Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    repo01.netgate.com TLS cert seems invalid

    Scheduled Pinned Locked Moved Official Netgate® Hardware
    43 Posts 9 Posters 9.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      seanmcb @stephenw10
      last edited by

      @stephenw10 said in repo01.netgate.com TLS cert seems invalid:

      pfSense-upgrade -d

      [21.05-RELEASE][admin@pfSense.localdomain]/root: pfSense-upgrade -d
>>> Updating repositories metadata... 
Updating pfSense-core repository catalogue...
Fetching meta.conf: . done
1082880000:error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib:/usr/local/poudriere/jails/pfSense_plus-v21_05_aarch64/usr/src/crypto/openssl/ssl/statem/statem_lib.c:283:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/CN=repo01.netgate.com
1082880000:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:/usr/local/poudriere/jails/pfSense_plus-v21_05_aarch64/usr/src/crypto/openssl/crypto/asn1/a_verify.c:170:
1082880000:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/local/poudriere/jails/pfSense_plus-v21_05_aarch64/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Child process pid=62247 terminated abnormally: Segmentation fault
      M 1 Reply Last reply Reply Quote 0
      • M
        mer @seanmcb
        last edited by mer

        @seanmcb What hardware are you doing this on? My reason for asking is I had a very similar issue on a SG2100 (symptom of segfault was the same). Power cycling (not rebooting) cleared the issue. Literally, shutdown the system, removed power for at least 30 secs, then reapplied power. Issue went away. Suspect that openssl is using crypto hardware that can get wedged and the only cure is power cycle.

        I have no opinion on the validity of the certificate.

        S 1 Reply Last reply Reply Quote 0
        • S
          seanmcb @mer
          last edited by

          @mer My hardware is a Netgate SG-1100.

          I could try a power cycle, but I'm not in a big rush to update, and this bug is reproducible for the moment, so it's a chance to debug it, and maybe solve it.

          M 1 Reply Last reply Reply Quote 1
          • M
            mer @seanmcb
            last edited by

            @seanmcb That's good, but my point is that if the root cause is the hardware itself getting wedged, there's not much debugging that can actually be done. Hopefully the netgate folks may have some commands that would say "yep hardware is wedged, can't get more info".

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Hmm, so it hits that when you try to upgrade but 'pkg-static update' completes successfully?

              That's odd. I would expect both to fail.

              With that error on an SG-1100 though it's almost certainly the crypto hardware issue. If you power cycle it and it then succeeds that would confirm it.

              Steve

              S 1 Reply Last reply Reply Quote 0
              • S
                seanmcb @stephenw10
                last edited by

                @stephenw10 said in repo01.netgate.com TLS cert seems invalid:

                Hmm, so it hits that when you try to upgrade but 'pkg-static update' completes successfully?

                pkg-static update has not been mentioned in this thread. I did not try it. So far I tried to update in the GUI and with pfSense-upgrade -d. Both have failed.

                With that error on an SG-1100 though it's almost certainly the crypto hardware issue. If you power cycle it and it then succeeds that would confirm it.

                I'll reboot it when home tonight.

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Mmm, my bad. But pkg -d update succeeded. You might try pkg-static -d update too just for reference before you reboot,

                  Steve

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    seanmcb @stephenw10
                    last edited by

                    After a magic reboot, updating from the GUI failed again, but pkg-static -d update worked.

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Hmm, OK. What about pfSense-upgrade -d at the command line?

                      S 1 Reply Last reply Reply Quote 0
                      • S
                        seanmcb @stephenw10
                        last edited by

                        @stephenw10 That would have been my 3rd try, but after reboot I tried: GUI, then pkg-static -d update and the latter worked. Is there point in still running the other command?

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          The update commands just update the package database. The upgrade command will actually try to upgrade to 21.05.1.

                          Steve

                          S 1 Reply Last reply Reply Quote 0
                          • S
                            seanmcb @stephenw10
                            last edited by

                            @stephenw10 mmmm, you sure? Because after:

                            • magic reboot
                            • pkg-static -d update
                            • requisitie reboot

                            The GUI shows me at 21.05.1 and says 'no updates available'.

