[oe] SSL crypto broken in Daisy?
Paul Eggleton
paul.eggleton at linux.intel.com
Thu Sep 18 12:41:59 UTC 2014
Hi Zoltán,
On Thursday 18 September 2014 14:36:16 Boszormenyi Zoltan wrote:
> I have built systemd-gnome-image from Daisy-based Angström using
> instructions from
>
> http://wp.angstrom-distribution.org/?page_id=53
>
> The set of layers include "meta-intel" and I use the "genericx86" CPU.
>
> The image I have has curl installed and whenever I want to use an https://
> URL from the internal LAN it fails with:
>
> ========================================
> curl: (35) gnutls_handshake() failed: Handshake failed
> ========================================
>
> The same happens with and without option "-k" (or "--insecure") to curl.
>
> The webserver's cert is not actually right, as I get this when I use curl
> from Fedora 19, 20 or 21Alpha:
>
> ========================================
> curl: (60) Peer's Certificate issuer is not recognized.
> More details here: http://curl.haxx.se/docs/sslcerts.html
>
> curl performs SSL certificate verification by default, using a "bundle"
> of Certificate Authority (CA) public keys (CA certs). If the default
> bundle file isn't adequate, you can specify an alternate file
> using the --cacert option.
> If this HTTPS server uses a certificate signed by a CA represented in
> the bundle, the certificate verification probably failed due to a
> problem with the certificate (it might be expired, or the name might
> not match the domain name in the URL).
> If you'd like to turn off curl's verification of the certificate, use
> the -k (or --insecure) option.
> ========================================
>
> But using "curl -k" with the same URL from the *Fedora client* fetches the
> data properly.
>
> Is this problem already known in Daisy or Daisy-based Angström?
Hmm, this sounds like it might be related to the following bug:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=6708
Cheers,
Paul
--
Paul Eggleton
Intel Open Source Technology Centre
More information about the Openembedded-devel
mailing list