repo01.netgate.com TLS cert seems invalid
-
@stephenw10 the failure I'm seeing is as per my first message in this thread. The update fails with the error message text I pasted.
-
Hmm, OK try running at the command line:
pfSense-upgrade -d
-
@stephenw10 said in repo01.netgate.com TLS cert seems invalid:
pfSense-upgrade -d
[21.05-RELEASE][admin@pfSense.localdomain]/root: pfSense-upgrade -d >>> Updating repositories metadata... Updating pfSense-core repository catalogue... Fetching meta.conf: . done 1082880000:error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib:/usr/local/poudriere/jails/pfSense_plus-v21_05_aarch64/usr/src/crypto/openssl/ssl/statem/statem_lib.c:283: Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/CN=repo01.netgate.com 1082880000:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:/usr/local/poudriere/jails/pfSense_plus-v21_05_aarch64/usr/src/crypto/openssl/crypto/asn1/a_verify.c:170: 1082880000:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/local/poudriere/jails/pfSense_plus-v21_05_aarch64/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915: Child process pid=62247 terminated abnormally: Segmentation fault
-
@seanmcb What hardware are you doing this on? My reason for asking is I had a very similar issue on a SG2100 (symptom of segfault was the same). Power cycling (not rebooting) cleared the issue. Literally, shutdown the system, removed power for at least 30 secs, then reapplied power. Issue went away. Suspect that openssl is using crypto hardware that can get wedged and the only cure is power cycle.
I have no opinion on the validity of the certificate.
-
@mer My hardware is a Netgate SG-1100.
I could try a power cycle, but I'm not in a big rush to update, and this bug is reproducible for the moment, so it's a chance to debug it, and maybe solve it.
-
@seanmcb That's good, but my point is that if the root cause is the hardware itself getting wedged, there's not much debugging that can actually be done. Hopefully the netgate folks may have some commands that would say "yep hardware is wedged, can't get more info".
-
Hmm, so it hits that when you try to upgrade but 'pkg-static update' completes successfully?
That's odd. I would expect both to fail.
With that error on an SG-1100 though it's almost certainly the crypto hardware issue. If you power cycle it and it then succeeds that would confirm it.
Steve
-
@stephenw10 said in repo01.netgate.com TLS cert seems invalid:
Hmm, so it hits that when you try to upgrade but 'pkg-static update' completes successfully?
pkg-static update
has not been mentioned in this thread. I did not try it. So far I tried to update in the GUI and withpfSense-upgrade -d
. Both have failed.With that error on an SG-1100 though it's almost certainly the crypto hardware issue. If you power cycle it and it then succeeds that would confirm it.
I'll reboot it when home tonight.
-
Mmm, my bad. But
pkg -d update
succeeded. You might trypkg-static -d update
too just for reference before you reboot,Steve
-
After a magic reboot, updating from the GUI failed again, but
pkg-static -d update
worked. -
Hmm, OK. What about
pfSense-upgrade -d
at the command line? -
@stephenw10 That would have been my 3rd try, but after reboot I tried: GUI, then
pkg-static -d update
and the latter worked. Is there point in still running the other command? -
The update commands just update the package database. The upgrade command will actually try to upgrade to 21.05.1.
Steve
-
@stephenw10 mmmm, you sure? Because after:
- magic reboot
pkg-static -d update
- requisitie reboot
The GUI shows me at 21.05.1 and says 'no updates available'.
-
Hmm, OK well then I'd suggest it did in fact succeed at some point previously via the GUI.
There is no harm in running the upgrade command from the CLI. It will just show you there are no updates available if it has upgraded already.
Steve
-
I had the same problem with the TLS cert on an SG-1100 updating to 21.05.1
Confirming that power cycling (system halt, pull power for 1 minute, plug in) fixed the problem.
Happy to be on the latest branch!
-Greg -
-
-
-
-
-
-
A power cycle on the SG-1100 fixed this problem for me as well, except it failed again after the 113th package download. Yikes.
