Re: armhf: buster: TLS / HTTPS partly broken

To: Reco <recoverym4n@enotuniq.net>
Cc: debian-user@lists.debian.org
Subject: Re: armhf: buster: TLS / HTTPS partly broken
From: Mark Jonas <toertel@gmail.com>
Date: Tue, 5 May 2020 08:05:04 +0200
Message-id: <[🔎] CAEE5dN0xoeUztD69G1tGB1G-3qPXuAJE5RJSv0G37tSzNXrpjQ@mail.gmail.com>
In-reply-to: <[🔎] E1jVpbI-0000pb-At@enotuniq.net>
References: <[🔎] E1jVIq6-0001iW-HI@enotuniq.net> <[🔎] CAEE5dN2UPJVPd=sponpjVPNE-0JVUryR3sp5kAJXEHn33c3RBw@mail.gmail.com> <[🔎] E1jVVxh-00059Q-Lw@enotuniq.net> <[🔎] CAEE5dN14fdrwhgjEVTdM=j-kUyAaMUa3WZYmmgKcoMvRgNwXiQ@mail.gmail.com> <[🔎] E1jVa1K-0005W2-02@enotuniq.net> <[🔎] CAEE5dN2bJaCkkxJrcESCx6RMgQq4iGvB0FN9S=kDk+C-99UFYg@mail.gmail.com> <[🔎] E1jVpbI-0000pb-At@enotuniq.net>

Hi Reco,

> > 1613  stat64("/etc/ssl/certs/4a6481c9.0", 0x7ec95160) = -1 ENOENT (No
> > such file or directory)
>
> Presumably ca-certificates postinst script haven't run, because these
> symlinks missing ain't normal.

Ubuntu 18.04 on my PC gives more or less the same errors but succeeds.
So I have some doubt. I think the symlinks are there.

openat(AT_FDCWD, "/usr/lib/ssl/openssl.cnf", O_RDONLY) = 6
openat(AT_FDCWD, "/etc/ssl/certs/ca-certificates.crt", O_RDONLY) = 6
stat("/etc/ssl/certs/99bdd351.0", 0x7ffc3c886370) = -1 ENOENT (No such
file or directory)

> So, start with "dpkg-reconfigure ca-certificates", and if it does not
> fix it - "apt-get install --reinstall ca-certificates".

This does not work either. But the following works. And this is super confusing.

1. Run "dpkg-reconfigure ca-certificates"
   Trust new certificates from certificate authorities? 1 (yes)
   Certificates to activate: (empty list)
   Updating certificates in /etc/ssl/certs...
   0 added, 128 removed; done.

2. Run "dpkg-reconfigure ca-certificates"
   Trust new certificates from certificate authorities? 1 (yes)
   Certificates to activate: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86
87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107
108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124
125 126 127 128
   Updating certificates in /etc/ssl/certs...
   128 added, 0 removed; done.

3. "curl https://www.google.com";  now succeeds.

What now? How do I get this fixed in Debian and/ or the official
container image?

Is there a way to automate the above so I can do it as a workaround in
the container creation?

Greetings,
Mark

Reply to:

Follow-Ups:
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Reco <recoverym4n@enotuniq.net>
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Greg Wooledge <wooledg@eeg.ccf.org>

References:
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Reco <recoverym4n@enotuniq.net>
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Mark Jonas <toertel@gmail.com>
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Reco <recoverym4n@enotuniq.net>
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Mark Jonas <toertel@gmail.com>
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Reco <recoverym4n@enotuniq.net>
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Mark Jonas <toertel@gmail.com>
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Reco <recoverym4n@enotuniq.net>

Prev by Date: Re: armhf: buster: TLS / HTTPS partly broken
Next by Date: Re: armhf: buster: TLS / HTTPS partly broken
Previous by thread: Re: armhf: buster: TLS / HTTPS partly broken
Next by thread: Re: armhf: buster: TLS / HTTPS partly broken
Index(es):
- Date
- Thread