On 2/9/24 14:47, Tom Hughes via devel wrote:
On 09/02/2024 13:34, Jarek Prokop wrote:
Since the error from the scratch build says "invalid CA certificate"
I thought to use some openssl "verification" command,
this one seems like I'm on the right path.
I have tried more permutations of the command with certificates
available in the `spec/ssl/` directory, including using `-untrusted`
with various certs, all seem to fail the same.
Any idea what's up or how to fix it?
As you say it doesn't like the CA certificate:
% openssl verify -verbose -CAfile ca-cert.pem server-cert.pem
CN=ca_mysql2gem
error 79 at 1 depth lookup: invalid CA certificate
error server-cert.pem: verification failed
That CA certificate doesn't have the CA:TRUE constraint set
which might be the problem?
Seems to have been exactly that.
When I add `-addext basicConstraints=critical,CA:TRUE,pathlen:1` to the
ca-cert.pem generation command,
the tests and the verify command then work!
Seems that magic did the trick, thanks.
Jarek
Tom
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
