upgrade woes - openssl SSL alert
-
Hmm, that was a known issue during 22.05 development but should be fixed in the release images. Has that been running release for some time?
Try running at the command line:
pkg-static -d updateShould show that same error but with more debug output.
Then try:pkg -d updateThat may succeed.
Steve
-
For more information, there seems to be a local cert issue? Not sure why, I never changed anything in terms of the certificates in the cert store:
curl -vvv https://repo01.atx.netgate.com
- Trying 208.123.73.209:443...
- Connected to repo01.atx.netgate.com (208.123.73.209) port 443 (#0)
- ALPN: offers h2
- ALPN: offers http/1.1
- CAfile: /usr/local/share/certs/ca-root-nss.crt
- CApath: none
- TLSv1.3 (OUT), TLS handshake, Client hello (1):
- TLSv1.3 (IN), TLS handshake, Server hello (2):
- TLSv1.2 (IN), TLS handshake, Certificate (11):
- TLSv1.2 (OUT), TLS alert, unknown CA (560):
- SSL certificate problem: unable to get local issuer certificate
- Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above. -
Yes, that's expected to fail unless you pass the client cert with the request.
-
I've done each one. The initial post was pfSense-upgrade -d but all pkg commands or pfSense-upgrade fails with the same :(
And yes, you're right, I just passed -k and handshake went through
-
pkg -d update:
DBG(1)[5558]> PkgRepo: extracting packagesite.yaml of repo pfSense
DBG(1)[18095]> PkgRepo: extracting signature of repo in a sandbox
pkg: No trusted public keys found
Unable to update repository pfSense
Error updating repositories!pkg-static -d update throws the same as pfSense-upgrade -d
and this 120 seconds post time restriction due to reputation is lame :)
-
So fails with both pkg and pkg-static?
Last time I saw this is was due to an older version of pkg-static being incorrectly installed by a package.
-
Well I can try to fix your reputation....
-
@stephenw10
pkg -v is 1.18.3 -- is this accurate? -
Hmm, no that's actually newer than the 22.05 repo version:
Command history storage is enabled. Clear history with: history -c; history -S. [22.05-RELEASE][admin@2100-3.stevew.lan]/root: pkg -v 1.17.5 [22.05-RELEASE][admin@2100-3.stevew.lan]/root: pkg-static -v 1.17.5Checking....
-
For those who are still watching...the HOW of the issue is unclear but regardless, i'm just resetting the box to move on with life...
thanks @stephenw10 for the help
thread closed
