DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Installation and Upgrading

OpenBSD Installation and Upgrading Installing and upgrading OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 12th November 2013
shep shep is offline
ISO Quartermaster
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 595
Thanked 9 Times in 9 Posts
Default [Solved]M:Tier ssl certificate

I am looking at the updated M:Tier packages ImageMagick and icu4. I have patched both ssl and the kernel with the most recent patches for 5.4stable.

I was going to try to manually update ImageMagick and icu4 from a local directory.
Code:
# pkg_add -u ImageMagick
system(/usr/sbin/openssl, smime, -verify, -binary, -inform, DEM, -in, /tmp/pkgsig.OTHRZCIbb, -content, /tmp/pkgcontent.XZHz7Fv5I, -CAfile, /etc/ssl/pkgca.pem, -out, /dev/null) failed: exit(2)
--- +ImageMagick-6.7.7.7p3 -------------------
Bad signature
Error loading file /etc/ssl/pkgca.pem
8908934914960:error:02001002:system library:fopen:No such file or directory:/usr/src/lib/libssl/crypto/../src/crypto/bio/bss_file.c:169:fopen('/etc/ssl/pkgca.pem','r')
8908934914960:error:2006D080:BIO routines:BIO_new_file:no such file:/usr/src/lib/libssl/crypto/../src/crypto/bio/bss_file.c:172:
8908934914960:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:/usr/src/lib/libssl/crypto/../src/crypto/x509/by_file.c:274:
Couldn't find updates for jbigkit-2.0, libwmf-0.2.8.4p0, lcms2-2.4p0, xz-5.0.5, bzip2-1.0.6p0, netpbm-10.35.88p0, tiff-4.0.3p2, libltdl-2.4.2, libxml-2.9.0p0, djvulibre-3.5.25.3p0, jasper-1.900.1p2, ghostscript-9.06p2, fftw3-3.2.2p2, libiconv-1.14p0, png-1.6.2p0, transfig-3.2.5ap0
Fatal error: ImageMagick-6.7.7.7p2->6.7.7.7p3 is corrupted
 at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 672.
So I need to install M:Tier's certificate
Quote:
1) Install the M:Tier certificate

Retrieve the certificate and install it into:

/etc/ssl/pkgca.pem
I 've looked in the FAQ and ssl(8) but am confused by both the signing authority and format of the mtier.cert.

Can someone point me to a reference?

Thanks in advance

Last edited by shep; 12th November 2013 at 05:03 PM.
Reply With Quote
  #2   (View Single Post)  
Old 12th November 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,719
Thanked 214 Times in 189 Posts
Default

Disclaimer: I don't use M:Tier's services, and never have, and I have never used signed packages. I have, however, used openssl(8) and it is a maze of twisty little passages all alike, with a nightmare of similarly worded options and operands.

The error messages you posted here are due to your not having already saved the certificate as /etc/ssl/pkgca.pem. The .pem format is just a text file. If you want it to hold multiple certificates, you append them with cat(1) or with $EDITOR. So use cat(1) or mv(1) and see if that works for you. e.g.: to place two certificates into a pem file, use: $ cat a.crt b.crt > combined.pem
Reply With Quote
  #3   (View Single Post)  
Old 12th November 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,719
Thanked 214 Times in 189 Posts
Default

Here's a reference.
Reply With Quote
  #4   (View Single Post)  
Old 12th November 2013
shep shep is offline
ISO Quartermaster
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 595
Thanked 9 Times in 9 Posts
Default

@jggimi

Thanks
# cat mtier.cert > /etc/ssl/pkgca.pem allowed the installation of the mtier packages.

There is mention in your reference that sometimes a *cert can be a *.pem and that appears to be the case here. No user generated keys were needed in this instance.

If this causes any problems I'll report back.

Last edited by shep; 12th November 2013 at 05:07 PM.
Reply With Quote
  #5   (View Single Post)  
Old 12th November 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,719
Thanked 214 Times in 189 Posts
Default

Then you can Google just like I did, and pick a different reference.
Reply With Quote
  #6   (View Single Post)  
Old 12th November 2013
shep shep is offline
ISO Quartermaster
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 595
Thanked 9 Times in 9 Posts
Default

I should have been clearer. I will report back on problems concerning M:tier patched packages as to breakage of native packages.

I have tried gimp and geeqie, both of which have ImageMagick as a dependency, and they appear to work fine.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Would you knowingly trust an irrevocable SSL certificate? J65nko News 0 24th May 2013 06:56 PM
Security Banking trojan with a DIGITAL CERTIFICATE J65nko News 0 6th February 2013 11:48 AM
Current Packages in 2nd Tier US mirrors shep OpenBSD Installation and Upgrading 0 4th April 2012 02:00 PM
Trustwave issued a man-in-the-middle certificate J65nko News 2 21st February 2012 10:41 PM
Further evidence of Certificate Authority break-ins J65nko News 0 27th October 2011 08:18 PM


All times are GMT. The time now is 07:47 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick