Invalid signature after upgrade from 10.2 to 10.3

I have a similar problem as in this thread:
https://forums.freebsd.org/threads/52013/
after doing an upgrade from 10.2 to 10.3. I added my question to that thread, but I think that there is a "sovled" flag by it means no one is reading my addition. While the thread I referenced has a solution, it is specific rather than universal. That is, I don't know where to find similar files to the thread.

Here is the error message. Also all the information requested in the other thread is presented here specific to my installation.

Code:
# freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 10.3-RELEASE from update3.freebsd.org... invalid signature.
Fetching metadata signature for 10.3-RELEASE from update6.freebsd.org... invalid signature.
Fetching metadata signature for 10.3-RELEASE from update5.freebsd.org... invalid signature.
Fetching metadata signature for 10.3-RELEASE from update4.freebsd.org... invalid signature.
No mirrors remaining, giving up.

Code:
# uname -a
FreeBSD theranch 10.3-RELEASE-p7 FreeBSD 10.3-RELEASE-p7 #0: Thu Aug 11 18:38:15 UTC 2016     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

Code:
# portsnap fetch
Looking up portsnap.FreeBSD.org mirrors... 7 mirrors found.
Fetching snapshot tag from your-org.portsnap.freebsd.org... invalid snapshot tag.
Fetching snapshot tag from sourcefire.portsnap.freebsd.org... invalid snapshot tag.
Fetching snapshot tag from ec2-eu-west-1.portsnap.freebsd.org... invalid snapshot tag.
Fetching snapshot tag from ec2-ap-northeast-1.portsnap.freebsd.org... invalid snapshot tag.
Fetching snapshot tag from ec2-ap-southeast-2.portsnap.freebsd.org... invalid snapshot tag.
Fetching snapshot tag from ec2-sa-east-1.portsnap.freebsd.org... invalid snapshot tag.
Fetching snapshot tag from isc.portsnap.freebsd.org... failed.
No mirrors remaining, giving up.

Code:
# /usr/bin/openssl version
34379283160:error:0E079065:configuration file routines:DEF_LOAD_BIO:missing equal sign:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_def.c:345:line 1

Code:
# file /usr/bin/openssl
/usr/bin/openssl: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 10.3, stripped

Code:
# ldd /usr/bin/openssl
/usr/bin/openssl:
        libssl.so.7 => /usr/lib/libssl.so.7 (0x800897000)
        libcrypto.so.7 => /lib/libcrypto.so.7 (0x800b03000)
        libc.so.7 => /lib/libc.so.7 (0x800ef9000)

I also have openssl installed for my email:
Code:
# ls -l openssl
-rwxr-xr-x  1 root  wheel  627462 Sep 12 07:39 openssl
# pwd
/usr/local/bin

# file /usr/local/bin/openssl
/usr/local/bin/openssl: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 10.2, not stripped

# ldd /usr/local/bin/openssl
/usr/local/bin/openssl:
        libssl.so.8 => /usr/local/lib/libssl.so.8 (0x8008a1000)
        libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x800b0b000)
        libthr.so.3 => /lib/libthr.so.3 (0x800f18000)
        libc.so.7 => /lib/libc.so.7 (0x80113d000)

Whatever solution is proposed, I really don't want my email broken. When I did the upgrade from 10.2 to 10.3, libressl somehow got installed and it broke everything, causing about two hours of debugging and repairs.
 
Looking at the first error (missing equal sign) it might be caused by an error in /etc/ssl/openssl.cnf. Did you check that file for obvious errors? Also try (re)installing security/ca_root_nss and removing the contents of /var/db/freebsd-update/.
 
Looking at the first error (missing equal sign) it might be caused by an error in /etc/ssl/openssl.cnf. Did you check that file for obvious errors? Also try (re)installing security/ca_root_nss and removing the contents of /var/db/freebsd-update/.

Here is the result from the ca_root_nss make:
Code:
You have security/openssl installed but do not have DEFAULT_VERSIONS+=ssl=openssl set in your make.conf

===>  License MPL accepted by the user
===>  Found saved configuration for ca_root_nss-3.26
===>   ca_root_nss-3.26 depends on file: /usr/local/sbin/pkg - found
=> nss-3.26.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch http://download.cdn.mozilla.net/pub/security/nss/releases/NSS_3_26_RTM/src/nss-3.26.tar.gz
nss-3.26.tar.gz                               100% of 7213 kB   18 MBps 00m00s
===> Fetching all distfiles required by ca_root_nss-3.26 for building
===>  Extracting for ca_root_nss-3.26
=> SHA256 Checksum OK for nss-3.26.tar.gz.
===>  Patching for ca_root_nss-3.26
===>   ca_root_nss-3.26 depends on package: perl5>=5.20<5.21 - found
===>  Configuring for ca_root_nss-3.26
===>  Building for ca_root_nss-3.26
##  Untrusted certificates omitted from this bundle: 20
34379283160:error:0E079065:configuration file routines:DEF_LOAD_BIO:missing equal sign:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_def.c:345:line 1
openssl x509 failed with exit code 256 at /usr/ports/security/ca_root_nss/work/MAca-bundle.pl line 78.
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/security/ca_root_nss
*** Error code 1

I wiped out the /var/db/freesb-update directory. (I zipped it to be safe). No difference. The openssl.conf looks ok. Now note I have two installations of openssl. The person who helped me set up my email came up with this. This directory listing with symbolic links may be useful:

Code:
# pwd
/usr/local/openssl
# ls -l
total 1968
-rw-r--r--  1 root  wheel  941124 Aug  9 01:50 cert.pem
lrwxr-xr-x  1 root  wheel      38 Aug  9 01:50 cert.pem.sample -> /usr/local/share/certs/ca-root-nss.crt
drwxr-xr-x  2 root  wheel     512 Sep 12 07:39 certs
drwxr-xr-x  2 root  wheel     512 Sep 12 20:24 misc
lrwxr-xr-x  1 root  wheel      20 Jul  6  2015 openssl.cnf -> /etc/ssl/openssl.cnf
-rw-r--r--  1 root  wheel   10835 Sep 12 07:39 openssl.cnf.sample
drwxr-xr-x  2 root  wheel     512 Sep 12 07:39 private

The /etc directory has no symbolic links relative to openssl.


Code:
# which openssl
/usr/bin/openssl

# cd /usr/local
# ls
bin                             libdata                         openssl
bootstrap-openjdk               libexec                         pgsql
bsd-cloudinit                   llvm36                          sbin
etc                             llvm37                          share
go                              man                             src
include                         my.cnf                          var
info                            openjdk7                        www
lib                             openjdk8                        x86_64-portbld-freebsd10.1
 
Geez I'm a repeat idiot. The same problem I had with the merge markers the last time (see older forum link).

What exactly should I be doing with these merge markers? Commenting them out made the problem go away. Which lines are needed. For instance, the #$FreeBSD line is a comment, but maybe the merge reads it. I'd like to figure this out once and for all and not be a repeater offender!

https://forums.freebsd.org/threads/54234/
Code:
# vi openssl.cnf
#<<<<<<< current version
#<<<<<<< current version
#=======
=======
# $FreeBSD: releng/10.3/crypto/openssl/apps/openssl.cnf 238405 2012-07-12 19:30:53Z jkim $
#>>>>>>> 10.3-RELEASE
#
I didn't exactly follow the instructions here, reading them. Yeah, I know, not your post, but it might be useful for people doing google searches.
https://www.digitalocean.com/community/tutorials/how-to-upgrade-freebsd-from-version-10-2-to-10-3
 
Back
Top