I believe that building a trust store may be exactly what is needed. Freshclam in 0.102 relies on openssl to validate certificates. On Mac & Windows, it will import the native system certificate stores, but on all other operating systems it relies on openssl's certificate store. If your machine doesn't have one set up, you'll have to build one.
As mentioned earlier, there is no automatic http fallback, but you can manually change the DatabaseMirror option in freshclam.conf from "database.clamav.net" to "http://database.clamav.net"; if you wish. Regards, Micah On 12/2/19, 9:26 AM, "clamav-users on behalf of Packard, Scott E [US] (AS)" <clamav-users-boun...@lists.clamav.net on behalf of scott.pack...@ngc.com> wrote: > but if someone can tell me how to make openssl 1.1.1 pick up the root certificates This is just a guess: https://www.feistyduck.com/library/openssl-cookbook/online/ch-openssl.html " The private/ folder is empty, but that's normal; you do not yet have any private keys. On the other hand, you'll probably be surprised to learn that the certs/ folder is empty too. OpenSSL does not include any root certificates; maintaining a trust store is considered outside the scope of the project. Luckily, your operating system probably already comes with a trust store that you can use. You can also build your own with little effort, as you'll see in the next section." Then it goes on to a section "Building a Trust Store". Regards, Scott -----Original Message----- From: clamav-users <clamav-users-boun...@lists.clamav.net> On Behalf Of Gary R. Schmidt Sent: Monday, December 2, 2019 2:28 AM To: clamav-users@lists.clamav.net Subject: EXT :Re: [clamav-users] 0.102.1 and Solaris 11.3... On 02/12/2019 16:30, Gary R. Schmidt wrote: > On 2019-12-02 15:24, Gary R. Schmidt wrote: > >> >> "wget https://database.clamav.net/daily.cvd"; works, dammit! >> > > I am an idiot: > $ curl https://database.clamav.net/daily.cvd > curl: (60) SSL certificate problem: unable to get local issuer > certificate More details here: https://curl.haxx.se/docs/sslcerts.html > > curl failed to verify the legitimacy of the server and therefore could > not establish a secure connection to it. To learn more about this > situation and how to fix it, please visit the web page mentioned above. > > Okay, I'll go fix it... > I'm now sure this is a curl/openssl problem, nothing to do with clamav. Sorry for the noise on the channel (but if someone can tell me how to make openssl 1.1.1 pick up the root certificates... :-) ). Cheers, Gary B-) _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
