On Thu, Feb 21, 2019 at 11:42:58PM +0000, Ken Moffat via blfs-support wrote: > On Thu, Feb 21, 2019 at 11:46:23AM +0000, Ken Moffat via blfs-support wrote: > > I was coming towards the end of a test build of 8.4-rc1, installing > > a few essential packages before trying to build. And then make-ca > > failed. > > > Well, that was a major misdiagnosis of *where* it was failing. I > tried adding ' || true' after invoking make-ca, and discovered it > didn't get that far. >
Unfortunately, my build is still broken. I've just ripped out: /etc/pki/ /usr/sbin/make-ca /etc/make-ca.conf.dist and /etc/ssl/local and rebuilt make-ca, followed by installing recent mozilla certificates. The output from make-ca is voluminous, I am guessing that the approximately 8 certs it is unable to load are probably expired or not from a trusted authority and nothing much to worry about. But none of the certs get extracted. At this point I don't have any of gnutls, nss, java - this is a server build, I've never needed them but I would like https: to work in e.g. links and perhaps wget or curl. unable to load certificate 140497972445696:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE Added to p11-kit anchor directory with trust ',,'. Extracting OpenSSL certificates to /etc/ssl/certs...p11-kit: 'ret >=0' not true at loader_load_directory Failed!!! Extracting GNUTLS server auth certificates to /etc/pki/tls/certs/ca-bundle.crt...p11-kit: 'ret >=0' not true at loader_load_directory Failed!!! Extracting GNUTLS S-Mime certificates to /etc/pki/tls/certs/email-ca-bundle.crt...p11-kit: 'ret >=0' not true at loader_load_directory Failed!!! Extracting GNUTLS code signing certificates to /etc/pki/tls/certs/objsign-ca-bundle.crt...p11-kit: 'ret >=0' not true at loader_load_directory Failed!!! Extracting Java cacerts (JKS) to /etc/pki/tls/java/cacerts...p11-kit: 'ret >=0' not true at loader_load_directory Failed!!! As a consequence, not only can I not test the server functionality I need, but since I want working https: in links when I start to build desktop systems, I can't test those either. I don't think I'm cut out for this any more. ĸen -- The beauty of reading a page of de Selby is that it leads one inescapably to the conclusion that one is not, of all nincompoops, the greates. -- du Garbandier -- http://lists.linuxfromscratch.org/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
