[openssl_utils 0005193]: OpenSSL does not look for the certificates in the right place

Mantis Bug Tracker via bug-notifications bug-notifications at lists.opencsw.org
Sat Aug 9 00:39:38 CEST 2014


The following issue requires your FEEDBACK. 
====================================================================== 
https://www.opencsw.org/mantis/view.php?id=5193 
====================================================================== 
Reported By:                laurent
Assigned To:                yann
====================================================================== 
Project:                    openssl_utils
Issue ID:                   5193
Category:                   packaging
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     feedback
====================================================================== 
Date Submitted:             2014-07-30 10:17 CEST
Last Modified:              2014-08-09 00:39 CEST
====================================================================== 
Summary:                    OpenSSL does not look for the certificates in the
right place
Description: 
I'm not 100% sure this is only an OpenSSL issue, but I think it's the right
place to start:

Symptom is that OpenCSW wget refuses to connect via https because the
certificate cannot be verified:

$ type wget
wget is hashed (/opt/csw/bin/wget)

$ wget
https://github.com/oetiker/znapzend/releases/download/v0.8.3/znapzend-0.8.3.tar.gz
--2014-07-30 10:06:42-- 
https://github.com/oetiker/znapzend/releases/download/v0.8.3/znapzend-0.8.3.tar.gz
Resolving github.com (github.com)... 192.30.252.131
Connecting to github.com (github.com)|192.30.252.131|:443... connected.
ERROR: cannot verify github.com's certificate, issued by '/C=US/O=DigiCert
Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA':
  Unable to locally verify the issuer's authority.
To connect to github.com insecurely, use `--no-check-certificate'.

truss shows it's failing to find it, and is looking in a non-existent
directory:
27097:  xstat(2, "/opt/csw/ssl/certs/244b5494.0", 0x08046AB0) Err#2 ENOENT

Just adding a symlink to the right directory is enough to make it work:
# ln -s /etc/opt/csw/ssl/certs /opt/csw/ssl/

So I guess either the symlink should be packaged, or OpenSSL should be
built to look into /etc/opt/csw/ssl/certs by default.
My preference goes to the latter.
====================================================================== 

---------------------------------------------------------------------- 
 (0010886) yann (manager) - 2014-08-09 00:39
 https://www.opencsw.org/mantis/view.php?id=5193#c10886 
---------------------------------------------------------------------- 
This should be fixed in last upload (1.0.1i).
Can you test it to confirm that it is ok ?

Yann



More information about the bug-notifications mailing list