[csw-maintainers] openssl vs certs
Ben Walton
bwalton at opencsw.org
Thu Dec 11 20:10:55 CET 2008
Hi All,
A package I'm working on has it's source hosted on a site that is
https only (fedorahosted.org). The ssl cert there is signed by
equifax (as evidenced using: openssl s_client -connect
fedorahosted.org:443 -showcerts). It seems that the CSW openssl
package doesn't provide the required certificate chain to verify it,
which is causing wget to bail out (without extra options, anyway).
As I've never built openssl, I don't know if this is a build omission
or simply that the required files weren't manually collected, and
distributed with the package...I'll open a bug for this issue if it
actually is a bug. If it's intentional, let me know. [It looks like
rhel provides the equifax cert(s) with openssl and debian/ubuntu via
ca-certificates.]
For reference, this can be verified via:
/opt/csw/bin/wget https://fedorahosted.org/xmlto/export/1/xmlto-0.0.21.tar.bz2
Thanks
-Ben
--
Ben Walton
Systems Programmer - CHASS
University of Toronto
C:416.407.5610 | W:416.978.4302
GPG Key Id: 8E89F6D2; Key Server: pgp.mit.edu
Contact me to arrange for a CAcert assurance meeting.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.opencsw.org/pipermail/maintainers/attachments/20081211/a4e7c118/attachment.asc>
More information about the maintainers
mailing list