SG-1100 Won't update to latest build, can't install ACME



  • I suspect the two are related. My attempt to install ACME results in:

    Installing pfSense-pkg-acme...
    Updating pfSense-core repository catalogue...
    7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
    7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
    pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/meta.txz: Authentication error
    repository pfSense-core has no meta file, using default settings
    7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
    Child process pid=47572 terminated abnormally: Segmentation fault
    Failed

    And it doesn't even notice the update to 2.4.4 p3:
    Current Base System 2.4.4_2
    Latest Base System 2.4.4_2
    Status Up to date.

    What's going on? How do I get this unwound?


  • Rebel Alliance Netgate Administrator

    Can you try the "update troubleshooting" steps listed on our blog post?

    https://www.netgate.com/blog/pfsense-2-4-4-release-p3-now-available.html



  • I ran that script and got:

    The following package files will be deleted:
    /var/cache/pkg/pkg
    /var/cache/pkg/pfSense-repo-2.4.4_4-fd2d351fba.txz
    /var/cache/pkg/netgate-ping-auth-20181211.txz
    /var/cache/pkg/pfSense-repo-2.4.4_4.txz
    /var/cache/pkg/pfSense-upgrade-0.62_1-555b7673dc.txz
    /var/cache/pkg/pfSense-upgrade-0.62_1.txz
    /var/cache/pkg/netgate-ping-auth-20181211-1cdf536131.txz
    The cleanup will free 27 KiB
    Deleting files: ....... done
    All done
    Updating pfSense-core repository catalogue...
    7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
    7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
    7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
    pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/meta.txz: Authentication error
    repository pfSense-core has no meta file, using default settings
    Child process pid=71119 terminated abnormally: Segmentation fault

    returning to the update page it still tells me I'm on the current version. I switched to the dev branch and back. No help. I then tried the next suggestion:

    Shell Output - pkg-static update -f
    Updating pfSense-core repository catalogue...
    7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
    7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
    7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
    pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/meta.txz: Authentication error
    repository pfSense-core has no meta file, using default settings
    Child process pid=71183 terminated abnormally: Segmentation fault

    as for the log file, your doc needs updating. The file is at /cf/conf/upgrade_log.txt, not /conf/upgrade_log.latest.txt. Content:

    Updating repositories metadata...
    Updating pfSense-core repository catalogue...
    7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
    7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
    pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/meta.txz: Authentication error
    repository pfSense-core has no meta file, using default settings
    7407188:error:14099044:SSL routines:ssl3_send_client_verify:internal error:/usr/local/poudriere/jails/pfSense_factory-v2_4_4_aarch64/usr/src/crypto/openssl/ssl/s3_clnt.c:3266:
    Child process pid=62559 terminated abnormally: Segmentation fault


  • Rebel Alliance Netgate Administrator

    Can you get me the output of the following:

    /usr/local/bin/ping-auth.sh
    

    and

    /usr/local/sbin/ping-auth -s
    

    as well as:

    /usr/bin/openssl ec -in /etc/thoth/key.pem -noout -text
    

    Thanks!



  • It has private key info in it. Is there some way I can send to you directly so my private key data isn't published for the world to see? Although, I can quickly see the private key is clearly some small text string, and not really a proper key.


  • Rebel Alliance Netgate Administrator

    The PUB block from that should be enough.



    Shell Output - /usr/local/bin/ping-auth.sh
    fail.

    Shell Output - /usr/local/sbin/ping-auth -s
    0123bab896a38ba9ee

    Shell Output - /usr/bin/openssl ec -in /etc/thoth/key.pem -noout -text
    read EC key
    Private-Key: (256 bit)
    priv:
    <removed>

    pub:
    04:68:5e:4f:47: cd:76:16:59:c0:ea:44:39:b1:62:
    ff:da:68:91:83:ce:5a:cf:c9:7a:58:34:fa:0f:7f:
    ff:1f:4c:df:9a:78:7f:40:c9:e3:39:07:23:89:35:
    a3:35:cb:62:53:4e:85:f0:12:2b:35:b3:9f:1f:5b:
    c5:e5:c0:e9:0d
    ASN1 OID: prime256v1
    NIST CURVE: P-256


  • Rebel Alliance Netgate Administrator

    Thanks for that information.

    Let's move this into a ticket, can you open one up at https://go.netgate.com please?

    When opening your ticket, please include your Netgate Device ID, and reference this thread.

    Thanks!




Log in to reply