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              Hmm, OK well then I'd suggest it did in fact succeed at some point previously via the GUI.

                              There is no harm in running the upgrade command from the CLI. It will just show you there are no updates available if it has upgraded already.

                              Steve

                              G 1 Reply Last reply Reply Quote 0
                              • G
                                gzorn @stephenw10
                                last edited by

                                I had the same problem with the TLS cert on an SG-1100 updating to 21.05.1
                                Confirming that power cycling (system halt, pull power for 1 minute, plug in) fixed the problem.
                                Happy to be on the latest branch!
                                -Greg

                                1 Reply Last reply Reply Quote 1
                                • johnpozJ johnpoz referenced this topic on
                                • johnpozJ johnpoz referenced this topic on
                                • johnpozJ johnpoz referenced this topic on
                                • johnpozJ johnpoz referenced this topic on
                                • johnpozJ johnpoz referenced this topic on
                                • johnpozJ johnpoz referenced this topic on
                                • D
                                  derrley
                                  last edited by

                                  A power cycle on the SG-1100 fixed this problem for me as well, except it failed again after the 113th package download. Yikes.

                                  >>> Updating repositories metadata... 
Updating pfSense-core repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: . done
Processing entries: . done
pfSense-core repository update completed. 6 packages processed.
Updating pfSense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
pfSense repository update completed. 513 packages processed.
All repositories are up to date.
>>> Locking package pkg... done.
>>> Removing vital flag from php72... done.
>>> Unlocking package pkg... done.
>>> Downloading upgrade packages... 
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking for upgrades (176 candidates): .......... done
Processing candidates (176 candidates): ....... done
The following 246 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
	aws-sdk-php72: 3.103.2
	php72: 7.2.29
	php72-bcmath: 7.2.29
	php72-bz2: 7.2.29
	php72-ctype: 7.2.29
	php72-curl: 7.2.29
	php72-dom: 7.2.29
	php72-filter: 7.2.29
	php72-gettext: 7.2.29
	php72-hash: 7.2.29
	php72-intl: 7.2.29
	php72-json: 7.2.29
	php72-ldap: 7.2.29
	php72-mbstring: 7.2.29
	php72-opcache: 7.2.29
	php72-openssl: 7.2.29
	php72-openssl_x509_crl: 1.2
	php72-pcntl: 7.2.29
	php72-pdo: 7.2.29
	php72-pdo_sqlite: 7.2.29
	php72-pear: 1.10.6
	php72-pear-Auth_RADIUS: 1.1.0_4
	php72-pear-Cache_Lite: 1.7.16,1
	php72-pear-Crypt_CHAP: 1.5.0
	php72-pear-HTTP_Request2: 2.3.0,1
	php72-pear-Mail: 1.4.1,1
	php72-pear-Net_Growl: 2.7.0
	php72-pear-Net_IPv6: 1.3.0.b2_2
	php72-pear-Net_SMTP: 1.9.0
	php72-pear-Net_Socket: 1.0.14
	php72-pear-Net_URL2: 2.2.1
	php72-pear-XML_RPC2: 1.1.4
	php72-pecl-mcrypt: 1.0.3
	php72-pecl-radius: 1.4.0.b1
	php72-pecl-rrd: 2.0.1_1
	php72-pecl-zmq: 1.1.3_3
	php72-pfSense-module: 0.65_1
	php72-posix: 7.2.29
	php72-readline: 7.2.29
	php72-session: 7.2.29
	php72-shmop: 7.2.29
	php72-simplepie: 1.5.1_1
	php72-simplexml: 7.2.29
	php72-sockets: 7.2.29
	php72-sqlite3: 7.2.29
	php72-sysvmsg: 7.2.29
	php72-sysvsem: 7.2.29
	php72-sysvshm: 7.2.29
	php72-tokenizer: 7.2.29
	php72-xml: 7.2.29
	php72-xmlreader: 7.2.29
	php72-xmlwriter: 7.2.29
	php72-zlib: 7.2.29
	py37-ply: 3.11
	py37-setuptools: 41.4.0_1
	python37: 3.7.7

