On Tue, Mar 10, 2026 at 01:05:48PM +0700, hahahahacker2009 wrote:
> Vào Thứ 7, 7 thg 3, 2026 vào lúc 06:08 James Jerkins
> <[email protected]> đã viết:
> >
> > On 03/05/26, Nick Holland wrote:
> > > that problem was malformed URLs in the links, if you removed the duplicate
> > > part of the URL, it worked as expected. krw@ had already found and fixed
> > > the problem, but I hadn't updated it in the running code (oops!). This
> > > has been fixed now.
> > >
> >
> > Thanks, that fixed the duplicate URLs!
> >
> > Every https request to the new cvsweb from Lynx displays an error:
> >
> > "SSL error:unable to get local issuer certificate"
> >
> > Checking the certs returned via the command line shows certs for cvsweb
> > and the intermediate.
> >
> > CONNECTED(00000003)
> > depth=0 CN = cvsweb.openbsd.org
> > verify error:num=20:unable to get local issuer certificate
> > verify return:1
> > ---
> > Certificate chain
> > 0 s:/CN=cvsweb.openbsd.org
> > i:/C=US/O=Let's Encrypt/CN=R12
> > -----BEGIN CERTIFICATE-----
> >
> > Can the new cvsweb send the full certificate chain or is this a
> > Lynx problem?
> >
>
> curl also fail. I think certificates should always be read using
> a function that read a certificate chain?
>
> > I love the new bike shed and the paint color. Job well done to Ken and Nick!
> > Thank you both for improving cvsweb.
> >
> >
>
Looking with opensls s_client, this seems more like the server only
sends the certificate and not the full chain. Some clients do not like
that.
-Otto
