No CRL was provided for ...

Started by Mbl, October 31, 2024, 02:15:52 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 31, 2024, 02:15:52 PM
Can anybody from Zenarmor confirm this issue?

Quote from: Mbl on October 31, 2024, 11:48:02 AM
I'm still having the same problem with 24.10_7:
Code Select
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 24.10_7 at Thu Oct 31 11:42:39 CET 2024
Fetching subscription information, please wait... done
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 856 packages processed.
Updating SunnyValley repository catalogue...
No CRL was provided for /CN=zenarmor.com
No CRL was provided for /C=US/O=Google Trust Services/CN=WE1
No CRL was provided for /C=US/O=Google Trust Services LLC/CN=GTS Root R4
No CRL was provided for /CN=zenarmor.com
No CRL was provided for /C=US/O=Google Trust Services/CN=WE1
No CRL was provided for /C=US/O=Google Trust Services LLC/CN=GTS Root R4
Fetching meta.conf: . done
No CRL was provided for /CN=zenarmor.com
No CRL was provided for /C=US/O=Google Trust Services/CN=WE1
No CRL was provided for /C=US/O=Google Trust Services LLC/CN=GTS Root R4
No CRL was provided for /CN=zenarmor.com
No CRL was provided for /C=US/O=Google Trust Services/CN=WE1
No CRL was provided for /C=US/O=Google Trust Services LLC/CN=GTS Root R4
Fetching packagesite.pkg: ... done
Processing entries: ....... done
SunnyValley repository update completed. 66 packages processed.
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking for upgrades (13 candidates): .......... done
Processing candidates (13 candidates): .. done
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***

I have deleted all /tmp/libfetch_crl.* files and retried but still get the same error. Current file libfetch_crl.24103111 has valid crl information as it looks like:
Code Select
# [i] fetch certificate for https://opnsense-update.deciso.com
# [i] fetch CRL from http://cdp.rapidssl.com/RapidSSLTLSECCCAG1.crl
# [i] fetch CRL from http://crl3.digicert.com/DigiCertGlobalRootG3.crl

Is the mentioned hotfix already included in 24.10_7 or will it be available in a later version?

https://forum.opnsense.org/index.php?topic=43474.msg217949#msg217949
October 31, 2024, 06:29:13 PM #1
Confirm what exactly? You fail to understand the issue nor ask the right question.

TL;DR:

1. Opportunistic CRL verification is enabled for the firmware updates in 24.10.
2. Third party repos are not yet supported.
3. Warnings for third party repos on HTTPS are therefore normal and benign.


Cheers,
Franco
Print
Go Up Pages1
User actions