From nobody Mon Sep 20 15:20:38 2021
X-Original-To: freebsd-arm@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7305617C5EBF
	for <freebsd-arm@mlmmj.nyi.freebsd.org>; Mon, 20 Sep 2021 15:31:01 +0000 (UTC)
	(envelope-from dch@skunkwerks.at)
Received: from new2-smtp.messagingengine.com (new2-smtp.messagingengine.com [66.111.4.224])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4HCpRn28K3z3jH9
	for <freebsd-arm@freebsd.org>; Mon, 20 Sep 2021 15:31:01 +0000 (UTC)
	(envelope-from dch@skunkwerks.at)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
	by mailnew.nyi.internal (Postfix) with ESMTP id D817C580A5D;
	Mon, 20 Sep 2021 11:21:08 -0400 (EDT)
Received: from imap44 ([10.202.2.94])
  by compute4.internal (MEProxy); Mon, 20 Sep 2021 11:21:08 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at;
	 h=mime-version:message-id:in-reply-to:references:date:from:to
	:cc:subject:content-type:content-transfer-encoding; s=fm3; bh=S/
	ooOWkI9rjwANg4ExVv3/3guglEa2KLDtx6bkAO3bk=; b=fhVdKyCfiJfw4i4Sad
	ucU84IhyMMs3tfoAiFZjFwfs0Q8iuXvX6qKkAZh/6gI2K88UhaVGHZVyjcXgx+gB
	CDXpyIc/5Tb2jlKixvI79rvLQMugFi+5OX2M03D8GrRUwbgYLp4CQqUAzkJiB775
	NlnWa6SrfztFpX0gtQmrvHxBnbVh4GGuTbuPc2vbXCEGQ9nSB9Rh6wYMp1ke6MdY
	gtuytpWujUJ8EzH7fCn7FQyT7TmstFIWUOqLURdXuaS5J82y4hKpEjuIBx0wlu62
	Dz3AFRd/1DGLO6vZqHzuxyH56pQG7sUN2MLk6RwL1Ie5dj12q936R9ePpcCqwI2J
	r78A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:date:from:in-reply-to:message-id:mime-version:references
	:subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
	:x-sasl-enc; s=fm3; bh=S/ooOWkI9rjwANg4ExVv3/3guglEa2KLDtx6bkAO3
	bk=; b=mWPDq6qj65LO3VtFHEKtfcOykqmJbntshqVYF+Oin42iPFGa/S5ycDKac
	kZLIUeJwO8rngCGPKXVCE0r56xk2TdSLClULqJkQt5KHJm+iXFkxTFoaiKKtCcNR
	e9L7z10OfjF/kgVjXKi6DPLWPXYr4HL9PZt9jxAoeGcEn9TdIprqGUpmD6NYSaIf
	LhSRtk2I8vGWvDKisoC9r4YC9/TGKbgg8STrnyPEauuztSFHv4qgq9AL8DDc9DmH
	e+8WmgI4Yu0d0RG4Z7S7UUKyuuXwvlDNnah5Zzqd5NPLxafL2jlRa2Hcj5T8oB2A
	uzMk6Icw7rz/UCa83NNDqJ+yo9CkA==
X-ME-Sender: <xms:2qZIYTacGmENDWoALjhKWVW8ixspyMDLkl9-ilSxfDYCiJZHzypqjg>
    <xme:2qZIYSYja17YcrT7hNMwffC6wNqZpEQ50x4Mo7D9OYWSorP6QW7_Ot2EXBGau5jSA
    7AWRpnl9VkUpgepCA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrudeivddgkeejucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
    cujfgurhepofgfggfkjghffffhvffutgfgsehtqhertderreejnecuhfhrohhmpedfffgr
    vhgvucevohhtthhlvghhuhgsvghrfdcuoegutghhsehskhhunhhkfigvrhhkshdrrghtqe
    enucggtffrrghtthgvrhhnpedthfeigfdugfdvieetieefgeefueffueetgeejtdfhvdff
    hfeljeevveffhedvleenucffohhmrghinhepfhhrvggvsghsugdrohhrghdpnhhtphdroh
    hrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegu
    tghhsehskhhunhhkfigvrhhkshdrrght
X-ME-Proxy: <xmx:2qZIYV9zmscgXdEcU6GEZt9ttx4s0ebwx6EJHhOiZFQFMwJCepxUMw>
    <xmx:2qZIYZrl4cIPcJQqGGywYcJmvx1bY2WtB_9eaRuca-lkt-f2JenCwQ>
    <xmx:2qZIYerismAQW4BNSHviT6NT0q5UDcHTK8FudsA1mpB-J3ulyPiuKg>
    <xmx:5KZIYb0XkrX5TfaJ7rT-GJNW2fb1YXYqZ0KEtNu6EF-LgH2gcYSpAA>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id 89F8FFA0AA5; Mon, 20 Sep 2021 11:20:58 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-1291-gc66fc0a3a2-fm-20210913.001-gc66fc0a3
List-Id: Porting FreeBSD to ARM processors <freebsd-arm.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-arm
List-Help: <mailto:freebsd-arm+help@freebsd.org>
List-Post: <mailto:freebsd-arm@freebsd.org>
List-Subscribe: <mailto:freebsd-arm+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-arm+unsubscribe@freebsd.org>
Sender: owner-freebsd-arm@freebsd.org
Mime-Version: 1.0
Message-Id: <597b8064-8acb-4ac4-87ff-8c609a9bc602@www.fastmail.com>
In-Reply-To: <F1F1C175-2E41-4597-A356-FB7B1A73A663@kronometrix.org>
References: <F1F1C175-2E41-4597-A356-FB7B1A73A663@kronometrix.org>
Date: Mon, 20 Sep 2021 15:20:38 +0000
From: "Dave Cottlehuber" <dch@skunkwerks.at>
To: "Stefan Parvu" <sparvu@kronometrix.org>
Cc: freebsd-arm <freebsd-arm@freebsd.org>
Subject: Re: FreeBSD 13 source code using git clone fails
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: 4HCpRn28K3z3jH9
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-4.00 / 15.00];
	 REPLY(-4.00)[]
X-ThisMailContainsUnwantedMimeParts: N