>>> Updating repositories metadata... Updating pfSense-core repository catalogue... Fetching meta.conf: . done Fetching packagesite.pkg: . done Processing entries: . done pfSense-core repository update completed. 6 packages processed. Updating pfSense repository catalogue... Fetching meta.conf: . done Fetching packagesite.pkg: .......... done Processing entries: .......... done pfSense repository update completed. 513 packages processed. All repositories are up to date. >>> Locking package pkg... done. >>> Removing vital flag from php72... done. >>> Unlocking package pkg... done. >>> Downloading upgrade packages... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking for upgrades (176 candidates): .......... done Processing candidates (176 candidates): ....... done The following 246 package(s) will be affected (of 0 checked): Installed packages to be REMOVED: aws-sdk-php72: 3.103.2 php72: 7.2.29 php72-bcmath: 7.2.29 php72-bz2: 7.2.29 php72-ctype: 7.2.29 php72-curl: 7.2.29 php72-dom: 7.2.29 php72-filter: 7.2.29 php72-gettext: 7.2.29 php72-hash: 7.2.29 php72-intl: 7.2.29 php72-json: 7.2.29 php72-ldap: 7.2.29 php72-mbstring: 7.2.29 php72-opcache: 7.2.29 php72-openssl: 7.2.29 php72-openssl_x509_crl: 1.2 php72-pcntl: 7.2.29 php72-pdo: 7.2.29 php72-pdo_sqlite: 7.2.29 php72-pear: 1.10.6 php72-pear-Auth_RADIUS: 1.1.0_4 php72-pear-Cache_Lite: 1.7.16,1 php72-pear-Crypt_CHAP: 1.5.0 php72-pear-HTTP_Request2: 2.3.0,1 php72-pear-Mail: 1.4.1,1 php72-pear-Net_Growl: 2.7.0 php72-pear-Net_IPv6: 1.3.0.b2_2 php72-pear-Net_SMTP: 1.9.0 php72-pear-Net_Socket: 1.0.14 php72-pear-Net_URL2: 2.2.1 php72-pear-XML_RPC2: 1.1.4 php72-pecl-mcrypt: 1.0.3 php72-pecl-radius: 1.4.0.b1 php72-pecl-rrd: 2.0.1_1 php72-pecl-zmq: 1.1.3_3 php72-pfSense-module: 0.65_1 php72-posix: 7.2.29 php72-readline: 7.2.29 php72-session: 7.2.29 php72-shmop: 7.2.29 php72-simplepie: 1.5.1_1 php72-simplexml: 7.2.29 php72-sockets: 7.2.29 php72-sqlite3: 7.2.29 php72-sysvmsg: 7.2.29 php72-sysvsem: 7.2.29 php72-sysvshm: 7.2.29 php72-tokenizer: 7.2.29 php72-xml: 7.2.29 php72-xmlreader: 7.2.29 php72-xmlwriter: 7.2.29 php72-zlib: 7.2.29 py37-ply: 3.11 py37-setuptools: 41.4.0_1 python37: 3.7.7 New packages to be INSTALLED: aws-sdk-php74: 3.185.15 [pfSense] ccid: 1.4.36 [pfSense] cyrus-sasl: 2.1.28 [pfSense] dbus: 1.12.20_5 [pfSense] iftop: 1.0.p4 [pfSense] libinotify: 20211018 [pfSense] libpsl: 0.21.1_3 [pfSense] libssh2: 1.10.0,3 [pfSense] libuv: 1.42.0 [pfSense] mpdecimal: 2.5.1 [pfSense] nss_ldap: 1.265_14 [pfSense] openldap24-client: 2.4.59_4 [pfSense] openpgm: 5.2.122_6 [pfSense] opensc: 0.22.0 [pfSense] pam_ldap: 186_1 [pfSense] pam_mkhomedir: 0.2 [pfSense] pcre2: 10.39 [pfSense] pcsc-lite: 1.9.4,2 [pfSense] php74: 7.4.28 [pfSense] php74-bcmath: 7.4.28 [pfSense] php74-bz2: 7.4.28 [pfSense] php74-ctype: 7.4.28 [pfSense] php74-curl: 7.4.28 [pfSense] php74-dom: 7.4.28 [pfSense] php74-filter: 7.4.28 [pfSense] php74-gettext: 