Re: armhf: buster: TLS / HTTPS partly broken
Hi Reco,
>> >> curl: (60) SSL certificate problem: unable to get local issuer certificate
>> >>
>> >> Does that mean a TLS library does not feature all required protocols on armhf?
>> >
>> > TLS library that curl uses (openssl) is perfectly fine, but it cannot
>> > validate any certificate unless you provide it with root CA
>> > certificates.
>> > So it likely means you haven't installed "ca-certificates" package.
>>
>> This is what it looks like. But actually I installed ca-certificates.
>
> Ok. Can you run tcpdump while you're running curl?
> Specifically,
>
> tcpdump -s0 -pnni any -w /tmp/curl.pcap tcp port 443
I tried to dump from within the running container but failed.
# tcpdump -s0 -pnni any -w /tmp/curl-certificate-problem.pcap tcp port 443
Unsupported setsockopt level=263 optname=8
getsockopt level=263 optname=11 not yet supported
tcpdump: WARNING: can't get TPACKET_V3 header len on packet socket:
Operation not supported
Warning: Kernel filter failed: Bad file descriptor
Unsupported setsockopt level=1 optname=27
tcpdump: can't remove kernel filter: Protocol not available
The container was started as follows on an amd64 host running qemu-arm-static:
$ docker run -it --rm toertel/test-tls-https-broken:arm32v7-buster-latest
I gave it a try with a stripped down command and it did not work either.
# tcpdump -w /tmp/curl-certificate-problem.pcap port 443
Unknown host QEMU_IFLA type: 50
Unknown host QEMU_IFLA type: 51
Unknown host QEMU_IFLA type: 50
Unknown host QEMU_IFLA type: 51
Unsupported ioctl: cmd=0x8946
Unsupported ioctl: cmd=0x8946
Unsupported ioctl: cmd=0x8946
Unsupported ioctl: cmd=0x8946
Unsupported ioctl: cmd=0x8946
Unsupported ioctl: cmd=0x8946
Unsupported setsockopt level=263 optname=8
getsockopt level=263 optname=11 not yet supported
tcpdump: Can't open netlink socket 96:Protocol family not supported
Thanks for your help,
Mark
Reply to: