Bug#784811: d-i.debian.org: rmadison on dillon fails because of certificate checks
Package: d-i.debian.org
Severity: important
With the current setup on dillon, one needs to point https tools to the
right ca-file (/etc/ssl/ca-debian/ca-certificates.crt) and/or ca-path
(/etc/ssl/ca-debian). Unfortunately rmadison doesn't offer such options
for the time being and we get this:
| d-i@dillon:~/trunk/scripts$ rmadison linux
| debian:
| curl: (60) SSL certificate problem: unable to get local issuer certificate
| More details here: http://curl.haxx.se/docs/sslcerts.html
|
| curl performs SSL certificate verification by default, using a "bundle"
| of Certificate Authority (CA) public keys (CA certs). If the default
| bundle file isn't adequate, you can specify an alternate file
| using the --cacert option.
| If this HTTPS server uses a certificate signed by a CA represented in
| the bundle, the certificate verification probably failed due to a
| problem with the certificate (it might be expired, or the name might
| not match the domain name in the URL).
| If you'd like to turn off curl's verification of the certificate, use
| the -k (or --insecure) option.
| new:
| curl: (60) SSL certificate problem: unable to get local issuer certificate
| More details here: http://curl.haxx.se/docs/sslcerts.html
|
| curl performs SSL certificate verification by default, using a "bundle"
| of Certificate Authority (CA) public keys (CA certs). If the default
| bundle file isn't adequate, you can specify an alternate file
| using the --cacert option.
| If this HTTPS server uses a certificate signed by a CA represented in
| the bundle, the certificate verification probably failed due to a
| problem with the certificate (it might be expired, or the name might
| not match the domain name in the URL).
| If you'd like to turn off curl's verification of the certificate, use
| the -k (or --insecure) option.
I've crafted a patch and I'll block this bug report with it; I might set
up some workaround until this is resolved in a proper way.
Mraw,
KiBi.
Reply to: