Created
April 13, 2022 05:53
-
-
Save lundman/7bb0c6fd577c305d9ea3415a14d06dd2 to your computer and use it in GitHub Desktop.
Working around expired certificate with OmniOS pkg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
For output like: | |
Framework error: code: 60 reason: SSL certificate problem: certificate has expir | |
ed | |
URL: 'http://pkg.omniti.com/omnios/r151022' | |
Whilst trying to update 151016 OmniOS TI to CE, and unable to find certificates both still valid, and not too-new. | |
/usr/lib/python2.6/vendor-packages/pkg/client/transport# dtff -rub engine.py orig-engine.py | |
--- engine.py Wed Apr 13 12:02:48 2022 | |
+++ orig-engine.py Wed Apr 13 13:17:51 2022 | |
@@ -978,8 +977,8 @@ | |
# Options that apply when SSL is enabled | |
if proto == "https": | |
# Verify that peer's CN matches CN on certificate | |
- hdl.setopt(pycurl.SSL_VERIFYHOST, 2) | |
- hdl.setopt(pycurl.SSL_VERIFYPEER, 1) | |
+ hdl.setopt(pycurl.SSL_VERIFYHOST, 0) | |
+ hdl.setopt(pycurl.SSL_VERIFYPEER, 0) | |
cadir = self.__xport.get_ca_dir() | |
hdl.setopt(pycurl.CAPATH, cadir) | |
if "ssl_ca_file" in DebugValues: | |
Definitely not recommended, though. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://gist.github.com/citrus-it/5299e87d921898d48058916039850ac1
https://gist.github.com/citrus-it/7ef7415d12bf4acad9da8330764fb261
rm -f /a/etc/ssl/certs/2e5ac55d.0 -- that gets past the letsencrypt problem