Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 13 Oct 2016 12:58:00 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 213448] The /etc/rc.d/ntpd script cannot fetch NTPD leap-seconds file if ca_root_nss package not installed
Message-ID:  <bug-213448-8@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D213448

            Bug ID: 213448
           Summary: The /etc/rc.d/ntpd script cannot fetch NTPD
                    leap-seconds file if ca_root_nss package not installed
           Product: Base System
           Version: 10.3-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: vivek@khera.org
                CC: freebsd-amd64@FreeBSD.org
                CC: freebsd-amd64@FreeBSD.org

I booted up a test VM I have that hasn't been started for a while. The cons=
ole
logged this:

Oct 13 08:36:25 devbox kernel: Certificate verification failed for
/C=3DUS/ST=3DArizona/L=3DScottsdale/O=3DStarfield Technologies, Inc./CN=3DS=
tarfield Root
Certificate Authority - G2
Oct 13 08:36:25 devbox kernel: 34380992136:error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed:/u/yertle1/sources/usr10/src/secure/lib/libssl/../../../crypto/opens=
sl/ssl/s3_clnt.c:1191:
Oct 13 08:36:25 devbox kernel: fetch:
https://www.ietf.org/timezones/data/leap-seconds.list: Authentication error

I traced it down to the lack of a proper certificate chain:

[root@devbox]# fetch https://www.ietf.org/timezones/data/leap-seconds.list
Certificate verification failed for /C=3DUS/ST=3DArizona/L=3DScottsdale/O=
=3DStarfield
Technologies, Inc./CN=3DStarfield Root Certificate Authority - G2
34380992136:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certifi=
cate
verify
failed:/u/yertle1/sources/usr10/src/secure/lib/libssl/../../../crypto/opens=
sl/ssl/s3_clnt.c:1191:
fetch: https://www.ietf.org/timezones/data/leap-seconds.list: Authentication
error
[root@devbox]# pkg install ca_root_nss
 [[ pkg install details elided as irrelevent ]]
[root@devbox]# fetch https://www.ietf.org/timezones/data/leap-seconds.list
fetch: https://www.ietf.org/timezones/data/leap-seconds.list: size of remote
file is not known
leap-seconds.list                                       10 kB 8155 kBps 00m=
00s
[root@devbox]#

So it appears that the base system ntpd requires the package to properly
function: The "fetch" feature of /etc/rc.d/ntpd fails as shown here.

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-213448-8>