cerbero fails in glib on Ubuntu 18.04
Matthew Thyer
matthew.thyer at adelaide.edu.au
Mon May 21 06:26:42 UTC 2018
Tim,
Thanks for working out the root cause of these certificate verification failures.
I've seen them too but not yet reported the issue.
I've been attempting to build GStreamer branch 1.14 in a docker container (to ensure a clean environment).
When I saw the certificate verification failures, I worked around them in another window with this process:
1) Attach to the running container in a new terminal with: docker exec -it --entrypoint=/bin/bash <id of running container>
2) Fetch the file that couldn’t be verified using the exact command that the fetch stage said it was running (wget including the -O)
3) Then choose “[2] Rebuild starting from the failed step” in the main window
I noted that the failures occurred in the following six instances:
[(65/82) spandsp -> fetch ]
[(66/82) webrtc-audio-processing -> fetch ]
[(67/82) sbc -> fetch ]
[(69/82) srt -> fetch ]
[(72/82) opencore-amr -> fetch ]
[(77/82) json-glib -> fetch ]
Each time, the error is (but host web site may vary):
ERROR: cannot verify freedesktop.org's certificate, issued by 'CN=Let\'s Encrypt Authority X3,O=Let\'s Encrypt,C=US':
Unable to locally verify the issuer's authority.
To connect to freedesktop.org insecurely, use `--no-check-certificate'.
-----Original Message-----
From: gstreamer-devel <gstreamer-devel-bounces at lists.freedesktop.org> On Behalf Of Tim Prime
Sent: Saturday, 19 May 2018 9:02 AM
To: gstreamer-devel at lists.freedesktop.org
Subject: Re: cerbero fails in glib on Ubuntu 18.04
This problem was added recently.
I can get around it by doing,
$ git checkout 1.14.0.1
$ git cherry-pick 49ff7da1
After doing that, I get much further into the build.
The next failure to solve is, a problem caused (in part) by LD_LIBRARY_PATH interfering with wget. The version of libssl (built by cerbero) doesn't pickup the CA certificates in /usr/lib/.
One complication, wget on Ubuntu 16.04 doesn't seem to be built with the HSTS safe-guards. Even so, I am somewhat surprised this doesn't cause problems on other platforms (FreeBSD, macOS, other Linux).
[(65/80) spandsp -> fetch ]
-----> Fetching tarball
http://www.soft-switch.org/downloads/spandsp/spandsp-0.0.6.tar.gz to /vol2/tdprime/cerbero/build/sources/local/spandsp-0.0.6/spandsp-0.0.6.tar.gz
Downloading
http://www.soft-switch.org/downloads/spandsp/spandsp-0.0.6.tar.gz
Running command 'wget
http://www.soft-switch.org/downloads/spandsp/spandsp-0.0.6.tar.gz -O /vol2/tdprime/cerbero/build/sources/local/spandsp-0.0.6/spandsp-0.0.6.tar.gz
'
URL transformed to HTTPS due to an HSTS policy
--2018-05-18 23:12:50--
https://www.soft-switch.org/downloads/spandsp/spandsp-0.0.6.tar.gz
Resolving www.soft-switch.org (www.soft-switch.org)... 209.105.235.30 Connecting to www.soft-switch.org (www.soft-switch.org)|209.105.235.30|:443... connected.
ERROR: cannot verify www.soft-switch.org's certificate, issued by ‘CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US’:
Unable to locally verify the issuer's authority.
To connect to www.soft-switch.org insecurely, use `--no-check-certificate'.
-Tim
--
Sent from: http://gstreamer-devel.966125.n4.nabble.com/
_______________________________________________
gstreamer-devel mailing list
gstreamer-devel at lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/gstreamer-devel
More information about the gstreamer-devel
mailing list