Title
#general
j

jby

09/18/2020, 7:14 AM
What’s up?
curl <https://pkg.osquery.io/rpm/GPG>
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: <https://curl.haxx.se/docs/sslcerts.html>

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Gavin

Gavin

09/18/2020, 9:06 AM
Hey is this still an issue some of the OSquery infra was moved to the new foundation, and there was a period of interruption. Checking the certificate chain now I can’t see any issue from the UK
9:07 AM
Certificate issued at
Wednesday, 16 September 2020 at 16:19:43 British Summer Time
j

jby

09/18/2020, 9:07 AM
I’m not sure, I’m getting this on a Linux (F32) laptop, but not on my MacBookPro, so I don’t know
9:08 AM
I also get this on that Linux host:
openssl s_client -showcerts -servername server -connect <http://pkg.osquery.io:443|pkg.osquery.io:443>
CONNECTED(00000003)
140309355648832:error:140943F2:SSL routines:ssl3_read_bytes:sslv3 alert unexpected message:ssl/record/rec_layer_s3.c:1543:SSL alert number 10
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 308 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Gavin

Gavin

09/18/2020, 9:19 AM
😕 okay I just spun up a Fedora 32 live ISO and can’t replicate.
j

jby

09/18/2020, 9:25 AM
Ok, I’ll look through my setup and try some more, since it seems that it’s my setup that’s causing this.
Gavin

Gavin

09/18/2020, 9:30 AM
It may be geo-graphic amazon had some ACM issues yesterday
9:30 AM
So may be a bad load balancer etc.
9:39 AM
reated by dnf config-manager from <https://pkg.osquery.io/rpm/osquery-s3-rpm.rep>                                              248  B/s | 313  B     00:01    
Errors during downloading metadata for repository 'pkg.osquery.io_rpm_osquery-s3-rpm.rep':
  - Status code: 404 for <https://pkg.osquery.io/rpm/osquery-s3-rpm.rep/repodata/repomd.xml> (IP: 99.84.10.98)
Error: Failed to download metadata for repo 'pkg.osquery.io_rpm_osquery-s3-rpm.rep': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Ignoring repositories: pkg.osquery.io_rpm_osquery-s3-rpm.rep
Last metadata expiration check: 0:01:55 ago on Fri 18 Sep 2020 10:37:15 AM BST.
Package osquery-4.4.0-1.x86_64 is already installed.
Dependencies resolved.
theopolis

theopolis

09/18/2020, 1:58 PM
Question about
<https://pkg.osquery.io/rpm/osquery-s3-rpm.rep>
that is invalid, there should be a "o" at the end.
1:59 PM
.repo
2:04 PM
@jby, your
openssl
command is incorrect, please use:
openssl s_client -showcerts -servername <http://pkg.osquery.io|pkg.osquery.io> -connect <http://pkg.osquery.io:443|pkg.osquery.io:443>