• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

repo01.netgate.com TLS cert seems invalid

Official NetgateĀ® Hardware
9
43
9.7k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    seanmcb @stephenw10
    last edited by Aug 10, 2021, 5:20 PM

    @stephenw10 the failure I'm seeing is as per my first message in this thread. The update fails with the error message text I pasted.

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by Aug 10, 2021, 5:33 PM

      Hmm, OK try running at the command line: pfSense-upgrade -d

      S 1 Reply Last reply Aug 11, 2021, 12:35 AM Reply Quote 0
      • S
        seanmcb @stephenw10
        last edited by Aug 11, 2021, 12:35 AM

        @stephenw10 said in repo01.netgate.com TLS cert seems invalid:

        pfSense-upgrade -d

        [21.05-RELEASE][admin@pfSense.localdomain]/root: pfSense-upgrade -d
>>> Updating repositories metadata... 
Updating pfSense-core repository catalogue...
Fetching meta.conf: . done
1082880000:error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib:/usr/local/poudriere/jails/pfSense_plus-v21_05_aarch64/usr/src/crypto/openssl/ssl/statem/statem_lib.c:283:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/CN=repo01.netgate.com
1082880000:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:/usr/local/poudriere/jails/pfSense_plus-v21_05_aarch64/usr/src/crypto/openssl/crypto/asn1/a_verify.c:170:
1082880000:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/local/poudriere/jails/pfSense_plus-v21_05_aarch64/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Child process pid=62247 terminated abnormally: Segmentation fault
        M 1 Reply Last reply Aug 11, 2021, 10:44 AM Reply Quote 0
        • M
          mer @seanmcb
          last edited by mer Aug 11, 2021, 10:45 AM Aug 11, 2021, 10:44 AM

          @seanmcb What hardware are you doing this on? My reason for asking is I had a very similar issue on a SG2100 (symptom of segfault was the same). Power cycling (not rebooting) cleared the issue. Literally, shutdown the system, removed power for at least 30 secs, then reapplied power. Issue went away. Suspect that openssl is using crypto hardware that can get wedged and the only cure is power cycle.

          I have no opinion on the validity of the certificate.

          S 1 Reply Last reply Aug 11, 2021, 1:51 PM Reply Quote 0
          • S
            seanmcb @mer
            last edited by Aug 11, 2021, 1:51 PM

            @mer My hardware is a Netgate SG-1100.

            I could try a power cycle, but I'm not in a big rush to update, and this bug is reproducible for the moment, so it's a chance to debug it, and maybe solve it.

            M 1 Reply Last reply Aug 11, 2021, 1:58 PM Reply Quote 1
            • M
              mer @seanmcb
              last edited by Aug 11, 2021, 1:58 PM

              @seanmcb That's good, but my point is that if the root cause is the hardware itself getting wedged, there's not much debugging that can actually be done. Hopefully the netgate folks may have some commands that would say "yep hardware is wedged, can't get more info".

              1 Reply Last reply Reply Quote 0
              • S
                stephenw10 Netgate Administrator
                last edited by Aug 11, 2021, 3:16 PM

                Hmm, so it hits that when you try to upgrade but 'pkg-static update' completes successfully?

                That's odd. I would expect both to fail.

                With that error on an SG-1100 though it's almost certainly the crypto hardware issue. If you power cycle it and it then succeeds that would confirm it.

                Steve

                S 1 Reply Last reply Aug 11, 2021, 3:29 PM Reply Quote 0
                • S
                  seanmcb @stephenw10
                  last edited by Aug 11, 2021, 3:29 PM

                  @stephenw10 said in repo01.netgate.com TLS cert seems invalid:

                  Hmm, so it hits that when you try to upgrade but 'pkg-static update' completes successfully?

                  pkg-static update has not been mentioned in this thread. I did not try it. So far I tried to update in the GUI and with pfSense-upgrade -d. Both have failed.

                  With that error on an SG-1100 though it's almost certainly the crypto hardware issue. If you power cycle it and it then succeeds that would confirm it.

                  I'll reboot it when home tonight.

