Opened 10 years ago
Closed 5 years ago
#41425 closed defect (worksforme)
tcpflow @1.4.2: SSL certificate problem, verify that the CA cert is OK
| Reported by: | dershow | Owned by: | macports-tickets@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 2.2.1 |
| Keywords: | Cc: | ryandesign (Ryan Carsten Schmidt) | |
| Port: | tcpflow |
Description
I have tcpflow 1.3.0 installed, and I did an upgrade, but it fails due to failed Git clone. Error is below:
---> Computing dependencies for tcpflow
---> Fetching distfiles for tcpflow
Warning: Your DNS servers incorrectly claim to know the address of nonexistent hosts. This may cause checksum mismatches for some ports.
Error: org.macports.fetch for port tcpflow returned: Git clone failed
Please see the log file for port tcpflow for details:
/opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_release_tarballs_ports_net_tcpflow/tcpflow/main.log
Error: Unable to upgrade port: 1
To report a bug, follow the instructions in the guide:
http://guide.macports.org/#project.tickets
Log is attached
Attachments (1)
Change History (11)
Changed 10 years ago by dershow
comment:1 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)
| Cc: | ryandesign@… added |
|---|---|
| Summary: | tcpflow upgrade to 1.4.2 fails → tcpflow @1.4.2: SSL certificate problem, verify that the CA cert is OK |
The log says:
:info:fetch fatal: unable to access 'https://github.com/simsong/tcpflow.git/': SSL certificate problem, verify that the CA cert is OK. Details: :info:fetch error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed :info:fetch Command failed: /usr/bin/git clone -q https://github.com/simsong/tcpflow.git /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_tarballs_ports_net_tcpflow/tcpflow/work/tcpflow-1.4.2 2>&1
Not sure why your git is having a problem with this certificate. All four buildbots built it fine, as did my system. Try installing the git-core port to get a newer (or at least different) build of git. If anybody else is seeing this problem, please let me know.
comment:2 Changed 10 years ago by dershow
I had the default git. So I installed git-core (which also installed p5.12-error,p5.12-term-readkey and rsync) and then I cleaned tcpflow and again tried an upgrade. And I get the same error as before.
comment:3 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)
What if you visit https://github.com/ in your web browser? Do you get any certificate errors then?
comment:4 Changed 10 years ago by dershow
I just tried and I get:
Safari can't verify the identity of the website "github.com" The certificate for this website is invalid. You might be connecting to a website that is pretending to be "github.com" which could put your confidential information at risk. Would you like to connect to the website anyway?
If I show certificate it says, in part, "This certificate was signed by an untrusted issuer. " On the other hand, if I go to that page in Firefox, I don't get an error. And for page info->security it says verified by DigiCert inc.
So, what does git use for verification? And how can I verify the certificate and then have it trusted by git?
comment:5 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)
I don't know the answers to your questions. You'll have to ask the github people why their certificate is not working on your computer. Before you do, you might read this page which I found in a quick search, which has some instructions for clearing your computer's ssl certificate cache which might fix the problem.
comment:6 Changed 10 years ago by dershow
Strange. So, it seems that it is a problem has come up with other people, as indicated by the link above. It seems to affect the SSL certificate used by macports, for git, and Safari, but not Firefox. And, I tried the fix suggested in link above, to dump the two cache files, and rebooting (non of my certificates had to be changed as in the link) and it didn't change anything. The above makes it sound like it really is not a Macports, or tcpflow port problem directly, but seems like it is going to be a strange one to track down, so any suggestions would be greatly appreciated.
comment:7 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)
Since github's certificate is issued by digicert, and as mentioned in the page linked to above, try digicert's own web site; if you see the certificate error there too, then you can contact digicert about it; they might be more likely to know what to do than the github people.
comment:8 Changed 10 years ago by dershow
Yes, I have the same issue if I go to https://digicert.com with Safari, but not with Firefox. I will try to get in touch with digicert.
comment:9 Changed 10 years ago by dershow
I got in touch with DigiCert, and they were very helpful about getting it solved. In Keychain Access->System Roots Category: Certificates
DigiCert High Assurance EV Root CA->Trust->SSL change from: no value specified to: Always Trust GTE CyberTrust Global Root->Trust->SSL change from: no value specified to: Always Trust
comment:10 Changed 5 years ago by mf2k (Frank Schima)
| Resolution: | → worksforme |
|---|---|
| Status: | new → closed |
I don't see that anything else needs to happen here.
tcpflow error log