Re: git: 483e74f44b82 - main - security/ca_root_nss: Use certctl instead of a symlink.
Date: Sat, 07 Oct 2023 12:03:19 UTC
On Sat, Oct 07, 2023 at 01:58:26PM +0200, Dag-Erling Smørgrav wrote: > Koichiro Iwao <meta@freebsd.org> writes: > > % LANG=C wget -O - https://www.freebsd.org > > --2023-10-07 19:50:58-- https://www.freebsd.org/ > > Resolving www.freebsd.org (www.freebsd.org)... 2402:3d00:fb5d::50:2, 2405:f000:202:2541::50:3, 192.50.199.250, ... > > Connecting to www.freebsd.org (www.freebsd.org)|2402:3d00:fb5d::50:2|:443... connected. > > ERROR: cannot verify www.freebsd.org's certificate, issued by 'CN=R3,O=Let\'s Encrypt,C=US': > > Unable to locally verify the issuer's authority. > > To connect to www.freebsd.org insecurely, use `--no-check-certificate'. > > I'm unable to reproduce this on 13.2. Running wget under ktrace shows > that although it first looks for the nonexistent bundle, it correctly > falls back to the system trust store. > > $ ktrace wget -O /dev/null https://www.freebsd.org/ > --2023-10-07 13:57:20-- https://www.freebsd.org/ > Resolving www.freebsd.org (www.freebsd.org)... 147.28.184.45, 2604:1380:4091:a001::50:3 > Connecting to www.freebsd.org (www.freebsd.org)|147.28.184.45|:443... connected. > HTTP request sent, awaiting response... 200 OK > Length: 15539 (15K) [text/html] > Saving to: ‘/dev/null’ > > /dev/null 100%[===================>] 15.17K --.-KB/s in 0.001s > > 2023-10-07 13:57:20 (16.3 MB/s) - ‘/dev/null’ saved [15539/15539] > > $ kdump -tn | grep etc/ssl > 606 wget NAMI "/etc/ssl/openssl.cnf" > 606 wget NAMI "/etc/ssl/cert.pem" > 606 wget NAMI "/etc/ssl/certs/8d33f237.0" > 606 wget NAMI "/etc/ssl/certs/4042bcee.0" > 606 wget NAMI "/etc/ssl/certs/4042bcee.0" > 606 wget NAMI "/etc/ssl/certs/4042bcee.1" > 606 wget NAMI "/etc/ssl/certs/4042bcee.1" > 606 wget NAMI "/etc/ssl/certs/4042bcee.2" Thanks for the confirmation. I will check again. -- meta <meta@FreeBSD.org>