                  1 Reply Last reply Reply Quote 0
                  • S
                    stephenw10 Netgate Administrator
                    last edited by Aug 11, 2021, 3:46 PM

                    Mmm, my bad. But pkg -d update succeeded. You might try pkg-static -d update too just for reference before you reboot,

                    Steve

                    S 1 Reply Last reply Aug 12, 2021, 2:05 AM Reply Quote 0
                    • S
                      seanmcb @stephenw10
                      last edited by Aug 12, 2021, 2:05 AM

                      After a magic reboot, updating from the GUI failed again, but pkg-static -d update worked.

                      1 Reply Last reply Reply Quote 0
                      • S
                        stephenw10 Netgate Administrator
                        last edited by Aug 12, 2021, 11:43 AM

                        Hmm, OK. What about pfSense-upgrade -d at the command line?

                        S 1 Reply Last reply Aug 12, 2021, 1:47 PM Reply Quote 0
                        • S
                          seanmcb @stephenw10
                          last edited by Aug 12, 2021, 1:47 PM

                          @stephenw10 That would have been my 3rd try, but after reboot I tried: GUI, then pkg-static -d update and the latter worked. Is there point in still running the other command?

                          1 Reply Last reply Reply Quote 0
                          • S
                            stephenw10 Netgate Administrator
                            last edited by Aug 12, 2021, 2:14 PM

                            The update commands just update the package database. The upgrade command will actually try to upgrade to 21.05.1.

                            Steve

                            S 1 Reply Last reply Aug 12, 2021, 2:20 PM Reply Quote 0
                            • S
                              seanmcb @stephenw10
                              last edited by Aug 12, 2021, 2:20 PM

                              @stephenw10 mmmm, you sure? Because after:

                              • magic reboot
                              • pkg-static -d update
                              • requisitie reboot

                              The GUI shows me at 21.05.1 and says 'no updates available'.

                              1 Reply Last reply Reply Quote 0
                              • S
                                stephenw10 Netgate Administrator
                                last edited by Aug 12, 2021, 2:23 PM

                                Hmm, OK well then I'd suggest it did in fact succeed at some point previously via the GUI.

                                There is no harm in running the upgrade command from the CLI. It will just show you there are no updates available if it has upgraded already.

                                Steve

                                G 1 Reply Last reply Aug 19, 2021, 1:10 AM Reply Quote 0
                                • G
                                  gzorn @stephenw10
                                  last edited by Aug 19, 2021, 1:10 AM

                                  I had the same problem with the TLS cert on an SG-1100 updating to 21.05.1
                                  Confirming that power cycling (system halt, pull power for 1 minute, plug in) fixed the problem.
                                  Happy to be on the latest branch!
                                  -Greg

                                  1 Reply Last reply Reply Quote 1
                                  • J johnpoz referenced this topic on Mar 22, 2022, 12:35 PM
                                  • J johnpoz referenced this topic on Mar 22, 2022, 12:35 PM
                                  • J johnpoz referenced this topic on Jul 9, 2022, 10:33 AM
                                  • J johnpoz referenced this topic on Jul 9, 2022, 10:33 AM
                                  • J johnpoz referenced this topic on Jul 9, 2022, 10:34 AM
                                  • J johnpoz referenced this topic on Jul 9, 2022, 10:34 AM
                                  • D
                                    derrley
                                    last edited by Dec 30, 2022, 5:30 AM

                                    A power cycle on the SG-1100 fixed this problem for me as well, except it failed again after the 113th package download. Yikes.

