Hello,
It seems bundle of CA is "broken" inside 3.27* version.
After upgrade:
With file from 3.26:
It seems bundle of CA is "broken" inside 3.27* version.
After upgrade:
Code:
# fetch -o /dev/null https://yahoo.com
Certificate verification failed for /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
91353:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:980:
fetch: https://yahoo.com: Authentication error
# fetch -o /dev/null https://google.com
Certificate verification failed for /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
91357:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:980:
fetch: https://google.com: Authentication error
Code:
# fetch -o /dev/null --ca-cert=/etc/ssl/cert_3.2.6.pem https://yahoo.com
fetch: https://yahoo.com: size of remote file is not known
/dev/null 443 kB 1635 kBps 00m01s
# fetch -o /dev/null --ca-cert=/etc/ssl/cert_3.2.6.pem https://google.com
fetch: https://google.com: size of remote file is not known
/dev/null 10 kB 36 MBps 00m00s