recent netbsd-7 certificate issue (unable to access google etc)
Is anyone seeing this? With recent netbsd-7/amd64 (201502092140Z downloaded from nyftp), and pkgsrc rebuilt from source yesterday I'm unable to access google from firefox, and konquerer gives a certificate error for the top certificate in the chain (details below). Common name: GeoTrust Global CA Organisation: GeoTrust Inc. Country: US: Issuer Orgaisation: Equifax Issuer Organizational Unit: Equifax Secure Certificate Authority Issuer Country: US: Trusted: NO, there were errors: The certificate authority's certificate is invalid The root certificate authority's certificate is not trusted for this purpose Validity: 2002-05-21 04:00 to 2018-08-21 04:00 Serial: 1227750 MD5: 2e7db2a31d0e3da4b25f49b9542a2e1a SHA1: 7359755c6df9a0abc3060bce369564c8ec4542a3
Re: ntpdc fails, ntpq works (Was: recent netbsd-7 certificate issue...)
On 12 February 2015 at 11:50, Manuel Bouyer bou...@antioche.eu.org wrote: On Thu, Feb 12, 2015 at 10:49:40AM +, David Brownlee wrote: [...] Bonus question - is anyone running ntpd on NetBSD-7 and does 'peers' work for them? xen1:/usr/pkg/etc/xen#ntpq -c peer remote refid st t when poll reach delay offset jitter Aha, looks like my problem is with ntpdc - ntpq works fine for me also. Does ntpdc fail for you? Thanks!
Re: recent netbsd-7 certificate issue (unable to access google etc)
Time/date seem OK. I checked at the time, but now I just ran an 'ntpdc -c peers' to show the exact offset and it looks like ntpd is just timing out which is quite odd (time is certainly within a few seconds). Now I check my other netbsd-7 boxes are timing out on 'ntpdc -c peers'. Bonus question - is anyone running ntpd on NetBSD-7 and does 'peers' work for them? On 12 February 2015 at 09:55, Chavdar Ivanov ci4...@gmail.com wrote: This happened to me on a Windows machine a few days ago when I had set the time to 2nd of May instead of 5th of February in the BIOS (it was MM/DD/ fields, I entered DD/MM/, obviously). Receiving this message from Google was my first indication that the date was wrong. Chavdar Ivanov On Thu Feb 12 2015 at 9:28:22 AM David Brownlee a...@absd.org wrote: Is anyone seeing this? With recent netbsd-7/amd64 (201502092140Z downloaded from nyftp), and pkgsrc rebuilt from source yesterday I'm unable to access google from firefox, and konquerer gives a certificate error for the top certificate in the chain (details below). Common name: GeoTrust Global CA Organisation: GeoTrust Inc. Country: US: Issuer Orgaisation: Equifax Issuer Organizational Unit: Equifax Secure Certificate Authority Issuer Country: US: Trusted: NO, there were errors: The certificate authority's certificate is invalid The root certificate authority's certificate is not trusted for this purpose Validity: 2002-05-21 04:00 to 2018-08-21 04:00 Serial: 1227750 MD5: 2e7db2a31d0e3da4b25f49b9542a2e1a SHA1: 7359755c6df9a0abc3060bce369564c8ec4542a3
daily CVS update output
Updating src tree: P src/distrib/utils/embedded/conf/rpi.conf P src/games/dab/dab.6 P src/libexec/getty/ttys.5 P src/sys/arch/arm/arm32/bus_dma.c P src/sys/arch/mips/mips/bus_space_alignstride_chipdep.c P src/sys/arch/sparc64/conf/GENERIC P src/sys/arch/sparc64/conf/files.sparc64 U src/sys/arch/sparc64/dev/vpci.c U src/sys/arch/sparc64/dev/vpcivar.h P src/sys/dev/usb/if_axen.c P src/sys/net/bpfjit.c P src/sys/rump/listsrcdirs Updating xsrc tree: Killing core files: Running the SUP scanner: SUP Scan for current starting at Fri Feb 13 03:04:42 2015 SUP Scan for current completed at Fri Feb 13 03:04:58 2015 SUP Scan for mirror starting at Fri Feb 13 03:04:58 2015 SUP Scan for mirror completed at Fri Feb 13 03:07:40 2015 Updating file list: -rw-rw-r-- 1 srcmastr netbsd 49179434 Feb 13 03:09 ls-lRA.gz
Re: ntpdc fails, ntpq works (Was: recent netbsd-7 certificate issue...)