New packages to be INSTALLED:
	aws-sdk-php74: 3.185.15 [pfSense]
	ccid: 1.4.36 [pfSense]
	cyrus-sasl: 2.1.28 [pfSense]
	dbus: 1.12.20_5 [pfSense]
	iftop: 1.0.p4 [pfSense]
	libinotify: 20211018 [pfSense]
	libpsl: 0.21.1_3 [pfSense]
	libssh2: 1.10.0,3 [pfSense]
	libuv: 1.42.0 [pfSense]
	mpdecimal: 2.5.1 [pfSense]
	nss_ldap: 1.265_14 [pfSense]
	openldap24-client: 2.4.59_4 [pfSense]
	openpgm: 5.2.122_6 [pfSense]
	opensc: 0.22.0 [pfSense]
	pam_ldap: 186_1 [pfSense]
	pam_mkhomedir: 0.2 [pfSense]
	pcre2: 10.39 [pfSense]
	pcsc-lite: 1.9.4,2 [pfSense]
	php74: 7.4.28 [pfSense]
	php74-bcmath: 7.4.28 [pfSense]
	php74-bz2: 7.4.28 [pfSense]
	php74-ctype: 7.4.28 [pfSense]
	php74-curl: 7.4.28 [pfSense]
	php74-dom: 7.4.28 [pfSense]
	php74-filter: 7.4.28 [pfSense]
	php74-gettext: 7.4.28 [pfSense]
	php74-intl: 7.4.28 [pfSense]
	php74-json: 7.4.28 [pfSense]
	php74-ldap: 7.4.28 [pfSense]
	php74-libbe: 0.1.4 [pfSense]
	php74-mbstring: 7.4.28 [pfSense]
	php74-opcache: 7.4.28 [pfSense]
	php74-openssl: 7.4.28 [pfSense]
	php74-openssl_x509_crl: 1.3 [pfSense]
	php74-pcntl: 7.4.28 [pfSense]
	php74-pdo: 7.4.28 [pfSense]
	php74-pdo_sqlite: 7.4.28 [pfSense]
	php74-pear: 1.10.12 [pfSense]
	php74-pear-Auth_RADIUS: 1.1.0_4 [pfSense]
	php74-pear-Cache_Lite: 1.8.3,1 [pfSense]
	php74-pear-Crypt_CHAP: 1.5.0 [pfSense]
	php74-pear-HTTP_Request2: 2.5.1,1 [pfSense]
	php74-pear-Mail: 1.4.1,1 [pfSense]
	php74-pear-Net_IPv6: 1.3.0.b2_2 [pfSense]
	php74-pear-Net_SMTP: 1.10.0 [pfSense]
	php74-pear-Net_Socket: 1.2.2 [pfSense]
	php74-pear-Net_URL2: 2.2.1 [pfSense]
	php74-pear-XML_RPC2: 1.1.4 [pfSense]
	php74-pecl-mcrypt: 1.0.4 [pfSense]
	php74-pecl-radius: 1.4.0b1_1 [pfSense]
	php74-pecl-rrd: 2.0.3 [pfSense]
	php74-pfSense-module: 0.81 [pfSense]
	php74-phpseclib: 2.0.17 [pfSense]
	php74-posix: 7.4.28 [pfSense]
	php74-readline: 7.4.28 [pfSense]
	php74-session: 7.4.28 [pfSense]
	php74-shmop: 7.4.28 [pfSense]
	php74-simplepie: 1.5.1_1 [pfSense]
	php74-simplexml: 7.4.28 [pfSense]
	php74-sockets: 7.4.28 [pfSense]
	php74-sqlite3: 7.4.28 [pfSense]
	php74-sysvmsg: 7.4.28 [pfSense]
	php74-sysvsem: 7.4.28 [pfSense]
	php74-sysvshm: 7.4.28 [pfSense]
	php74-tokenizer: 7.4.28 [pfSense]
	php74-xml: 7.4.28 [pfSense]
	php74-xmlreader: 7.4.28 [pfSense]
	php74-xmlwriter: 7.4.28 [pfSense]
	php74-zlib: 7.4.28 [pfSense]
	py38-libzfs: 1.1.2022021400 [pfSense]
	py38-ply: 3.11 [pfSense]
	py38-setuptools: 57.0.0 [pfSense]
	python38: 3.8.12_2 [pfSense]