                                    >>> Updating repositories metadata... 
Updating pfSense-core repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: . done
Processing entries: . done
pfSense-core repository update completed. 6 packages processed.
Updating pfSense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
pfSense repository update completed. 513 packages processed.
All repositories are up to date.
>>> Locking package pkg... done.
>>> Removing vital flag from php72... done.
>>> Unlocking package pkg... done.
>>> Downloading upgrade packages... 
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking for upgrades (176 candidates): .......... done
Processing candidates (176 candidates): ....... done
The following 246 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
	aws-sdk-php72: 3.103.2
	php72: 7.2.29
	php72-bcmath: 7.2.29
	php72-bz2: 7.2.29
	php72-ctype: 7.2.29
	php72-curl: 7.2.29
	php72-dom: 7.2.29
	php72-filter: 7.2.29
	php72-gettext: 7.2.29
	php72-hash: 7.2.29
	php72-intl: 7.2.29
	php72-json: 7.2.29
	php72-ldap: 7.2.29
	php72-mbstring: 7.2.29
	php72-opcache: 7.2.29
	php72-openssl: 7.2.29
	php72-openssl_x509_crl: 1.2
	php72-pcntl: 7.2.29
	php72-pdo: 7.2.29
	php72-pdo_sqlite: 7.2.29
	php72-pear: 1.10.6
	php72-pear-Auth_RADIUS: 1.1.0_4
	php72-pear-Cache_Lite: 1.7.16,1
	php72-pear-Crypt_CHAP: 1.5.0
	php72-pear-HTTP_Request2: 2.3.0,1
	php72-pear-Mail: 1.4.1,1
	php72-pear-Net_Growl: 2.7.0
	php72-pear-Net_IPv6: 1.3.0.b2_2
	php72-pear-Net_SMTP: 1.9.0
	php72-pear-Net_Socket: 1.0.14
	php72-pear-Net_URL2: 2.2.1
	php72-pear-XML_RPC2: 1.1.4
	php72-pecl-mcrypt: 1.0.3
	php72-pecl-radius: 1.4.0.b1
	php72-pecl-rrd: 2.0.1_1
	php72-pecl-zmq: 1.1.3_3
	php72-pfSense-module: 0.65_1
	php72-posix: 7.2.29
	php72-readline: 7.2.29
	php72-session: 7.2.29
	php72-shmop: 7.2.29
	php72-simplepie: 1.5.1_1
	php72-simplexml: 7.2.29
	php72-sockets: 7.2.29
	php72-sqlite3: 7.2.29
	php72-sysvmsg: 7.2.29
	php72-sysvsem: 7.2.29
	php72-sysvshm: 7.2.29
	php72-tokenizer: 7.2.29
	php72-xml: 7.2.29
	php72-xmlreader: 7.2.29
	php72-xmlwriter: 7.2.29
	php72-zlib: 7.2.29
	py37-ply: 3.11
	py37-setuptools: 41.4.0_1
	python37: 3.7.7

