On Mon, Feb 11, 2019 at 07:26:11PM -0600, Bruce Dubbs via blfs-dev wrote: > I've been building a new version of LFS/BLFS for my workstation. Everything > has been going pretty well and I've built xfce, kf5 (for some kde apps that > I like), and Firefox-65. Most things work fine, but I am having problems > with Firefox. It will not connect with any https site, I get messages that > say the cert signer is not valid. >
That sounds vaguely like my problems some months ago, when a change in openssl broke the way we were doing something. But nothing there should have changed recently. > The build of FF had most of the dependencies. I did omit doxygen, openjdk, > valgrind, and wireless tools when building FF, but they should not have > anything to do with certs. > > I did not install PAM, but I don't see a connection there either. > None of those should affect certs. > > I have installed and run make-ca-1.2 and that seems OK. > I have not, in general, updated my existing systems from make-ca-0.X. There is a compatability symlink on the page, for my old systems that totally fails - but I maybe have more fixes than were typically in the book (re perl modules) and anyway you should not need that on a new install. > Does anyone (especially Ken or DJ) have any ideas? My impression is that (ignoring jdk) the certs should either work or fail, i.e. if they work with wget and https:// then all should be well. Your follow-up mentions wget with http:// [sic]. Google has a number of different matches for 'linux debug ca-cert errors' but you will need another system to get there via https. Did you install p11-kit and (re-) make the libnssckbi.so symlink ? ĸen -- The beauty of reading a page of de Selby is that it leads one inescapably to the conclusion that one is not, of all nincompoops, the greates. -- du Garbandier -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
