Comment 3 for bug 1381359

Haw Loeung (hloeung) wrote :

Seems I tried to be clever in providing a bundle without the original CA certificate (we're using almost everywhere else). Unfortunately, pollinate is calling curl with --capath /dev/null so we need to include this.

I've created MP:239160 to fix this.

Tested as follows:

$ curl -A 'pollinate/4.8-0ubuntu1 curl/7.37.1-1ubuntu3 Ubuntu/14.10 GNU/Linux/3.16.0-23-generic/x86_64' -o- -v --trace-time --connect-timeout 3 --max-time 3 --cacert missing-ca-certificate/entropy.ubuntu.com.pem --capath /dev/null https://entropy.ubuntu.com/
| 09:16:55.592055 * Hostname was NOT found in DNS cache
| 09:16:55.596308 * Trying 91.189.94.50...
| 09:16:55.925350 * Connected to entropy.ubuntu.com (91.189.94.50) port 443 (#0)
| 09:16:55.925950 * successfully set certificate verify locations:
| 09:16:55.926012 * CAfile: missing-ca-certificate/entropy.ubuntu.com.pem
| CApath: /dev/null
| 09:16:55.926126 * SSLv3, TLS handshake, Client hello (1):
| 09:16:56.261897 * SSLv3, TLS handshake, Server hello (2):
| 09:16:56.273468 * SSLv3, TLS handshake, CERT (11):
| 09:16:56.274152 * SSLv3, TLS handshake, Server key exchange (12):
| 09:16:56.274321 * SSLv3, TLS handshake, Server finished (14):
| 09:16:56.284401 * SSLv3, TLS handshake, Client key exchange (16):
| 09:16:56.284483 * SSLv3, TLS change cipher, Client hello (1):
| 09:16:56.284605 * SSLv3, TLS handshake, Finished (20):
| 09:16:56.628377 * SSLv3, TLS change cipher, Client hello (1):
| 09:16:56.628494 * SSLv3, TLS handshake, Finished (20):
| 09:16:56.628555 * SSL connection using TLSv1.2 / DHE-RSA-AES128-GCM-SHA256
| 09:16:56.628606 * Server certificate:
| 09:16:56.628656 * subject: OU=Domain Control Validated; CN=entropy.ubuntu.com
| 09:16:56.628702 * start date: 2014-10-14 23:21:25 GMT
| 09:16:56.628748 * expire date: 2015-10-15 16:10:53 GMT
| 09:16:56.628807 * subjectAltName: entropy.ubuntu.com matched
| 09:16:56.628863 * issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
| 09:16:56.628909 * SSL certificate verify ok.
| 09:16:56.628981 > GET / HTTP/1.1
| 09:16:56.628981 > User-Agent: pollinate/4.8-0ubuntu1 curl/7.37.1-1ubuntu3 Ubuntu/14.10 GNU/Linux/3.16.0-23-generic/x86_64
| 09:16:56.628981 > Host: entropy.ubuntu.com
| 09:16:56.628981 > Accept: */*
| 09:16:56.628981 >
| 09:16:56.968210 * HTTP 1.0, assume close after body
| 09:16:56.968290 < HTTP/1.0 400 Bad Request
| 09:16:56.968334 < Content-Type: text/plain; charset=utf-8
| 09:16:56.968375 < Content-Length: 162
| 09:16:56.968417 < Date: Tue, 21 Oct 2014 22:16:57 GMT
| 09:16:56.968459 < X-Cache: MISS from localhost
| 09:16:56.968501 < X-Cache-Lookup: MISS from localhost:3128
| 09:16:56.968544 < Via: 1.0 localhost (squid/3.1.19)
| 09:16:56.968587 * HTTP/1.0 connection set to keep alive!
| 09:16:56.968628 < Connection: keep-alive
| 09:16:56.968670 < Please use the pollinate client. 'sudo apt-get install pollinate' or download from: https://bazaar.launchpad.net/~pollinate/pollinate/trunk/view/head:/pollinate
| 09:16:56.968739 * Connection #0 to host entropy.ubuntu.com left intact

Once again, I am really sorry.