New packages to be INSTALLED:
	aws-sdk-php74: 3.185.15 [pfSense]
	ccid: 1.4.36 [pfSense]
	cyrus-sasl: 2.1.28 [pfSense]
	dbus: 1.12.20_5 [pfSense]
	iftop: 1.0.p4 [pfSense]
	libinotify: 20211018 [pfSense]
	libpsl: 0.21.1_3 [pfSense]
	libssh2: 1.10.0,3 [pfSense]
	libuv: 1.42.0 [pfSense]
	mpdecimal: 2.5.1 [pfSense]
	nss_ldap: 1.265_14 [pfSense]
	openldap24-client: 2.4.59_4 [pfSense]
	openpgm: 5.2.122_6 [pfSense]
	opensc: 0.22.0 [pfSense]
	pam_ldap: 186_1 [pfSense]
	pam_mkhomedir: 0.2 [pfSense]
	pcre2: 10.39 [pfSense]
	pcsc-lite: 1.9.4,2 [pfSense]
	php74: 7.4.28 [pfSense]
	php74-bcmath: 7.4.28 [pfSense]
	php74-bz2: 7.4.28 [pfSense]
	php74-ctype: 7.4.28 [pfSense]
	php74-curl: 7.4.28 [pfSense]
	php74-dom: 7.4.28 [pfSense]
	php74-filter: 7.4.28 [pfSense]
	php74-gettext: 7.4.28 [pfSense]
	php74-intl: 7.4.28 [pfSense]
	php74-json: 7.4.28 [pfSense]
	php74-ldap: 7.4.28 [pfSense]
	php74-libbe: 0.1.4 [pfSense]
	php74-mbstring: 7.4.28 [pfSense]
	php74-opcache: 7.4.28 [pfSense]
	php74-openssl: 7.4.28 [pfSense]
	php74-openssl_x509_crl: 1.3 [pfSense]
	php74-pcntl: 7.4.28 [pfSense]
	php74-pdo: 7.4.28 [pfSense]
	php74-pdo_sqlite: 7.4.28 [pfSense]
	php74-pear: 1.10.12 [pfSense]
	php74-pear-Auth_RADIUS: 1.1.0_4 [pfSense]
	php74-pear-Cache_Lite: 1.8.3,1 [pfSense]
	php74-pear-Crypt_CHAP: 1.5.0 [pfSense]
	php74-pear-HTTP_Request2: 2.5.1,1 [pfSense]
	php74-pear-Mail: 1.4.1,1 [pfSense]
	php74-pear-Net_IPv6: 1.3.0.b2_2 [pfSense]
	php74-pear-Net_SMTP: 1.10.0 [pfSense]
	php74-pear-Net_Socket: 1.2.2 [pfSense]
	php74-pear-Net_URL2: 2.2.1 [pfSense]
	php74-pear-XML_RPC2: 1.1.4 [pfSense]
	php74-pecl-mcrypt: 1.0.4 [pfSense]
	php74-pecl-radius: 1.4.0b1_1 [pfSense]
	php74-pecl-rrd: 2.0.3 [pfSense]
	php74-pfSense-module: 0.81 [pfSense]
	php74-phpseclib: 2.0.17 [pfSense]
	php74-posix: 7.4.28 [pfSense]
	php74-readline: 7.4.28 [pfSense]
	php74-session: 7.4.28 [pfSense]
	php74-shmop: 7.4.28 [pfSense]
	php74-simplepie: 1.5.1_1 [pfSense]
	php74-simplexml: 7.4.28 [pfSense]
	php74-sockets: 7.4.28 [pfSense]
	php74-sqlite3: 7.4.28 [pfSense]
	php74-sysvmsg: 7.4.28 [pfSense]
	php74-sysvsem: 7.4.28 [pfSense]
	php74-sysvshm: 7.4.28 [pfSense]
	php74-tokenizer: 7.4.28 [pfSense]
	php74-xml: 7.4.28 [pfSense]
	php74-xmlreader: 7.4.28 [pfSense]
	php74-xmlwriter: 7.4.28 [pfSense]
	php74-zlib: 7.4.28 [pfSense]
	py38-libzfs: 1.1.2022021400 [pfSense]
	py38-ply: 3.11 [pfSense]
	py38-setuptools: 57.0.0 [pfSense]
	python38: 3.8.12_2 [pfSense]

