Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
j
jby
09/18/2020, 7:14 AMWhat’s up?
curl <https://pkg.osquery.io/rpm/GPG>
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: <https://curl.haxx.se/docs/sslcerts.html>
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.g
Gavin
09/18/2020, 9:06 AMHey is this still an issue some of the OSquery infra was moved to the new foundation, and there was a period of interruption.
Checking the certificate chain now I can’t see any issue from the UK
Certificate issued at
Wednesday, 16 September 2020 at 16:19:43 British Summer Timej
jby
09/18/2020, 9:07 AMI’m not sure, I’m getting this on a Linux (F32) laptop, but not on my MacBookPro, so I don’t know
I also get this on that Linux host:
openssl s_client -showcerts -servername server -connect <http://pkg.osquery.io:443|pkg.osquery.io:443>
CONNECTED(00000003)
140309355648832:error:140943F2:SSL routines:ssl3_read_bytes:sslv3 alert unexpected message:ssl/record/rec_layer_s3.c:1543:SSL alert number 10
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 308 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---g
Gavin
09/18/2020, 9:19 AM😕 okay I just spun up a Fedora 32 live ISO and can’t replicate.
j
jby
09/18/2020, 9:25 AMOk, I’ll look through my setup and try some more, since it seems that it’s my setup that’s causing this.
g
Gavin
09/18/2020, 9:30 AMIt may be geo-graphic amazon had some ACM issues yesterday
So may be a bad load balancer etc.
reated by dnf config-manager from <https://pkg.osquery.io/rpm/osquery-s3-rpm.rep> 248 B/s | 313 B 00:01
Errors during downloading metadata for repository 'pkg.osquery.io_rpm_osquery-s3-rpm.rep':
- Status code: 404 for <https://pkg.osquery.io/rpm/osquery-s3-rpm.rep/repodata/repomd.xml> (IP: 99.84.10.98)
Error: Failed to download metadata for repo 'pkg.osquery.io_rpm_osquery-s3-rpm.rep': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Ignoring repositories: pkg.osquery.io_rpm_osquery-s3-rpm.rep
Last metadata expiration check: 0:01:55 ago on Fri 18 Sep 2020 10:37:15 AM BST.
Package osquery-4.4.0-1.x86_64 is already installed.
Dependencies resolved.t
theopolis
09/18/2020, 1:58 PMQuestion about
<https://pkg.osquery.io/rpm/osquery-s3-rpm.rep>.repo@jby, your
opensslopenssl s_client -showcerts -servername <http://pkg.osquery.io|pkg.osquery.io> -connect <http://pkg.osquery.io:443|pkg.osquery.io:443>