[Bug 284942] ftp/curl now seems to look for certs in /etc by default

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 21 Feb 2025 09:08:09 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284942

            Bug ID: 284942
           Summary: ftp/curl now seems to look for certs in /etc by
                    default
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: sunpoet@FreeBSD.org
          Reporter: freebsd@bengrimm.net
          Assignee: sunpoet@FreeBSD.org
             Flags: maintainer-feedback?(sunpoet@FreeBSD.org)

After upgrading to curl-8.12.1, calls to https failed with a certificate cannot
be verified error.

I found that reinstalling ca_root_nss with ETCSYMLINK enabled mitigated the
issue.

Since ETCSYMLINK had been absent in this environment since 2014 (!!), something
must have changed in curl-8.12.1 that makes it look for certs under /etc.

I understand that ETCSYMLINK may be the default setting for ca_root_ns (haven't
checked), but I think any port should default to /usr/local/ for stuff like
this. That's part of porting, after all.

Please check ;)

=====
# curl https://www.google.com
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the webpage mentioned above.

====
Also got errors on openntpd with constraints configured
(https://www.google.com)

-- 
You are receiving this mail because:
You are the assignee for the bug.