Installed packages to be UPGRADED:
	arm64resetbutton: 0.2 -> 0.3 [pfSense]
	bind-tools: 9.14.12 -> 9.16.26 [pfSense]
	bsnmp-ucd: 0.4.4 -> 0.4.5 [pfSense]
	ca_root_nss: 3.51 -> 3.76 [pfSense]
	check_reload_status: 0.0.8_1 -> 0.0.11 [pfSense]
	cpdup: 1.20 -> 1.22 [pfSense]
	curl: 7.68.0 -> 7.83.1 [pfSense]
	darkstat: 3.0.719 -> 3.0.721 [pfSense]
	dhcp6: 20080615.2_2 -> 20080615.2_4 [pfSense]
	dhcpleases: 0.3_3 -> 0.5_1 [pfSense]
	dnsmasq: 2.80_4,1 -> 2.86_3,1 [pfSense]
	dpinger: 3.0 -> 3.2 [pfSense]
	expat: 2.2.8 -> 2.4.7 [pfSense]
	expiretable: 0.6_1 -> 0.6_2 [pfSense]
	filterdns: 2.0_4 -> 2.0_6 [pfSense]
	filterlog: 0.1_5 -> 0.1_9 [pfSense]
	freetype2: 2.10.1 -> 2.11.1 [pfSense]
	gettext-runtime: 0.20.1 -> 0.21 [pfSense]
	glib: 2.56.3_7,1 -> 2.70.4_1,2 [pfSense]
	gmp: 6.1.2_1 -> 6.2.1 [pfSense]
	hostapd: 2.9 -> 2.10 [pfSense]
	icu: 65.1,1 -> 70.1_1,1 [pfSense]
	igmpproxy: 0.2.1_1,1 -> 0.3,1 [pfSense]
	ipmitool: 1.8.18_2 -> 1.8.18_3 [pfSense]
	isc-dhcp44-client: 4.4.1_1 -> 4.4.2P1 [pfSense]
	isc-dhcp44-relay: 4.4.1 -> 4.4.2P1 [pfSense]
	isc-dhcp44-server: 4.4.1_4 -> 4.4.2P1_1 [pfSense]
	jpeg-turbo: 2.0.3 -> 2.1.3 [pfSense]
	json-c: 0.14 -> 0.15_1 [pfSense]
	ldns: 1.7.1_1 -> 1.8.1 [pfSense]
	libedit: 3.1.20191211,1 -> 3.1.20210910,1 [pfSense]
	libevent: 2.1.11 -> 2.1.12 [pfSense]
	libffi: 3.2.1_3 -> 3.3_1 [pfSense]
	libgcrypt: 1.8.5 -> 1.9.4 [pfSense]
	libgd: 2.2.5_2,1 -> 2.3.3,1 [pfSense]
	libgpg-error: 1.36 -> 1.44 [pfSense]
	libiconv: 1.14_11 -> 1.16 [pfSense]
	libidn2: 2.3.0_1 -> 2.3.2 [pfSense]
	liblz4: 1.9.2,1 -> 1.9.3,1 [pfSense]
	libnghttp2: 1.40.0 -> 1.46.0 [pfSense]
	libunistring: 0.9.10_1 -> 1.0 [pfSense]
	libxml2: 2.9.10 -> 2.9.12 [pfSense]
	libxslt: 1.1.34 -> 1.1.34_2 [pfSense]
	libzmq4: 4.3.1_1 -> 4.3.4 [pfSense]
	links: 2.16_2,1 -> 2.25,1 [pfSense]
	lua-resty-core: 0.1.17 -> 0.1.22 [pfSense]
	lua-resty-lrucache: 0.09 -> 0.11 [pfSense]
	luajit-openresty: 2.1.20190912_2 -> 2.1.20220310 [pfSense]
	miniupnpd: 2.1.20190210,1 -> 2.2.1_1,1 [pfSense]
	mobile-broadband-provider-info: 20190618_1 -> 20210805 [pfSense]
	mpd5: 5.8_10 -> 5.9_7 [pfSense]
	netgate-ca: 20191211 -> 20210105 [pfSense]
	netgate-ping-auth: 20200310 -> 20212005 [pfSense]
	nettle: 3.5.1_1 -> 3.7.3 [pfSense]
	nginx: 1.16.1_11,2 -> 1.20.2_9,2 [pfSense]
	norm: 1.5r6 -> 1.5r6_1 [pfSense]
	ntp: 4.2.8p14 -> 4.2.8p15_5 [pfSense]
	oniguruma: 6.9.3 -> 6.9.7.1 [pfSense]
	openvpn: 2.4.9 -> 2.6.0_8 [pfSense]
	pcre: 8.43_2 -> 8.45 [pfSense]
	perl5: 5.30.1 -> 5.32.1_1 [pfSense]
	pfSense: 2.4.5_1 -> 22.05 [pfSense]
	pfSense-Status_Monitoring: 1.7.11_3 -> 1.7.11_4 [pfSense]
	pfSense-base: 2.4.5_1 -> 22.05 [pfSense-core]
	pfSense-default-config-serial: 2.4.5_1 -> 22.05 [pfSense-core]
	pfSense-kernel-pfSense: 2.4.5_1 -> 22.05 [pfSense-core]
	pfSense-pkg-aws-wizard: 0.8 -> 0.10 [pfSense]
	pfSense-pkg-bandwidthd: 0.7.4_4 -> 0.7.4_5 [pfSense]
	pfSense-pkg-ipsec-profile-wizard: 1.0_2 -> 1.0_6 [pfSense]
	pfSense-rc: 2.4.5_1 -> 22.05 [pfSense-core]
	pfSense-u-boot-1100: 20181122 -> 20220428 [pfSense]
	pfSense-u-boot-env: 20200316 -> 20220429 [pfSense]
	png: 1.6.37 -> 1.6.37_1 [pfSense]
	radvd: 2.18_2 -> 2.19_2 [pfSense]
	rate: 0.9_1 -> 0.9_2 [pfSense]
	readline: 8.0.1 -> 8.1.2 [pfSense]
	rrdtool: 1.7.2_1 -> 1.7.2_4 [pfSense]
	scponly: 4.8.20110526_4 -> 4.8.20110526_5 [pfSense]
	smartmontools: 7.0_2 -> 7.3 [pfSense]
	softflowd: 1.0.0 -> 1.0.0_1 [pfSense]
	sqlite3: 3.30.1 -> 3.37.2,1 [pfSense]
	ssh_tunnel_shell: 0.1_2 -> 0.2_1 [pfSense]
	sshguard: 2.4.0_4,1 -> 2.4.2_1,1 [pfSense]
	strongswan: 5.8.4 -> 5.9.5 [pfSense]
	tiff: 4.1.0 -> 4.3.0 [pfSense]
	unbound: 1.10.1 -> 1.15.0_1 [pfSense]
	webp: 1.0.3_1 -> 1.2.2 [pfSense]
	wpa_supplicant: 2.9 -> 2.10 [pfSense]