In article 20150212130445.ga10...@asim.lip6.fr, Manuel Bouyer bou...@antioche.eu.org wrote: On Thu, Feb 12, 2015 at 12:11:13PM +, David Brownlee wrote: On 12 February 2015 at 11:50, Manuel Bouyer bou...@antioche.eu.org wrote: On Thu, Feb 12, 2015 at 10:49:40AM +, David Brownlee wrote: [...] Bonus question - is anyone running ntpd on NetBSD-7 and does 'peers' work for them? xen1:/usr/pkg/etc/xen#ntpq -c peer remote refid st t when poll reach delay offset jitter Aha, looks like my problem is with ntpdc - ntpq works fine for me also. Does ntpdc fail for you? yes, it fails too, with a timeout. You need to read the ntp.conf file: # New ntpd disables the ntpdc protocol by default, to re-enable uncomment # the following line # enable mode7 christos
Re: ntpdc fails, ntpq works (Was: recent netbsd-7 certificate issue...)
On Thu, Feb 12, 2015 at 12:11:13PM +, David Brownlee wrote: On 12 February 2015 at 11:50, Manuel Bouyer bou...@antioche.eu.org wrote: On Thu, Feb 12, 2015 at 10:49:40AM +, David Brownlee wrote: [...] Bonus question - is anyone running ntpd on NetBSD-7 and does 'peers' work for them? xen1:/usr/pkg/etc/xen#ntpq -c peer remote refid st t when poll reach delay offset jitter Aha, looks like my problem is with ntpdc - ntpq works fine for me also. Does ntpdc fail for you? yes, it fails too, with a timeout. -- Manuel Bouyer bou...@antioche.eu.org NetBSD: 26 ans d'experience feront toujours la difference --
Re: ntpdc fails, ntpq works (Was: recent netbsd-7 certificate issue...)
On Thu, Feb 12, 2015 at 02:04:45PM +0100, Manuel Bouyer wrote: yes, it fails too, with a timeout. The default config has been changed to deny more query types, so this is expected behaviour. Martin
Re: ntpdc fails, ntpq works (Was: recent netbsd-7 certificate issue...)
On 12 February 2015 at 14:13, Christos Zoulas chris...@astron.com wrote: In article 20150212130445.ga10...@asim.lip6.fr, Manuel Bouyer bou...@antioche.eu.org wrote: On Thu, Feb 12, 2015 at 12:11:13PM +, David Brownlee wrote: [...] Aha, looks like my problem is with ntpdc - ntpq works fine for me also. Does ntpdc fail for you? yes, it fails too, with a timeout. You need to read the ntp.conf file: # New ntpd disables the ntpdc protocol by default, to re-enable uncomment # the following line # enable mode7 Ah, many thanks, and sorry for the noise. There is nothing I needed from ntpdc that ntpq will not provide. Time to retrain my muscle memory :)
Re: What modern chipsets / motherboards are supported right now?
Hi, On 12 Feb 2015, at 11:59 , Chavdar Ivanov ci4...@gmail.com wrote: A few caveats: - fwohci does not reinitialize after a reboot or h/w reset - needs cold start. I didn't need it, so I modified boot.cfg to include 'userconf disable fwohci'. - The USB keyboard is not functional after 'boot -c'. Needs more testing, but I think it is probably a good starting point. I will play a little bit more once my live build from today gets ready, Chavdar Ivanov On Thu Feb 12 2015 at 9:23:16 AM Chavdar Ivanov ci4...@gmail.com wrote: Here is a dmesg.boot from recent -current amd64 on an ASUS Z97WS, if that is of interest. It is. Many thanks. Regards, Johan signature.asc Description: Message signed with OpenPGP using GPGMail
Re: recent netbsd-7 certificate issue (unable to access google etc)
On 12 February 2015 at 13:56, Martin Husemann mar...@duskware.de wrote: On Thu, Feb 12, 2015 at 09:27:50AM +, David Brownlee wrote: With recent netbsd-7/amd64 (201502092140Z downloaded from nyftp), and pkgsrc rebuilt from source yesterday I'm unable to access google from firefox The google.com issue apparently is fallout from my last change to the firefox pkg - investigating a better solution now. Ah, thanks. I've just seen the revert. Good luck with the patching - the world is still too much of a little endian monoculture... :/