Installed packages to be UPGRADED:
	arm64resetbutton: 0.2 -> 0.3 [pfSense]
	bind-tools: 9.14.12 -> 9.16.26 [pfSense]
	bsnmp-ucd: 0.4.4 -> 0.4.5 [pfSense]
	ca_root_nss: 3.51 -> 3.76 [pfSense]
	check_reload_status: 0.0.8_1 -> 0.0.11 [pfSense]
	cpdup: 1.20 -> 1.22 [pfSense]
	curl: 7.68.0 -> 7.83.1 [pfSense]
	darkstat: 3.0.719 -> 3.0.721 [pfSense]
	dhcp6: 20080615.2_2 -> 20080615.2_4 [pfSense]
	dhcpleases: 0.3_3 -> 0.5_1 [pfSense]
	dnsmasq: 2.80_4,1 -> 2.86_3,1 [pfSense]
	dpinger: 3.0 -> 3.2 [pfSense]
	expat: 2.2.8 -> 2.4.7 [pfSense]
	expiretable: 0.6_1 -> 0.6_2 [pfSense]
	filterdns: 2.0_4 -> 2.0_6 [pfSense]
	filterlog: 0.1_5 -> 0.1_9 [pfSense]
	freetype2: 2.10.1 -> 2.11.1 [pfSense]
	gettext-runtime: 0.20.1 -> 0.21 [pfSense]
	glib: 2.56.3_7,1 -> 2.70.4_1,2 [pfSense]
	gmp: 6.1.2_1 -> 6.2.1 [pfSense]
	hostapd: 2.9 -> 2.10 [pfSense]
	icu: 65.1,1 -> 70.1_1,1 [pfSense]
	igmpproxy: 0.2.1_1,1 -> 0.3,1 [pfSense]
	ipmitool: 1.8.18_2 -> 1.8.18_3 [pfSense]
	isc-dhcp44-client: 4.4.1_1 -> 4.4.2P1 [pfSense]
	isc-dhcp44-relay: 4.4.1 -> 4.4.2P1 [pfSense]
	isc-dhcp44-server: 4.4.1_4 -> 4.4.2P1_1 [pfSense]
	jpeg-turbo: 2.0.3 -> 2.1.3 [pfSense]
	json-c: 0.14 -> 0.15_1 [pfSense]
	ldns: 1.7.1_1 -> 1.8.1 [pfSense]
	libedit: 3.1.20191211,1 -> 3.1.20210910,1 [pfSense]
	libevent: 2.1.11 -> 2.1.12 [pfSense]
	libffi: 3.2.1_3 -> 3.3_1 [pfSense]
	libgcrypt: 1.8.5 -> 1.9.4 [pfSense]
	libgd: 2.2.5_2,1 -> 2.3.3,1 [pfSense]
	libgpg-error: 1.36 -> 1.44 [pfSense]
	libiconv: 1.14_11 -> 1.16 [pfSense]
	libidn2: 2.3.0_1 -> 2.3.2 [pfSense]
	liblz4: 1.9.2,1 -> 1.9.3,1 [pfSense]
	libnghttp2: 1.40.0 -> 1.46.0 [pfSense]
	libunistring: 0.9.10_1 -> 1.0 [pfSense]
	libxml2: 2.9.10 -> 2.9.12 [pfSense]
	libxslt: 1.1.34 -> 1.1.34_2 [pfSense]
	libzmq4: 4.3.1_1 -> 4.3.4 [pfSense]
	links: 2.16_2,1 -> 2.25,1 [pfSense]
	lua-resty-core: 0.1.17 -> 0.1.22 [pfSense]
	lua-resty-lrucache: 0.09 -> 0.11 [pfSense]
	luajit-openresty: 2.1.20190912_2 -> 2.1.20220310 [pfSense]
	miniupnpd: 2.1.20190210,1 -> 2.2.1_1,1 [pfSense]
	mobile-broadband-provider-info: 20190618_1 -> 20210805 [pfSense]
	mpd5: 5.8_10 -> 5.9_7 [pfSense]
	netgate-ca: 20191211 -> 20210105 [pfSense]
	netgate-ping-auth: 20200310 -> 20212005 [pfSense]
	nettle: 3.5.1_1 -> 3.7.3 [pfSense]
	nginx: 1.16.1_11,2 -> 1.20.2_9,2 [pfSense]
	norm: 1.5r6 -> 1.5r6_1 [pfSense]
	ntp: 4.2.8p14 -> 4.2.8p15_5 [pfSense]
	oniguruma: 6.9.3 -> 6.9.7.1 [pfSense]
	openvpn: 2.4.9 -> 2.6.0_8 [pfSense]
	pcre: 8.43_2 -> 8.45 [pfSense]
	perl5: 5.30.1 -> 5.32.1_1 [pfSense]
	pfSense: 2.4.5_1 -> 22.05 [pfSense]
	pfSense-Status_Monitoring: 1.7.11_3 -> 1.7.11_4 [pfSense]
	pfSense-base: 2.4.5_1 -> 22.05 [pfSense-core]
	pfSense-default-config-serial: 2.4.5_1 -> 22.05 [pfSense-core]
	pfSense-kernel-pfSense: 2.4.5_1 -> 22.05 [pfSense-core]
	pfSense-pkg-aws-wizard: 0.8 -> 0.10 [pfSense]
	pfSense-pkg-bandwidthd: 0.7.4_4 -> 0.7.4_5 [pfSense]
	pfSense-pkg-ipsec-profile-wizard: 1.0_2 -> 1.0_6 [pfSense]
	pfSense-rc: 2.4.5_1 -> 22.05 [pfSense-core]
	pfSense-u-boot-1100: 20181122 -> 20220428 [pfSense]
	pfSense-u-boot-env: 20200316 -> 20220429 [pfSense]
	png: 1.6.37 -> 1.6.37_1 [pfSense]
	radvd: 2.18_2 -> 2.19_2 [pfSense]
	rate: 0.9_1 -> 0.9_2 [pfSense]
	readline: 8.0.1 -> 8.1.2 [pfSense]
	rrdtool: 1.7.2_1 -> 1.7.2_4 [pfSense]
	scponly: 4.8.20110526_4 -> 4.8.20110526_5 [pfSense]
	smartmontools: 7.0_2 -> 7.3 [pfSense]
	softflowd: 1.0.0 -> 1.0.0_1 [pfSense]
	sqlite3: 3.30.1 -> 3.37.2,1 [pfSense]
	ssh_tunnel_shell: 0.1_2 -> 0.2_1 [pfSense]
	sshguard: 2.4.0_4,1 -> 2.4.2_1,1 [pfSense]
	strongswan: 5.8.4 -> 5.9.5 [pfSense]
	tiff: 4.1.0 -> 4.3.0 [pfSense]
	unbound: 1.10.1 -> 1.15.0_1 [pfSense]
	webp: 1.0.3_1 -> 1.2.2 [pfSense]
	wpa_supplicant: 2.9 -> 2.10 [pfSense]

Installed packages to be REINSTALLED:
	bandwidthd-2.0.1_12 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	bsnmp-regex-0.6_2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	choparp-20150613 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	cpustats-0.1_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	dhcpleases6-0.1_3 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	giflib-5.2.1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	indexinfo-0.3.1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	jbigkit-2.1_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	libargon2-20190702 [pfSense]
	libdaemon-0.14_1 [pfSense]
	libltdl-2.4.6 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	libmcrypt-2.5.8_3 [pfSense]
	libucl-0.8.1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	lzo2-2.10_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	minicron-0.0.2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	openvpn-auth-script-1.0.0.3 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	pfSense-pkg-darkstat-3.1.3_5 [pfSense]
	pfSense-pkg-softflowd-1.2.6_1 [pfSense]
	pfSense-repo-22.05_14 [pfSense]
	pfSense-upgrade-1.0_29 [pfSense]
	pftop-0.7_9 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	pkg-1.17.5_3 [pfSense]
	qstats-0.2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	uclcmd-0.1_3 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	voucher-0.1_2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	vstr-1.0.15_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	wol-0.7.1_4 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	xinetd-2.3.15_2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')
	zip-3.0_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')

Number of packages to be removed: 56
Number of packages to be installed: 73
Number of packages to be upgraded: 88
Number of packages to be reinstalled: 29

The process will require 66 MiB more space.
172 MiB to be downloaded.
[1/185] Fetching wpa_supplicant-2.10.pkg: .......... done
[2/185] Fetching wol-0.7.1_4.pkg: .... done
[3/185] Fetching webp-1.2.2.pkg: .......... done
[4/185] Fetching vstr-1.0.15_1.pkg: .......... done
[5/185] Fetching voucher-0.1_2.pkg: . done
[6/185] Fetching unbound-1.15.0_1.pkg: .......... done
[7/185] Fetching uclcmd-0.1_3.pkg: .. done
[8/185] Fetching tiff-4.3.0.pkg: .......... done
[9/185] Fetching strongswan-5.9.5.pkg: .......... done
[10/185] Fetching sshguard-2.4.2_1,1.pkg: .......... done
[11/185] Fetching ssh_tunnel_shell-0.2_1.pkg: .......... done
[12/185] Fetching sqlite3-3.37.2,1.pkg: .......... done
[13/185] Fetching softflowd-1.0.0_1.pkg: .... done
[14/185] Fetching smartmontools-7.3.pkg: .......... done
[15/185] Fetching scponly-4.8.20110526_5.pkg: ... done
[16/185] Fetching rrdtool-1.7.2_4.pkg: .......... done
[17/185] Fetching readline-8.1.2.pkg: .......... done
[18/185] Fetching rate-0.9_2.pkg: ...... done
[19/185] Fetching radvd-2.19_2.pkg: ....... done
[20/185] Fetching qstats-0.2.pkg: . done
[21/185] Fetching png-1.6.37_1.pkg: .......... done
[22/185] Fetching pftop-0.7_9.pkg: ........ done
[23/185] Fetching pfSense-u-boot-env-20220429.pkg: .. done
[24/185] Fetching pfSense-u-boot-1100-20220428.pkg: .......... done
[25/185] Fetching pfSense-rc-22.05.pkg: .. done
[26/185] Fetching pfSense-pkg-softflowd-1.2.6_1.pkg: .. done
[27/185] Fetching pfSense-pkg-ipsec-profile-wizard-1.0_6.pkg: ... done
[28/185] Fetching pfSense-pkg-darkstat-3.1.3_5.pkg: .. done
[29/185] Fetching pfSense-pkg-bandwidthd-0.7.4_5.pkg: .. done
[30/185] Fetching pfSense-pkg-aws-wizard-0.10.pkg: .. done
[31/185] Fetching pfSense-kernel-pfSense-22.05.pkg: .......... done
[32/185] Fetching pfSense-default-config-serial-22.05.pkg: . done
[33/185] Fetching pfSense-base-22.05.pkg: .......... done
[34/185] Fetching pfSense-Status_Monitoring-1.7.11_4.pkg: ... done
[35/185] Fetching pfSense-22.05.pkg: . done
[36/185] Fetching perl5-5.32.1_1.pkg: .......... done
[37/185] Fetching pcre-8.45.pkg: .......... done
[38/185] Fetching openvpn-auth-script-1.0.0.3.pkg: . done
[39/185] Fetching openvpn-2.6.0_8.pkg: .......... done
[40/185] Fetching oniguruma-6.9.7.1.pkg: .......... done
[41/185] Fetching ntp-4.2.8p15_5.pkg: .......... done
[42/185] Fetching norm-1.5r6_1.pkg: .......... done
[43/185] Fetching nginx-1.20.2_9,2.pkg: .......... done
[44/185] Fetching nettle-3.7.3.pkg: .......... done
[45/185] Fetching netgate-ping-auth-20212005.pkg: .. done
[46/185] Fetching netgate-ca-20210105.pkg: ..... done
[47/185] Fetching mpd5-5.9_7.pkg: .......... done
[48/185] Fetching mobile-broadband-provider-info-20210805.pkg: ........ done
[49/185] Fetching miniupnpd-2.2.1_1,1.pkg: ........ done
[50/185] Fetching minicron-0.0.2.pkg: . done
[51/185] Fetching lzo2-2.10_1.pkg: .......... done
[52/185] Fetching luajit-openresty-2.1.20220310.pkg: .......... done
[53/185] Fetching lua-resty-lrucache-0.11.pkg: . done
[54/185] Fetching lua-resty-core-0.1.22.pkg: .... done
[55/185] Fetching links-2.25,1.pkg: .......... done
[56/185] Fetching libzmq4-4.3.4.pkg: .......... done
[57/185] Fetching libxslt-1.1.34_2.pkg: .......... done
[58/185] Fetching libxml2-2.9.12.pkg: .......... done
[59/185] Fetching libunistring-1.0.pkg: .......... done
[60/185] Fetching libucl-0.8.1.pkg: .......... done