On Mon, 20 Sep 2021, at 14:47, Stefan Parvu wrote:
> Hi,
>=20
> Im trying to get the source code, for FreeBSD 13 release. I did:
>=20
> # cd /usr
> # git clone -b releng/13.0 https://git.freebsd.org/src.git src
> Cloning into 'src'...
> fatal: unable to access 'https://git.freebsd.org/src.git/': SSL=20
> certificate problem: certificate is not yet valid
>=20
> or
>=20
> # git clone -o freebsd https://git.FreeBSD.org/src.git src
> Cloning into 'src'...
> fatal: unable to access 'https://git.FreeBSD.org/src.git/': SSL=20
> certificate problem: certificate is not yet valid
>=20
> !? I have ca_root_nss installed version 3.63 =E2=80=A6 Anything I need=
 to know,=20
> or am I doing something wrong?
>=20
> Thanks,
> Stefan

Likely your local clock is out of sync, try running ntpdate to check:

## query only
$ ntpdate -v -q pool.ntp.org
20 Sep 15:15:34 ntpdate[53]: ntpdate 4.2.8p15-a (1)
server 178.251.64.52, stratum 2, offset -0.001053, delay 0.03278
server 83.137.41.12, stratum 2, offset -0.000837, delay 0.04124
server 91.206.8.34, stratum 2, offset -0.001008, delay 0.03271
server 83.68.137.76, stratum 2, offset -0.001622, delay 0.03415

And update as needed.

I have this in /etc/rc.conf

ntpd_enable=3DYES
ntpd_sync_on_start=3DYES

which should bring it into line immediately on system boot,
or `service ntpd restart`.

You should be able to check cert status using curl:

$ curl --cert-status -kvsSLo /dev/null https://git.FreeBSD.org/src.git

*   Trying 139.178.72.204:443...
* Connected to git.FreeBSD.org (139.178.72.204) port 443 (#0) <----------
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /usr/local/share/certs/ca-root-nss.crt
*  CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [112 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [4279 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [556 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=3Dgit.freebsd.org
*  start date: Sep 10 20:14:08 2021 GMT   <------------
*  expire date: Dec  9 20:14:07 2021 GMT  <------------
*  issuer: C=3DUS; O=3DLet's Encrypt; CN=3DR3
*  SSL certificate verify ok.
* No OCSP response received
* Closing connection 0
} [5 bytes data]
* TLSv1.2 (OUT), TLS alert, close notify (256):
} [2 bytes data]
curl: (91) No OCSP response received

I'm clearly connecting to gitmir.pkt.freebsd.org, yours could be differe=
nt. If so, paste full curl response so we see the IP and the TLS cert de=
tails.

Best to use freebsd-questions list next time.

A+
Dave