Date: Sun, 28 Dec 2014 18:45:36 -0800 From: David Benfell <benfell@parts-unknown.org> To: Michael Sierchio <kudzu@tenebras.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: what's the story with openssl? Message-ID: <20141229024536.GA43231@home.parts-unknown.org> In-Reply-To: <CAHu1Y71ez=Xej1cdBebEmuYpjZBTTjPmEKhaypH1XFYiCyucyw@mail.gmail.com> References: <20141228184319.GA84504@home.parts-unknown.org> <CAHu1Y71ez=Xej1cdBebEmuYpjZBTTjPmEKhaypH1XFYiCyucyw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--huq684BweRXVnRxX Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Dec 28, 2014 at 02:57:19PM -0800, Michael Sierchio wrote: >=20 > fetch (in the base system) uses environment variables, so you could set > SSL_CA_CERT_FILE to the proper value with fetch. I don't remember of the > top of my head how defaults are set in wget. I now have three versions of this. And still no joy. It's badly affecting some rss feeds I grab in a cron job: [benfell@home ~]% r2e run W: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581) [2] https://www.aclu.org/news/all/feed W: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581) [3] https://www.talkingpointsmemo.com/feed/all W: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581) [5] https://www.eff.org/rss/updates.xml W: error 404 [15] http://www.rollingstone.com/siteServices/rss/nationalAffairs W: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581) [50] https://www.reddit.com/.rss?feed=3Dc2b643a98368cf2de1899f7b58ee18043ac8ac7b= &user=3Dn4rky [benfell@home ~]% env | grep SSL SSL_CA_CERT_FILE=3D/usr/local/openssl/cert.pem SSL_CERT_DIR=3D/usr/local/openssl/certs SSL_CERT_FILE=3D/usr/local/openssl/cert.pem [benfell@home ~]%=20 And just for completeness: --2014-12-28 18:44:53-- https://google.com/ Resolving google.com (google.com)... 2607:f8b0:4010:801::1009, 74.125.239.3= 7, 74.125.239.33, ... Connecting to google.com (google.com)|2607:f8b0:4010:801::1009|:443... conn= ected. ERROR: cannot verify google.com's certificate, issued by =E2=80=98/C=3DUS/O= =3DGoogle Inc/CN=3DGoogle Internet Authority G2=E2=80=99: Unable to locally verify the issuer's authority. To connect to google.com insecurely, use `--no-check-certificate'. Thanks! --=20 David Benfell <benfell@parts-unknown.org> See https://parts-unknown.org/node/2 if you don't understand the attachment. --huq684BweRXVnRxX Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUoMBQAAoJEBV64x4SNmArVpgP/2VPi1iZ4hVmGqAbJ6B8Mdxz A8dAMbhG2rUbqcuiVGqWngM1Neidv1saYD/tOvIho+0u8cjxSbcLKYJUA/170Q9Z ipEyJcBNEdXo5Q+Gl3fl4+0UXXPDTqPK1o5fMsfvYHcWniZotoZ+ZbpblRJ8pfXK tmqgP2mMK2w+FJO622u9ZcVdOGJqe6aK7DfjEHWctbrp+jkD1nNGQz7hYExCfbw/ MntPUMtN6NII9EVaMKbIegfgQfPtSM9cpqpjqp7jip9pvUNf1euZS1ILjcC8ZFE2 hASlJuVZi6WXAnKk64lLF6P0WkIIGD3gYG9aSzEAYgM4QdsEuWHx2s2A54JTMte4 9d+CQIACC526P+y1c5k1CBhUC1ajHUymeJ76e0wfYXWoX8oQDWohYCJBP37eKNMx 6yzMnOciCl3VQk3HWAVPO5nGpQiQhVUBxUiI/uojChINsbUylDUPAWWUc5WOhtBa Rc2HCtmhk1KH7w4dd+twS35B8z0TikN8CPn0We6w7tW3EefHcTx3RuwKKUq0hcbS 66lotr1GxfKLLrBG1F29nujWltbyqd0ypdf+eKo0wXfCTcELv4W9CSrLO1ZExV3R vnvV/zrKQ1MJVJq+7UZuVskvtGZdsy5s8dXxzApGZSFE9f1qRS1HzfWsXJl00Skk Vzz9GS4gvZ/dk6ZcLmQB =rklC -----END PGP SIGNATURE----- --huq684BweRXVnRxX--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141229024536.GA43231>