[61/185] Fetching libnghttp2-1.46.0.pkg: .......... done
[62/185] Fetching libmcrypt-2.5.8_3.pkg: .......... done
[63/185] Fetching liblz4-1.9.3,1.pkg: .......... done
[64/185] Fetching libltdl-2.4.6.pkg: ..... done
[65/185] Fetching libidn2-2.3.2.pkg: .......... done
[66/185] Fetching libiconv-1.16.pkg: .......... done
[67/185] Fetching libgpg-error-1.44.pkg: .......... done
[68/185] Fetching libgd-2.3.3,1.pkg: .......... done
[69/185] Fetching libgcrypt-1.9.4.pkg: .......... done
[70/185] Fetching libffi-3.3_1.pkg: ..... done
[71/185] Fetching libevent-2.1.12.pkg: .......... done
[72/185] Fetching libedit-3.1.20210910,1.pkg: .......... done
[73/185] Fetching libdaemon-0.14_1.pkg: .... done
[74/185] Fetching libargon2-20190702.pkg: ........ done
[75/185] Fetching ldns-1.8.1.pkg: .......... done
[76/185] Fetching json-c-0.15_1.pkg: ........ done
[77/185] Fetching jpeg-turbo-2.1.3.pkg: .......... done
[78/185] Fetching jbigkit-2.1_1.pkg: ........ done
[79/185] Fetching isc-dhcp44-server-4.4.2P1_1.pkg: .......... done
[80/185] Fetching isc-dhcp44-relay-4.4.2P1.pkg: .......... done
[81/185] Fetching isc-dhcp44-client-4.4.2P1.pkg: .......... done
[82/185] Fetching ipmitool-1.8.18_3.pkg: .......... done
[83/185] Fetching indexinfo-0.3.1.pkg: . done
[84/185] Fetching igmpproxy-0.3,1.pkg: ... done
[85/185] Fetching icu-70.1_1,1.pkg: .......... done
[86/185] Fetching hostapd-2.10.pkg: .......... done
[87/185] Fetching gmp-6.2.1.pkg: .......... done
[88/185] Fetching glib-2.70.4_1,2.pkg: .......... done
[89/185] Fetching giflib-5.2.1.pkg: ......... done
[90/185] Fetching gettext-runtime-0.21.pkg: .......... done
[91/185] Fetching freetype2-2.11.1.pkg: .......... done
[92/185] Fetching filterlog-0.1_9.pkg: .. done
[93/185] Fetching filterdns-2.0_6.pkg: ... done
[94/185] Fetching expiretable-0.6_2.pkg: . done
[95/185] Fetching expat-2.4.7.pkg: .......... done
[96/185] Fetching dpinger-3.2.pkg: .. done
[97/185] Fetching dnsmasq-2.86_3,1.pkg: .......... done
[98/185] Fetching dhcpleases6-0.1_3.pkg: .. done
[99/185] Fetching dhcpleases-0.5_1.pkg: .. done
[100/185] Fetching dhcp6-20080615.2_4.pkg: .......... done
[101/185] Fetching darkstat-3.0.721.pkg: ........ done
[102/185] Fetching curl-7.83.1.pkg: .......... done
[103/185] Fetching cpustats-0.1_1.pkg: . done
[104/185] Fetching cpdup-1.22.pkg: .... done
[105/185] Fetching choparp-20150613.pkg: . done
[106/185] Fetching check_reload_status-0.0.11.pkg: .... done
[107/185] Fetching ca_root_nss-3.76.pkg: .......... done
[108/185] Fetching bsnmp-ucd-0.4.5.pkg: .. done
[109/185] Fetching bsnmp-regex-0.6_2.pkg: ... done
[110/185] Fetching bind-tools-9.16.26.pkg: .......... done
[111/185] Fetching bandwidthd-2.0.1_12.pkg: .... done
[112/185] Fetching arm64resetbutton-0.3.pkg: . done
[113/185] Fetching dbus-1.12.20_5.pkg: .......... done
1082806272:error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-aarch64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_lib.c:283:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/CN=repo00.atx.netgate.com
1082806272:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-aarch64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1916:
Child process pid=5279 terminated abnormally: Segmentation fault
Failed
                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Hmm, that's odd. Do you see that repeatedly? At the same package?

