On Tue, Oct 10, 2023 at 03:56:56PM +0200, Manuel Bouyer wrote:
> Hello
> with netbsd-10 from oct, 2 ftp fails to connect to https sites:
> tchatcha:/chroot/usr/pkgsrc-2023Q3/pkgsrc/sysutils/xenkernel418>ftp -o /tmp/o
> https://ftp.netbsd.org/
> Trying [2001:470:a085:999::21]:443 ...
> ftp: Can't connect to `2001:470:a085:999::21:443': No route to host
> Trying 199.233.217.201:443 ...
> :error:0A86:SSL
> routines:tls_post_process_server_certificate:certificate verify
> failed:/usr/src/crypto/external/bsd/openssl/dist/ssl/statem/statem_clnt.c:1889:
> ftp: Can't connect to `ftp.netbsd.org:https'
>
>
> I have a ca-certificates.crt in /etc/openssl/certs/, I tried to re-run
> certctl but it didn't help.
> I see the same issue with downloads.xen.org
>
> It seems that not all roots are installed ?
With some help from Thomas I found the problem:
I had a /etc/openssl/openssl.cnf lying around and this caused trouble.
After a rm -r /etc/openssl/* and postinstall again, _ have the certs.
/etc/openssl (I guess I only did rm -rf /etc/openssl/certs* before) and
this fixed things. /etc/openssl/certs.conf has more things now. Before it had
only
netbsd-certctl 20230816
--
Manuel Bouyer
NetBSD: 26 ans d'experience feront toujours la difference
--