Installed packages to be REINSTALLED:
	bandwidthd-2.0.1_12 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	bsnmp-regex-0.6_2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	choparp-20150613 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	cpustats-0.1_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	dhcpleases6-0.1_3 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	giflib-5.2.1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	indexinfo-0.3.1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	jbigkit-2.1_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	libargon2-20190702 [pfSense]
	libdaemon-0.14_1 [pfSense]
	libltdl-2.4.6 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	libmcrypt-2.5.8_3 [pfSense]
	libucl-0.8.1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	lzo2-2.10_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	minicron-0.0.2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	openvpn-auth-script-1.0.0.3 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	pfSense-pkg-darkstat-3.1.3_5 [pfSense]
	pfSense-pkg-softflowd-1.2.6_1 [pfSense]
	pfSense-repo-22.05_14 [pfSense]
	pfSense-upgrade-1.0_29 [pfSense]
	pftop-0.7_9 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	pkg-1.17.5_3 [pfSense]
	qstats-0.2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	uclcmd-0.1_3 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	voucher-0.1_2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	vstr-1.0.15_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	wol-0.7.1_4 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	xinetd-2.3.15_2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	zip-3.0_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')

Number of packages to be removed: 56
Number of packages to be installed: 73
Number of packages to be upgraded: 88
Number of packages to be reinstalled: 29

