>Number: 189882 >Category: bin >Synopsis: fetch -no-verify-peer no longer disables SSL verification >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat May 17 11:00:04 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Kurt Jaeger >Release: FreeBSD 10.0-RELEASE-p3 amd64 >Organization: - >Environment: System: FreeBSD f10.opsec.eu 10.0-RELEASE-p3 FreeBSD 10.0-RELEASE-p3 #0: Tue May 13 18:31:10 UTC 2014 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 >Description: fetch -no-verify-peer allows to fetch from https even if the remote site can not be verified. It no longer works. --------- f10# fetch -v -no-verify-peer https://gist.githubusercontent.com/anonymous/eb379038510a6f15c0cb/raw/cc836df6365e975fd19b49f9eedee5f1ebfa4e46/mnemosyne-2.3.diff looking up gist.githubusercontent.com connecting to gist.githubusercontent.com:443 SSL options: 81004bff Peer verification enabled Using CA cert file: /etc/ssl/cert.pem Certificate verification failed for /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA 34380826280:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1168: fetch: https://gist.githubusercontent.com/anonymous/eb379038510a6f15c0cb/raw/cc836df6365e975fd19b49f9eedee5f1ebfa4e46/mnemosyne-2.3.diff: Authentication error --------- The cause seems to be that the system-ssl-lib no longer supports disabling the verification via setenv("SSL_NO_VERIFY_PEER", "", 1); which it did in the past ? (/usr/src/usr.bin/fetch/fetch.c, line 1034) >How-To-Repeat: see above >Fix: TODO: Find a fix. >Release-Note: >Audit-Trail: >Unformatted: _______________________________________________ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@freebsd.org"