apt-cacher-ng and CNAMEs

To: debian-user <debian-user@lists.debian.org>
Subject: apt-cacher-ng and CNAMEs
From: Celejar <celejar@gmail.com>
Date: Tue, 3 May 2022 15:16:47 -0400
Message-id: <[🔎] 20220503151647.677a2fe89165156636ca7726@gmail.com>

I'm trying to use the Tor upstream repositories:

https://support.torproject.org/apt/tor-deb-repo/

Direct access works correctly, but proxying through apt-cacher-ng
(using SSL passthrough, as per the apt-cacher-ng documentation) does
not:

Err:1 https://deb.torproject.org/torproject.org sid InRelease
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: xx.xx.xx.xx 3142]

I've been beating my head over this for a while, and I have arrived at
the tentative conclusion that the problem has something to do with the
fact that deb.torproject.org is a CNAME alias for
static.torproject.org., and I'm consequently somehow getting bitten by
this issue:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986356

But that (as described by the maintainer) mess was supposedly resolved,
and the bug was closed. Am I missing something, or does that bug need
to be reopened?

-- 
Celejar

Reply to:

Follow-Ups:
- Re: apt-cacher-ng and CNAMEs
  - From: Nito <nito@dismail.de>

Prev by Date: [SOLVED] Re: mutt upgrade in testing broke, downgrade worked
Next by Date: Re: apt-cacher-ng and CNAMEs
Previous by thread: RE: Quick question on : The Money Show 2022
Next by thread: Re: apt-cacher-ng and CNAMEs
Index(es):
- Date
- Thread