The process will require 66 MiB more space.
172 MiB to be downloaded.
[1/185] Fetching wpa_supplicant-2.10.pkg: .......... done
[2/185] Fetching wol-0.7.1_4.pkg: .... done
[3/185] Fetching webp-1.2.2.pkg: .......... done
[4/185] Fetching vstr-1.0.15_1.pkg: .......... done
[5/185] Fetching voucher-0.1_2.pkg: . done
[6/185] Fetching unbound-1.15.0_1.pkg: .......... done
[7/185] Fetching uclcmd-0.1_3.pkg: .. done
[8/185] Fetching tiff-4.3.0.pkg: .......... done
[9/185] Fetching strongswan-5.9.5.pkg: .......... done
[10/185] Fetching sshguard-2.4.2_1,1.pkg: .......... done
[11/185] Fetching ssh_tunnel_shell-0.2_1.pkg: .......... done
[12/185] Fetching sqlite3-3.37.2,1.pkg: .......... done
[13/185] Fetching softflowd-1.0.0_1.pkg: .... done
[14/185] Fetching smartmontools-7.3.pkg: .......... done
[15/185] Fetching scponly-4.8.20110526_5.pkg: ... done
[16/185] Fetching rrdtool-1.7.2_4.pkg: .......... done
[17/185] Fetching readline-8.1.2.pkg: .......... done
[18/185] Fetching rate-0.9_2.pkg: ...... done
[19/185] Fetching radvd-2.19_2.pkg: ....... done
[20/185] Fetching qstats-0.2.pkg: . done
[21/185] Fetching png-1.6.37_1.pkg: .......... done
[22/185] Fetching pftop-0.7_9.pkg: ........ done
[23/185] Fetching pfSense-u-boot-env-20220429.pkg: .. done
[24/185] Fetching pfSense-u-boot-1100-20220428.pkg: .......... done
[25/185] Fetching pfSense-rc-22.05.pkg: .. done
[26/185] Fetching pfSense-pkg-softflowd-1.2.6_1.pkg: .. done
[27/185] Fetching pfSense-pkg-ipsec-profile-wizard-1.0_6.pkg: ... done
[28/185] Fetching pfSense-pkg-darkstat-3.1.3_5.pkg: .. done
[29/185] Fetching pfSense-pkg-bandwidthd-0.7.4_5.pkg: .. done
[30/185] Fetching pfSense-pkg-aws-wizard-0.10.pkg: .. done
[31/185] Fetching pfSense-kernel-pfSense-22.05.pkg: .......... done
[32/185] Fetching pfSense-default-config-serial-22.05.pkg: . done
[33/185] Fetching pfSense-base-22.05.pkg: .......... done
[34/185] Fetching pfSense-Status_Monitoring-1.7.11_4.pkg: ... done
[35/185] Fetching pfSense-22.05.pkg: . done
[36/185] Fetching perl5-5.32.1_1.pkg: .......... done
[37/185] Fetching pcre-8.45.pkg: .......... done
[38/185] Fetching openvpn-auth-script-1.0.0.3.pkg: . done
[39/185] Fetching openvpn-2.6.0_8.pkg: .......... done
[40/185] Fetching oniguruma-6.9.7.1.pkg: .......... done
[41/185] Fetching ntp-4.2.8p15_5.pkg: .......... done
[42/185] Fetching norm-1.5r6_1.pkg: .......... done
[43/185] Fetching nginx-1.20.2_9,2.pkg: .......... done
[44/185] Fetching nettle-3.7.3.pkg: .......... done
[45/185] Fetching netgate-ping-auth-20212005.pkg: .. done
[46/185] Fetching netgate-ca-20210105.pkg: ..... done
[47/185] Fetching mpd5-5.9_7.pkg: .......... done
[48/185] Fetching mobile-broadband-provider-info-20210805.pkg: ........ done
[49/185] Fetching miniupnpd-2.2.1_1,1.pkg: ........ done
[50/185] Fetching minicron-0.0.2.pkg: . done
[51/185] Fetching lzo2-2.10_1.pkg: .......... done
[52/185] Fetching luajit-openresty-2.1.20220310.pkg: .......... done
[53/185] Fetching lua-resty-lrucache-0.11.pkg: . done
[54/185] Fetching lua-resty-core-0.1.22.pkg: .... done
[55/185] Fetching links-2.25,1.pkg: .......... done
[56/185] Fetching libzmq4-4.3.4.pkg: .......... done
[57/185] Fetching libxslt-1.1.34_2.pkg: .......... done
[58/185] Fetching libxml2-2.9.12.pkg: .......... done
[59/185] Fetching libunistring-1.0.pkg: .......... done
[60/185] Fetching libucl-0.8.1.pkg: .......... done
[61/185] Fetching libnghttp2-1.46.0.pkg: .......... done
[62/185] Fetching libmcrypt-2.5.8_3.pkg: .......... done
[63/185] Fetching liblz4-1.9.3,1.pkg: .......... done
[64/185] Fetching libltdl-2.4.6.pkg: ..... done
[65/185] Fetching libidn2-2.3.2.pkg: .......... done
[66/185] Fetching libiconv-1.16.pkg: .......... done
[67/185] Fetching libgpg-error-1.44.pkg: .......... done
[68/185] Fetching libgd-2.3.3,1.pkg: .......... done
[69/185] Fetching libgcrypt-1.9.4.pkg: .......... done
[70/185] Fetching libffi-3.3_1.pkg: ..... done
[71/185] Fetching libevent-2.1.12.pkg: .......... done
[72/185] Fetching libedit-3.1.20210910,1.pkg: .......... done
[73/185] Fetching libdaemon-0.14_1.pkg: .... done
[74/185] Fetching libargon2-20190702.pkg: ........ done
[75/185] Fetching ldns-1.8.1.pkg: .......... done
[76/185] Fetching json-c-0.15_1.pkg: ........ done
[77/185] Fetching jpeg-turbo-2.1.3.pkg: .......... done
