Project

General

Profile

Actions

Bug #14058

closed

Update vendor=on triggers installation failure

Added by Jan-Peter Koopmann over 1 year ago. Updated 11 months ago.

Status:
Resolved
Priority:
Normal
Category:
arpwatch
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
23.01
Affected Architecture:
All

Description

the custom_php_install command fails during pkg upgrade/install if the "Update Vendor" config option is on.

[1/1] Reinstalling pfSense-pkg-arpwatch-0.2.1...
[1/1] Extracting pfSense-pkg-arpwatch-0.2.1: 100%
Removing arpwatch components...
Menu items... done.
Services... done.
Loading package instructions...
Deinstall commands... done.
Saving updated package information...
overwrite!
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...Certificate verification failed for /OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
48828573794304:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
fetch: http://standards-oui.ieee.org/oui/oui.csv: Authentication error
done.
Executing custom_php_resync_config_command()...Certificate verification failed for /OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
20113771081728:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
fetch: http://standards-oui.ieee.org/oui/oui.csv: Authentication error
done.
Menu items... done.
Services... done.
Writing configuration... done.

Error is related to arpwatch.inc.

if ($update_vendors) {
        arpwatch_update_vendors($enable_zeropad);
    }

and then

function arpwatch_update_vendors($args) {
    exec('/usr/bin/fetch -qo - '.ARPWATCH_ETHERCODES_URL.'|'
        .ARPWATCH_LOCAL_DIR.'/massagevendor '.$args.' >'
        .ARPWATCH_LOCAL_DIR.'/ethercodes.dat');
}

The manual fetch of the URL (http://standards-oui.ieee.org/oui/oui.csv) works. It is a redirect to https. But the fetch from within the pkg command does not seem to be able to access /usr/local/etc/ssl/cert.pem and hence cannot establish the TLS connection.

Actions

Also available in: Atom PDF