshake, Server hello (2): { [112 bytes data] * TLSv1.2 (IN), TLS handshake, Certificate (11): { [4279 bytes data] * TLSv1.2 (IN), TLS handshake, Server key exchange (12): { [556 bytes data] * TLSv1.2 (IN), TLS handshake, Server finished (14): { [4 bytes data] * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): } [37 bytes data] * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): } [1 bytes data] * TLSv1.2 (OUT), TLS handshake, Finished (20): } [16 bytes data] * TLSv1.2 (IN), TLS handshake, Finished (20): { [16 bytes data] * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: CN=git.freebsd.org * start date: Sep 10 20:14:08 2021 GMT <------------ * expire date: Dec 9 20:14:07 2021 GMT <------------ * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok. * No OCSP response received * Closing connection 0 } [5 bytes data] * TLSv1.2 (OUT), TLS alert, close notify (256): } [2 bytes data] curl: (91) No OCSP response received I'm clearly connecting to gitmir.pkt.freebsd.org, yours could be different. If so, paste full curl response so we see the IP and the TLS cert details. Best to use freebsd-questions list next time. A+ Dave