[Bug 256902] libfetch breaks usage of certctl managed store when security/ca_root_nss is installed

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 256902] libfetch breaks usage of certctl managed store when security/ca_root_nss is installed"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 30 Jun 2021 11:56:19 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256902

--- Comment #1 from Michael Osipov <michael.osipov@siemens.com> ---
fetch output:
> root@deblndw013x:/usr/ports
> # fetch -v https://deblndw011x.ad001.siemens.net/
> resolving server address: deblndw011x.ad001.siemens.net:443
> SSL options: 82004854
> Peer verification enabled
> Using CA cert file: /usr/local/etc/ssl/cert.pem
> Certificate verification failed for /C=DE/ST=Bayern/L=Muenchen/O=Siemens/serialNumber=ZZZZZZA1/OU=Siemens Trust Center/CN=Siemens Root CA V3.0 2016
> 34370727936:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
> fetch: https://deblndw011x.ad001.siemens.net/: Authentication error

> root@deblndw013x:/usr/ports
> # SSL_CA_CERT_PATH=/etc/ssl/certs  fetch -v https://deblndw011x.ad001.siemens.net/
> resolving server address: deblndw011x.ad001.siemens.net:443
> SSL options: 82004854
> Peer verification enabled
> Using CA cert file: /usr/local/etc/ssl/cert.pem
> Using CA cert path: /etc/ssl/certs
> Verify hostname
> TLSv1.3 connection established using TLS_AES_256_GCM_SHA384
> Certificate subject: /C=DE/O=Siemens/OU=LDA DW/CN=deblndw011x.ad001.siemens.net
> Certificate issuer: /C=DE/ST=Bayern/L=Muenchen/O=Siemens/serialNumber=ZZZZZZB7/OU=Siemens Trust Center/CN=Siemens Issuing CA Intranet Server 2017
> requesting https://deblndw011x.ad001.siemens.net/
> remote size / mtime: 45 / 1623218965
> fetch.out                                               45  B  811 kBps    00s

-- 
You are receiving this mail because:
You are the assignee for the bug.