[oe] SSL crypto broken in Daisy?
Boszormenyi Zoltan
zboszor at pr.hu
Thu Sep 18 12:36:16 UTC 2014
Hi,
I have built systemd-gnome-image from Daisy-based Angström using instructions from
http://wp.angstrom-distribution.org/?page_id=53
The set of layers include "meta-intel" and I use the "genericx86" CPU.
The image I have has curl installed and whenever I want to use an https:// URL from
the internal LAN it fails with:
========================================
curl: (35) gnutls_handshake() failed: Handshake failed
========================================
The same happens with and without option "-k" (or "--insecure") to curl.
The webserver's cert is not actually right, as I get this when I use curl from Fedora 19,
20 or 21Alpha:
========================================
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
========================================
But using "curl -k" with the same URL from the *Fedora client* fetches the data properly.
Is this problem already known in Daisy or Daisy-based Angström?
Thanks in advance,
Zoltán Böszörményi
More information about the Openembedded-devel
mailing list