On 02/11/2019 10:35 PM, Ken Moffat via blfs-dev wrote:
On Mon, Feb 11, 2019 at 07:26:11PM -0600, Bruce Dubbs via blfs-dev wrote:
I've been building a new version of LFS/BLFS for my workstation. Everything
has been going pretty well and I've built xfce, kf5 (for some kde apps that
I like), and Firefox-65. Most things work fine, but I am having problems
with Firefox. It will not connect with any https site, I get messages that
say the cert signer is not valid.
That sounds vaguely like my problems some months ago, when a change
in openssl broke the way we were doing something. But nothing there
should have changed recently.
The build of FF had most of the dependencies. I did omit doxygen, openjdk,
valgrind, and wireless tools when building FF, but they should not have
anything to do with certs.
I did not install PAM, but I don't see a connection there either.
None of those should affect certs.
I have installed and run make-ca-1.2 and that seems OK.
I have not, in general, updated my existing systems from
make-ca-0.X. There is a compatability symlink on the page, for my
old systems that totally fails - but I maybe have more fixes than
were typically in the book (re perl modules) and anyway you should
not need that on a new install.
Does anyone (especially Ken or DJ) have any ideas?
My impression is that (ignoring jdk) the certs should either work
or fail, i.e. if they work with wget and https:// then all should be
well. Your follow-up mentions wget with http:// [sic].
Google has a number of different matches for 'linux debug ca-cert
errors' but you will need another system to get there via https.
Did you install p11-kit and (re-) make the libnssckbi.so symlink ?
I did install p11-kit but it looks like the symlink is wring!
I'll fix it and test and report the results back.
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