[78/185] Fetching jbigkit-2.1_1.pkg: ........ done
[79/185] Fetching isc-dhcp44-server-4.4.2P1_1.pkg: .......... done
[80/185] Fetching isc-dhcp44-relay-4.4.2P1.pkg: .......... done
[81/185] Fetching isc-dhcp44-client-4.4.2P1.pkg: .......... done
[82/185] Fetching ipmitool-1.8.18_3.pkg: .......... done
[83/185] Fetching indexinfo-0.3.1.pkg: . done
[84/185] Fetching igmpproxy-0.3,1.pkg: ... done
[85/185] Fetching icu-70.1_1,1.pkg: .......... done
[86/185] Fetching hostapd-2.10.pkg: .......... done
[87/185] Fetching gmp-6.2.1.pkg: .......... done
[88/185] Fetching glib-2.70.4_1,2.pkg: .......... done
[89/185] Fetching giflib-5.2.1.pkg: ......... done
[90/185] Fetching gettext-runtime-0.21.pkg: .......... done
[91/185] Fetching freetype2-2.11.1.pkg: .......... done
[92/185] Fetching filterlog-0.1_9.pkg: .. done
[93/185] Fetching filterdns-2.0_6.pkg: ... done
[94/185] Fetching expiretable-0.6_2.pkg: . done
[95/185] Fetching expat-2.4.7.pkg: .......... done
[96/185] Fetching dpinger-3.2.pkg: .. done
[97/185] Fetching dnsmasq-2.86_3,1.pkg: .......... done
[98/185] Fetching dhcpleases6-0.1_3.pkg: .. done
[99/185] Fetching dhcpleases-0.5_1.pkg: .. done
[100/185] Fetching dhcp6-20080615.2_4.pkg: .......... done
[101/185] Fetching darkstat-3.0.721.pkg: ........ done
[102/185] Fetching curl-7.83.1.pkg: .......... done
[103/185] Fetching cpustats-0.1_1.pkg: . done
[104/185] Fetching cpdup-1.22.pkg: .... done
[105/185] Fetching choparp-20150613.pkg: . done
[106/185] Fetching check_reload_status-0.0.11.pkg: .... done
[107/185] Fetching ca_root_nss-3.76.pkg: .......... done
[108/185] Fetching bsnmp-ucd-0.4.5.pkg: .. done
[109/185] Fetching bsnmp-regex-0.6_2.pkg: ... done
[110/185] Fetching bind-tools-9.16.26.pkg: .......... done
[111/185] Fetching bandwidthd-2.0.1_12.pkg: .... done
[112/185] Fetching arm64resetbutton-0.3.pkg: . done
[113/185] Fetching dbus-1.12.20_5.pkg: .......... done
1082806272:error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-aarch64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_lib.c:283:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/CN=repo00.atx.netgate.com
1082806272:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-aarch64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1916:
Child process pid=5279 terminated abnormally: Segmentation fault
Failed
                                    1 Reply Last reply Reply Quote 0
                                    • S
                                      stephenw10 Netgate Administrator
                                      last edited by Jan 3, 2023, 3:52 PM

                                      Hmm, that's odd. Do you see that repeatedly? At the same package?

                                      D 1 Reply Last reply Jan 3, 2023, 10:57 PM Reply Quote 0
                                      • D
                                        derrley @stephenw10
                                        last edited by Jan 3, 2023, 10:57 PM

                                        @stephenw10 A second attempt without a power cycle succeeded. Note that I was upgrading from something fairly old, with no support for the crypto hardware at all. (I don't very aggressively update this box. Life gets in the way.) Before power cycling I verified that the issue happened again. So, power cycle was required to fix the first time but not the second time.

                                        1 Reply Last reply Reply Quote 0
                                        • S
                                          stephenw10 Netgate Administrator
                                          last edited by Jan 4, 2023, 1:37 AM

                                          Hmm, interesting. The crypto hardware in the 1100 has always been supported since it was released. A fix went into 21.02 that addressed the common ways this condition was triggered but it appears still possible in certain circumstances. If you were running an older version then power-cycling should have resolved it.

                                          GertjanG 1 Reply Last reply Jan 4, 2023, 8:13 AM Reply Quote 0
                                          28 out of 43
                                          • First post
                                            28/43
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.