Re: armhf: buster: TLS / HTTPS partly broken

To: debian-user@lists.debian.org
Cc: Mark Jonas <toertel@gmail.com>
Subject: Re: armhf: buster: TLS / HTTPS partly broken
From: Mark Jonas <toertel@gmail.com>
Date: Sun, 3 May 2020 19:20:13 +0200
Message-id: <[🔎] CAEE5dN3Xe5hhVC8kM7vWD8kzxzVf8pcaWZu0o3DmukgRP8L=vQ@mail.gmail.com>

Hi Reco,

>> curl: (60) SSL certificate problem: unable to get local issuer certificate
>>
>> Does that mean a TLS library does not feature all required protocols on armhf?
>
> TLS library that curl uses (openssl) is perfectly fine, but it cannot
> validate any certificate unless you provide it with root CA
> certificates.
> So it likely means you haven't installed "ca-certificates" package.

This is what it looks like. But actually I installed ca-certificates.

This is an excerpt of the relevant part of the the Dockerfile [1]
where the packages are installed:

RUN apt-get update && \
  apt-get -y --no-install-recommends install \
    curl \
    ca-certificates \
    tzdata \
    && \
  apt-get clean && \
  rm -rf /var/lib/apt/lists/*

I also think that wget would not work or at least give a warning in
case there were no certificates at all.

Last but not least, the identical Dockerfile produces images for amd64
and arm64 where curl and aria2 work without hiccups. And it works
flawlessly on Stretch using the same Dockerfile.

Greetings,
Mark


[1]: https://gitlab.com/toertel/docker-image-tls-https-broken/-/blob/master/Dockerfile.j2

Reply to:

Follow-Ups:
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Reco <recoverym4n@enotuniq.net>

Prev by Date: Re: Is there a Debian oriented Rasberry Pi list
Next by Date: Re: Anti-malware for my personal Debian workstation?
Previous by thread: Re: armhf: buster: TLS / HTTPS partly broken
Next by thread: Re: armhf: buster: TLS / HTTPS partly broken
Index(es):
- Date
- Thread