Dear All, On Wed, Jan 05, 2022 at 05:03:44PM +0100, Arrigo Marchiori wrote:
> Dear All, > > one more status update. > > On Sat, Dec 25, 2021 at 09:57:03PM +0100, Arrigo Marchiori wrote: > > > Dear All, > > > > first of all: merry Christmas! > > > > On Thu, Dec 09, 2021 at 06:00:58PM +0000, Pedro Lino wrote: > > > > > Hi Matthias > > > > > > > On 12/09/2021 3:20 PM Matthias Seidel <matthias.sei...@hamburg.de> > > > > wrote: > > > > > > > Is this a real machine or a VM? > > > > > > It is a real machine > > > > > > > I ask, because I have seen the Update Feed fail on Ubuntu in a VM when > > > > it definitely worked on my Laptop. > > > > > > There were a lot of errors during unpack, as I said. > > > > What kind of errors? Maybe permission issues? > > I hope I will eventually get a trunk build right for everyone... > > > > By the way the problem _under Linux_ may or may not be due to > > TLS... in fact the error message is "Device or resource busy". There > > is something _inside_ serf that is failing; I am not sure it is a > > network protocol issue. > > > > I am looking into this issue in my available time. > > It's true that the returned value (16) corresponds to "Device or > resource busy"... but it _also_ corresponds to > SERF_SSL_CERT_UNKNOWN_FAILURE ! And _this_ is the error! > > This error is raised during the verification of the SSL certificate > chain. We are in method SerfSession::verifySerfCertificateChain(). > Apparently, we have a certificate with subject "CN=*.apache.org" and > we are asking our certificate container if it "has" and "trusts" such > certificate for URL ooo-updates.apache.org. > > The call (simply described) is: > CertificateContainer::hasCertificate("ooo-updates.apache.org", > "*.apache.org") > > Surprisingly (to me at least), this returns > security::CertificateContainerStatus_UNTRUSTED > > This breaks the update request process. The culprit is the nss library. Our method SecurityEnvironment_NssImpl::verifyCertificate calls CERT_PKIXVerifyCert() that returns failure. The reason is error -8172, "Peer's certificate issuer has been marked as not trusted by the user." Work is still in progress... -- Arrigo --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org