7.4.28 [pfSense] php74-intl: 7.4.28 [pfSense] php74-json: 7.4.28 [pfSense] php74-ldap: 7.4.28 [pfSense] php74-libbe: 0.1.4 [pfSense] php74-mbstring: 7.4.28 [pfSense] php74-opcache: 7.4.28 [pfSense] php74-openssl: 7.4.28 [pfSense] php74-openssl_x509_crl: 1.3 [pfSense] php74-pcntl: 7.4.28 [pfSense] php74-pdo: 7.4.28 [pfSense] php74-pdo_sqlite: 7.4.28 [pfSense] php74-pear: 1.10.12 [pfSense] php74-pear-Auth_RADIUS: 1.1.0_4 [pfSense] php74-pear-Cache_Lite: 1.8.3,1 [pfSense] php74-pear-Crypt_CHAP: 1.5.0 [pfSense] php74-pear-HTTP_Request2: 2.5.1,1 [pfSense] php74-pear-Mail: 1.4.1,1 [pfSense] php74-pear-Net_IPv6: 1.3.0.b2_2 [pfSense] php74-pear-Net_SMTP: 1.10.0 [pfSense] php74-pear-Net_Socket: 1.2.2 [pfSense] php74-pear-Net_URL2: 2.2.1 [pfSense] php74-pear-XML_RPC2: 1.1.4 [pfSense] php74-pecl-mcrypt: 1.0.4 [pfSense] php74-pecl-radius: 1.4.0b1_1 [pfSense] php74-pecl-rrd: 2.0.3 [pfSense] php74-pfSense-module: 0.81 [pfSense] php74-phpseclib: 2.0.17 [pfSense] php74-posix: 7.4.28 [pfSense] php74-readline: 7.4.28 [pfSense] php74-session: 7.4.28 [pfSense] php74-shmop: 7.4.28 [pfSense] php74-simplepie: 1.5.1_1 [pfSense] php74-simplexml: 7.4.28 [pfSense] php74-sockets: 7.4.28 [pfSense] php74-sqlite3: 7.4.28 [pfSense] php74-sysvmsg: 7.4.28 [pfSense] php74-sysvsem: 7.4.28 [pfSense] php74-sysvshm: 7.4.28 [pfSense] php74-tokenizer: 7.4.28 [pfSense] php74-xml: 7.4.28 [pfSense] php74-xmlreader: 7.4.28 [pfSense] php74-xmlwriter: 7.4.28 [pfSense] php74-zlib: 7.4.28 [pfSense] py38-libzfs: 1.1.2022021400 [pfSense] py38-ply: 3.11 [pfSense] py38-setuptools: 57.0.0 [pfSense] python38: 3.8.12_2 [pfSense] Installed packages to be UPGRADED: arm64resetbutton: 0.2 -> 0.3 [pfSense] bind-tools: 9.14.12 -> 9.16.26 [pfSense] bsnmp-ucd: 0.4.4 -> 0.4.5 [pfSense] ca_root_nss: 3.51 -> 3.76 [pfSense] check_reload_status: 0.0.8_1 -> 0.0.11 [pfSense] cpdup: 1.20 -> 1.22 [pfSense] curl: 7.68.0 -> 7.83.1 [pfSense] darkstat: 3.0.719 -> 3.0.721 [pfSense] dhcp6: 20080615.2_2 -> 20080615.2_4 [pfSense] dhcpleases: 0.3_3 -> 0.5_1 [pfSense] dnsmasq: 2.80_4,1 -> 2.86_3,1 [pfSense] dpinger: 3.0 -> 3.2 [pfSense] expat: 2.2.8 -> 2.4.7 [pfSense] expiretable: 0.6_1 -> 0.6_2 [pfSense] filterdns: 2.0_4 -> 2.0_6 [pfSense] filterlog: 0.1_5 -> 0.1_9 [pfSense] freetype2: 2.10.1 -> 2.11.1 [pfSense] gettext-runtime: 0.20.1 -> 0.21 [pfSense] glib: 2.56.3_7,1 -> 2.70.4_1,2 [pfSense] gmp: 6.1.2_1 -> 6.2.1 [pfSense] hostapd: 2.9 -> 2.10 [pfSense] icu: 65.1,1 -> 70.1_1,1 [pfSense] igmpproxy: 0.2.1_1,1 -> 0.3,1 [pfSense] ipmitool: 1.8.18_2 -> 1.8.18_3 [pfSense] isc-dhcp44-client: 4.4.1_1 -> 4.4.2P1 [pfSense] isc-dhcp44-relay: 4.4.1 -> 4.4.2P1 [pfSense] isc-dhcp44-server: 4.4.1_4 -> 4.4.2P1_1 [pfSense] jpeg-turbo: 2.0.3 -> 2.1.3 [pfSense] json-c: 0.14 -> 0.15_1 [pfSense] ldns: 1.7.1_1 -> 1.8.1 [pfSense] libedit: 3.1.20191211,1 -> 3.1.20210910,1 [pfSense] libevent: 2.1.11 -> 2.1.12 [pfSense] libffi: 3.2.1_3 -> 3.3_1 [pfSense] libgcrypt: 1.8.5 -> 1.9.4 [pfSense] libgd: 2.2.5_2,1 -> 2.3.3,1 [pfSense] libgpg-error: 1.36 -> 1.44 [pfSense] libiconv: 1.14_11 -> 1.16 [pfSense] libidn2: 2.3.0_1 -> 2.3.2 [pfSense] liblz4: 1.9.2,1 -> 1.9.3,1 [pfSense] libnghttp2: 1.40.0 -> 1.46.0 [pfSense] libunistring: 0.9.10_1 -> 1.0 [pfSense] libxml2: 2.9.10 -> 2.9.12 [pfSense] libxslt: 1.1.34 -> 1.1.34_2 [pfSense] libzmq4: 4.3.1_1 -> 4.3.4 [pfSense] links: 2.16_2,1 -> 2.25,1 [pfSense] lua-resty-core: 0.1.17 -> 0.1.22 [pfSense] lua-resty-lrucache: 0.09 -> 0.11 [pfSense] luajit-openresty: 2.1.20190912_2 -> 2.1.20220310 [pfSense] miniupnpd: 2.1.20190210,1 -> 2.2.1_1,1 [pfSense] mobile-broadband-provider-info: 20190618_1 -> 20210805 [pfSense] mpd5: 5.8_10 -> 5.9_7 [pfSense] netgate-ca: 20191211 -> 20210105 [pfSense] netgate-ping-auth: 20200310 -> 20212005 [pfSense] nettle: 3.5.1_1 -> 3.7.3 [pfSense] nginx: 1.16.1_11,2 -> 1.20.2_9,2 [pfSense] norm: 1.5r6 -> 1.5r6_1 [pfSense] ntp: 4.2.8p14 -> 4.2.8p15_5 [pfSense] oniguruma: 6.9.3 -> 6.9.7.1 [pfSense] openvpn: 2.4.9 -> 2.6.0_8 [pfSense] pcre: 8.43_2 -> 8.45 [pfSense] perl5: 5.30.1 -> 5.32.1_1 [pfSense] pfSense: 2.4.5_1 -> 22.05 [pfSense] pfSense-Status_Monitoring: 1.7.11_3 -> 1.7.11_4 [pfSense] pfSense-base: 2.4.5_1 -> 22.05 [pfSense-core] pfSense-default-config-serial: 2.4.5_1 -> 22.05 [pfSense-core] pfSense-kernel-pfSense: 2.4.5_1 -> 22.05 [pfSense-core] pfSense-pkg-aws-wizard: 0.8 -> 0.10 [pfSense] pfSense-pkg-bandwidthd: 0.7.4_4 -> 0.7.4_5 [pfSense] pfSense-pkg-ipsec-profile-wizard: 1.0_2 -> 1.0_6 [pfSense] pfSense-rc: 2.4.5_1 -> 22.05 [pfSense-core] pfSense-u-boot-1100: 20181122 -> 20220428 [pfSense] pfSense-u-boot-env: 20200316 -> 20220429 [pfSense] png: 1.6.37 -> 1.6.37_1 [pfSense] radvd: 2.18_2 -> 2.19_2 [pfSense] rate: 0.9_1 -> 0.9_2 [pfSense] readline: 8.0.1 -> 8.1.2 [pfSense] rrdtool: 1.7.2_1 -> 1.7.2_4 [pfSense] scponly: 4.8.20110526_4 -> 4.8.20110526_5 [pfSense] smartmontools: 7.0_2 -> 7.3 [pfSense] softflowd: 1.0.0 -> 1.0.0_1 [pfSense] sqlite3: 3.30.1 -> 3.37.2,1 [pfSense] ssh_tunnel_shell: 0.1_2 -> 0.2_1 [pfSense] sshguard: 2.4.0_4,1 -> 2.4.2_1,1 [pfSense] strongswan: 5.8.4 -> 5.9.5 [pfSense] tiff: 4.1.0 -> 4.3.0 [pfSense] unbound: 1.10.1 -> 1.15.0_1 [pfSense] webp: 1.0.3_1 -> 1.2.2 [pfSense] wpa_supplicant: 2.9 -> 2.10 [pfSense] Installed packages to be REINSTALLED: bandwidthd-2.0.1_12 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') bsnmp-regex-0.6_2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') choparp-20150613 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') cpustats-0.1_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') dhcpleases6-0.1_3 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') giflib-5.2.1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') indexinfo-0.3.1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') jbigkit-2.1_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') libargon2-20190702 [pfSense] libdaemon-0.14_1 [pfSense] libltdl-2.4.6 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') libmcrypt-2.5.8_3 [pfSense] libucl-0.8.1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') lzo2-2.10_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') minicron-0.0.2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') openvpn-auth-script-1.0.0.3 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') pfSense-pkg-darkstat-3.1.3_5 [pfSense] pfSense-pkg-softflowd-1.2.6_1 [pfSense] pfSense-repo-22.05_14 [pfSense] pfSense-upgrade-1.0_29 [pfSense] pftop-0.7_9 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') pkg-1.17.5_3 [pfSense] qstats-0.2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') uclcmd-0.1_3 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') voucher-0.1_2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') vstr-1.0.15_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') wol-0.7.1_4 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') xinetd-2.3.15_2 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') zip-3.0_1 [pfSense] (ABI changed: 'freebsd:11:aarch64:64' -> 'freebsd:12:aarch64:64') Number of packages to be removed: 56 Number of packages to be installed: 73 Number of packages to be upgraded: 88 Number of packages to be reinstalled: 29 The process will require 66 MiB more space. 172 MiB to be downloaded. [1/185] Fetching wpa_supplicant-2.10.pkg: .......... done [2/185] Fetching wol-0.7.1_4.pkg: .... done [3/185] Fetching webp-1.2.2.pkg: .......... done [4/185] Fetching vstr-1.0.15_1.pkg: .......... done [5/185] Fetching voucher-0.1_2.pkg: . done [6/185] Fetching unbound-1.15.0_1.pkg: .......... done [7/185] Fetching uclcmd-0.1_3.pkg: .. done [8/185] Fetching tiff-4.3.0.pkg: .......... done [9/185] Fetching strongswan-5.9.5.pkg: .......... done [10/185] Fetching sshguard-2.4.2_1,1.pkg: .......... done [11/185] Fetching ssh_tunnel_shell-0.2_1.pkg: .......... done [12/185] Fetching sqlite3-3.37.2,1.pkg: .......... done [13/185] Fetching softflowd-1.0.0_1.pkg: .... done [14/185] Fetching smartmontools-7.3.pkg: .......... done [15/185] Fetching scponly-4.8.20110526_5.pkg: ... done [16/185] Fetching rrdtool-1.7.2_4.pkg: .......... done [17/185] Fetching readline-8.1.2.pkg: .......... done [18/185] Fetching rate-0.9_2.pkg: ...... done [19/185] Fetching radvd-2.19_2.pkg: ....... done [20/185] Fetching qstats-0.2.pkg: . done [21/185] Fetching png-1.6.37_1.pkg: .......... done [22/185] Fetching pftop-0.7_9.pkg: ........ done [23/185] Fetching pfSense-u-boot-env-20220429.pkg: .. done [24/185] Fetching pfSense-u-boot-1100-20220428.pkg: .......... done [25/185] Fetching pfSense-rc-22.05.pkg: .. done [26/185] Fetching pfSense-pkg-softflowd-1.2.6_1.pkg: .. done [27/185] Fetching pfSense-pkg-ipsec-profile-wizard-1.0_6.pkg: ... done [28/185] Fetching pfSense-pkg-darkstat-3.1.3_5.pkg: .. done [29/185] Fetching pfSense-pkg-bandwidthd-0.7.4_5.pkg: .. done [30/185] Fetching pfSense-pkg-aws-wizard-0.10.pkg: .. done [31/185] Fetching pfSense-kernel-pfSense-22.05.pkg: .......... done [32/185] Fetching pfSense-default-config-serial-22.05.pkg: . done [33/185] Fetching pfSense-base-22.05.pkg: .......... done [34/185] Fetching pfSense-Status_Monitoring-1.7.11_4.pkg: ... done [35/185] Fetching pfSense-22.05.pkg: . done [36/185] Fetching perl5-5.32.1_1.pkg: .......... done [37/185] Fetching pcre-8.45.pkg: .......... done [38/185] Fetching openvpn-auth-script-1.0.0.3.pkg: . done [39/185] Fetching openvpn-2.6.0_8.pkg: .......... done [40/185] Fetching oniguruma-6.9.7.1.pkg: .......... done [41/185] Fetching ntp-4.2.8p15_5.pkg: .......... done [42/185] Fetching norm-1.5r6_1.pkg: .......... done [43/185] Fetching nginx-1.20.2_9,2.pkg: .......... done [44/185] Fetching nettle-3.7.3.pkg: .......... done [45/185] Fetching netgate-ping-auth-20212005.pkg: .. done [46/185] Fetching netgate-ca-20210105.pkg: ..... done [47/185] Fetching mpd5-5.9_7.pkg: .......... done [48/185] Fetching mobile-broadband-provider-info-20210805.pkg: ........ done [49/185] Fetching miniupnpd-2.2.1_1,1.pkg: ........ done [50/185] Fetching minicron-0.0.2.pkg: . done [51/185] Fetching lzo2-2.10_1.pkg: .......... done [52/185] Fetching luajit-openresty-2.1.20220310.pkg: .......... done [53/185] Fetching lua-resty-lrucache-0.11.pkg: . done [54/185] Fetching lua-resty-core-0.1.22.pkg: .... done [55/185] Fetching links-2.25,1.pkg: .......... done [56/185] Fetching libzmq4-4.3.4.pkg: .......... done [57/185] Fetching libxslt-1.1.34_2.pkg: .......... done [58/185] Fetching libxml2-2.9.12.pkg: .......... done [59/185] Fetching libunistring-1.0.pkg: .......... done [60/185] Fetching libucl-0.8.1.pkg: .......... done [61/185] Fetching libnghttp2-1.46.0.pkg: .......... done [62/185] Fetching libmcrypt-2.5.8_3.pkg: .......... done [63/185] Fetching liblz4-1.9.3,1.pkg: .......... done [64/185] Fetching libltdl-2.4.6.pkg: ..... done [65/185] Fetching libidn2-2.3.2.pkg: .......... done [66/185] Fetching libiconv-1.16.pkg: .......... done [67/185] Fetching libgpg-error-1.44.pkg: .......... done [68/185] Fetching libgd-2.3.3,1.pkg: .......... done [69/185] Fetching libgcrypt-1.9.4.pkg: .......... done [70/185] Fetching libffi-3.3_1.pkg: ..... done [71/185] Fetching libevent-2.1.12.pkg: .......... done [72/185] Fetching libedit-3.1.20210910,1.pkg: .......... done [73/185] Fetching libdaemon-0.14_1.pkg: .... done [74/185] Fetching libargon2-20190702.pkg: ........ done [75/185] Fetching ldns-1.8.1.pkg: .......... done [76/185] Fetching json-c-0.15_1.pkg: ........ done [77/185] Fetching jpeg-turbo-2.1.3.pkg: .......... done [78/185] Fetching jbigkit-2.1_1.pkg: ........ done [79/185] Fetching isc-dhcp44-server-4.4.2P1_1.pkg: .......... done [80/185] Fetching isc-dhcp44-relay-4.4.2P1.pkg: .......... done [81/185] Fetching isc-dhcp44-client-4.4.2P1.pkg: .......... done [82/185] Fetching ipmitool-1.8.18_3.pkg: .......... done [83/185] Fetching indexinfo-0.3.1.pkg: . done [84/185] Fetching igmpproxy-0.3,1.pkg: ... done [85/185] Fetching icu-70.1_1,1.pkg: .......... done [86/185] Fetching hostapd-2.10.pkg: .......... done [87/185] Fetching gmp-6.2.1.pkg: .......... done [88/185] Fetching glib-2.70.4_1,2.pkg: .......... done [89/185] Fetching giflib-5.2.1.pkg: ......... done [90/185] Fetching gettext-runtime-0.21.pkg: .......... done [91/185] Fetching freetype2-2.11.1.pkg: .......... done [92/185] Fetching filterlog-0.1_9.pkg: .. done [93/185] Fetching filterdns-2.0_6.pkg: ... done [94/185] Fetching expiretable-0.6_2.pkg: . done [95/185] Fetching expat-2.4.7.pkg: .......... done [96/185] Fetching dpinger-3.2.pkg: .. done [97/185] Fetching dnsmasq-2.86_3,1.pkg: .......... done [98/185] Fetching dhcpleases6-0.1_3.pkg: .. done [99/185] Fetching dhcpleases-0.5_1.pkg: .. done [100/185] Fetching dhcp6-20080615.2_4.pkg: .......... done [101/185] Fetching darkstat-3.0.721.pkg: ........ done [102/185] Fetching curl-7.83.1.pkg: .......... done [103/185] Fetching cpustats-0.1_1.pkg: . done [104/185] Fetching cpdup-1.22.pkg: .... done [105/185] Fetching choparp-20150613.pkg: . done [106/185] Fetching check_reload_status-0.0.11.pkg: .... done [107/185] Fetching ca_root_nss-3.76.pkg: .......... done [108/185] Fetching bsnmp-ucd-0.4.5.pkg: .. done [109/185] Fetching bsnmp-regex-0.6_2.pkg: ... done [110/185] Fetching bind-tools-9.16.26.pkg: .......... done [111/185] Fetching bandwidthd-2.0.1_12.pkg: .... done [112/185] Fetching arm64resetbutton-0.3.pkg: . done [113/185] Fetching dbus-1.12.20_5.pkg: .......... done 1082806272:error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-aarch64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_lib.c:283: Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/CN=repo00.atx.netgate.com 1082806272:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-aarch64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1916: Child process pid=5279 terminated abnormally: Segmentation fault Failed
-
Hmm, that's odd. Do you see that repeatedly? At the same package?
-
@stephenw10 A second attempt without a power cycle succeeded. Note that I was upgrading from something fairly old, with no support for the crypto hardware at all. (I don't very aggressively update this box. Life gets in the way.) Before power cycling I verified that the issue happened again. So, power cycle was required to fix the first time but not the second time.
-
Hmm, interesting. The crypto hardware in the 1100 has always been supported since it was released. A fix went into 21.02 that addressed the common ways this condition was triggered but it appears still possible in certain circumstances. If you were running an older version then power-cycling should have resolved it.