Skip to content

Instantly share code, notes, and snippets.

@lundman
Created April 13, 2022 05:53
Show Gist options
  • Save lundman/7bb0c6fd577c305d9ea3415a14d06dd2 to your computer and use it in GitHub Desktop.
Save lundman/7bb0c6fd577c305d9ea3415a14d06dd2 to your computer and use it in GitHub Desktop.
Working around expired certificate with OmniOS pkg
For output like:
Framework error: code: 60 reason: SSL certificate problem: certificate has expir
ed
URL: 'http://pkg.omniti.com/omnios/r151022'
Whilst trying to update 151016 OmniOS TI to CE, and unable to find certificates both still valid, and not too-new.
/usr/lib/python2.6/vendor-packages/pkg/client/transport# dtff -rub engine.py orig-engine.py
--- engine.py Wed Apr 13 12:02:48 2022
+++ orig-engine.py Wed Apr 13 13:17:51 2022
@@ -978,8 +977,8 @@
# Options that apply when SSL is enabled
if proto == "https":
# Verify that peer's CN matches CN on certificate
- hdl.setopt(pycurl.SSL_VERIFYHOST, 2)
- hdl.setopt(pycurl.SSL_VERIFYPEER, 1)
+ hdl.setopt(pycurl.SSL_VERIFYHOST, 0)
+ hdl.setopt(pycurl.SSL_VERIFYPEER, 0)
cadir = self.__xport.get_ca_dir()
hdl.setopt(pycurl.CAPATH, cadir)
if "ssl_ca_file" in DebugValues:
Definitely not recommended, though.
@lundman
Copy link
Author

lundman commented Apr 13, 2022

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment