[openssl_utils 0005193]: OpenSSL does not look for the certificates in the right place
Mantis Bug Tracker via bug-notifications
bug-notifications at lists.opencsw.org
Sat Aug 9 11:58:25 CEST 2014
A NOTE has been added to this issue.
======================================================================
https://www.opencsw.org/mantis/view.php?id=5193
======================================================================
Reported By: laurent
Assigned To: yann
======================================================================
Project: openssl_utils
Issue ID: 5193
Category: packaging
Reproducibility: always
Severity: major
Priority: normal
Status: feedback
======================================================================
Date Submitted: 2014-07-30 10:17 CEST
Last Modified: 2014-08-09 11:58 CEST
======================================================================
Summary: OpenSSL does not look for the certificates in the
right place
Description:
I'm not 100% sure this is only an OpenSSL issue, but I think it's the right
place to start:
Symptom is that OpenCSW wget refuses to connect via https because the
certificate cannot be verified:
$ type wget
wget is hashed (/opt/csw/bin/wget)
$ wget
https://github.com/oetiker/znapzend/releases/download/v0.8.3/znapzend-0.8.3.tar.gz
--2014-07-30 10:06:42--
https://github.com/oetiker/znapzend/releases/download/v0.8.3/znapzend-0.8.3.tar.gz
Resolving github.com (github.com)... 192.30.252.131
Connecting to github.com (github.com)|192.30.252.131|:443... connected.
ERROR: cannot verify github.com's certificate, issued by '/C=US/O=DigiCert
Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA':
Unable to locally verify the issuer's authority.
To connect to github.com insecurely, use `--no-check-certificate'.
truss shows it's failing to find it, and is looking in a non-existent
directory:
27097: xstat(2, "/opt/csw/ssl/certs/244b5494.0", 0x08046AB0) Err#2 ENOENT
Just adding a symlink to the right directory is enough to make it work:
# ln -s /etc/opt/csw/ssl/certs /opt/csw/ssl/
So I guess either the symlink should be packaged, or OpenSSL should be
built to look into /etc/opt/csw/ssl/certs by default.
My preference goes to the latter.
======================================================================
----------------------------------------------------------------------
(0010887) laurent (developer) - 2014-08-09 11:58
https://www.opencsw.org/mantis/view.php?id=5193#c10887
----------------------------------------------------------------------
Yep, works for me, good!
Thanks!
More information about the bug-notifications
mailing list