pkg 1.18.4 refuses local CAcert on 13.1-RELEASE-p2

Reply: Andrea Venturoli : "Re: pkg 1.18.4 refuses local CAcert on 13.1-RELEASE-p2"
Reply: Christoph Moench-Tegeder : "Re: pkg 1.18.4 refuses local CAcert on 13.1-RELEASE-p2"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Axel Rau <Axel.Rau_at_Chaos1.DE>
Date: Sun, 04 Sep 2022 16:42:24 UTC

While accessing my local poudriere repo I’m getting
- - -
Bootstrapping pkg from https://some_fqdn/131amd64-default, please wait...
Certificate verification failed for some_internal_CA
34391269376:error:1416F086:SSL \
routines:tls_process_server_certificate:certificate \
verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
- - -
but openssl verify shows successful verification:
- - -
# openssl s_client -connect some_fqdn:443 -6 -verify_return_error | grep verify
depth=1 some_internal_CA
verify return:1
depth=0 CN = some_fqdn
verify return:1
- - -
some_fqdn is defined in /etc/hosts only.

related repo.conf has:
- - -
some-repo: {
url: "https://some_fqdn/131amd64-default" ,
mirror_type: "HTTP",
enabled: yes,
IP_VERSION = 6,
signature_type: "pubkey",
pubkey: /usr/local/etc/ssl/certs/repo.cert
priority: 5
}
- - -

Any help appreciated,
Axel
---
PGP-Key: CDE74120  ☀  computing @ chaos claudius