                                    D 1 Reply Last reply Reply Quote 0
                                    • D
                                      derrley @stephenw10
                                      last edited by

                                      @stephenw10 A second attempt without a power cycle succeeded. Note that I was upgrading from something fairly old, with no support for the crypto hardware at all. (I don't very aggressively update this box. Life gets in the way.) Before power cycling I verified that the issue happened again. So, power cycle was required to fix the first time but not the second time.

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        Hmm, interesting. The crypto hardware in the 1100 has always been supported since it was released. A fix went into 21.02 that addressed the common ways this condition was triggered but it appears still possible in certain circumstances. If you were running an older version then power-cycling should have resolved it.

                                        GertjanG 1 Reply Last reply Reply Quote 0
                                        • D
                                          derrley
                                          last edited by

                                          @stephenw10 hm. That's interesting. Am I confused about something? What does this post refer to not being supported initially? https://forum.netgate.com/topic/139983/sg-1100-crypto-hardware

                                          stephenw10S 1 Reply Last reply Reply Quote 0
                                          • GertjanG
                                            Gertjan @stephenw10
                                            last edited by

                                            @stephenw10 said in repo01.netgate.com TLS cert seems invalid:

                                            A fix went into 21.02 that addressed the common ways

                                            If I see this

                                            (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64')

                                            pfSense with FreeBSD "11" is really old ...

                                            and this :

                                            @derrley said in repo01.netgate.com TLS cert seems invalid:

                                            Note that I was upgrading from something fairly old,

                                            the crypto bug could have been there while upgrading.

                                            If the upgrade worked out, and the pfSense version is now recent, the issue is auto solved.

                                            No "help me" PM's please. Use the forum, the community will thank you.
                                            Edit : and where are the logs ??

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.