[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: armhf: buster: TLS / HTTPS partly broken

	Hi.

On Mon, May 04, 2020 at 09:27:14AM +0200, Mark Jonas wrote:
> >> >> curl: (60) SSL certificate problem: unable to get local issuer certificate
> >> >>
> >> >> Does that mean a TLS library does not feature all required protocols on armhf?
> >> >
> >> > TLS library that curl uses (openssl) is perfectly fine, but it cannot
> >> > validate any certificate unless you provide it with root CA
> >> > certificates.
> >> > So it likely means you haven't installed "ca-certificates" package.
> >>
> >> This is what it looks like. But actually I installed ca-certificates.
> >
> > Ok. Can you run tcpdump while you're running curl?
> > Specifically,
> >
> > tcpdump -s0 -pnni any -w /tmp/curl.pcap tcp port 443
> 
> I tried to dump from within the running container but failed.

It's way too complicated. Docker is basically a one big NAT, so please
run tcpdump on a host instead.

But this hiccup gave me an idea - maybe libssl on armhf is perfectly
fine, but it's qemu which fails to emulate certain CPU instruction.

Reco
Reply to: