Re: [Fink-devel] OpenSSL 1.0.2 certificates

Wed, 04 Jan 2017 03:48:08 -0800 

On 1/2/17 9:19 AM, Derek Homeier wrote:
> Hi,
>
> I want to check if I am doing something very stupid here, since I am unable 
> to properly
> use any apps linking to openssl100-shlibs (among others wget and python) 
> since approximately
> the update to openssl-1.0.2, as it refuses to accept almost any host 
> certificate:
>
> ariel:15579> curl -O https://www.openssl.org/source/openssl-1.0.2j.tar.gz
> % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
>                             Dload  Upload   Total   Spent    Left  Speed
> 100 5183k  100 5183k    0     0   985k      0  0:00:05  0:00:05 --:--:-- 1266k
> ariel:15580> wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz
> --2017-01-02 15:03:01--  https://www.openssl.org/source/openssl-1.0.2j.tar.gz
> Resolving www.openssl.org... 2600:1406:1a:38f::c1e, 2600:1406:1a:38e::c1e, 
> 104.91.180.27
> Connecting to www.openssl.org|2600:1406:1a:38f::c1e|:443... connected.
> ERROR: cannot verify www.openssl.org's certificate, issued by ‘CN=Let's 
> Encrypt Authority X3,O=Let's Encrypt,C=US’:
> Unable to locally verify the issuer's authority.
> To connect to www.openssl.org insecurely, use `--no-check-certificate'.

according to 'fink info wget', you have to edit .wgetrc so that wget 
knows about the ca-bundle certificates.

   1. Install the 'ca-bundle' package.
   2. If you don't currently have $HOME/.wgetrc, generate it via
  .
        cp /sw/etc/wgetrc $HOME/.wgetrc
  .
   3. Edit $HOME/.wgetrc with your favorite text editor and add the
        following line to it:
  .
        ca_certificate = /sw/etc/ssl/certs/ca-bundle.crt

I can confirm that wget fails here similarly to you before the edit, and 
downloads find after the change.

Hanspeter


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Fink-devel mailing list
Fink-devel@lists.sourceforge.net
List archive:
https://sourceforge.net/p/fink/mailman/fink-devel
Subscription management:
https://lists.sourceforge.net/lists/listinfo/fink-devel

Reply via email to