[clamav-users] EXT :Re: 0.102.1 and Solaris 11.3...
Micah Snyder (micasnyd)
micasnyd at cisco.com
Mon Dec 2 19:38:34 UTC 2019
I believe that building a trust store may be exactly what is needed.
Freshclam in 0.102 relies on openssl to validate certificates. On Mac & Windows, it will import the native system certificate stores, but on all other operating systems it relies on openssl's certificate store. If your machine doesn't have one set up, you'll have to build one.
As mentioned earlier, there is no automatic http fallback, but you can manually change the DatabaseMirror option in freshclam.conf from "database.clamav.net" to "http://database.clamav.net" if you wish.
Regards,
Micah
On 12/2/19, 9:26 AM, "clamav-users on behalf of Packard, Scott E [US] (AS)" <clamav-users-bounces at lists.clamav.net on behalf of Scott.Packard at ngc.com> wrote:
> but if someone can tell me how to make openssl 1.1.1 pick up the root certificates
This is just a guess:
https://www.feistyduck.com/library/openssl-cookbook/online/ch-openssl.html
" The private/ folder is empty, but that's normal; you do not yet have any private keys. On the other hand, you'll probably be surprised to learn that the certs/ folder is empty too. OpenSSL does not include any root certificates; maintaining a trust store is considered outside the scope of the project. Luckily, your operating system probably already comes with a trust store that you can use. You can also build your own with little effort, as you'll see in the next section."
Then it goes on to a section "Building a Trust Store".
Regards, Scott
-----Original Message-----
From: clamav-users <clamav-users-bounces at lists.clamav.net> On Behalf Of Gary R. Schmidt
Sent: Monday, December 2, 2019 2:28 AM
To: clamav-users at lists.clamav.net
Subject: EXT :Re: [clamav-users] 0.102.1 and Solaris 11.3...
On 02/12/2019 16:30, Gary R. Schmidt wrote:
> On 2019-12-02 15:24, Gary R. Schmidt wrote:
>
>>
>> "wget https://database.clamav.net/daily.cvd" works, dammit!
>>
>
> I am an idiot:
> $ curl https://database.clamav.net/daily.cvd
> curl: (60) SSL certificate problem: unable to get local issuer
> certificate More details here: https://curl.haxx.se/docs/sslcerts.html
>
> curl failed to verify the legitimacy of the server and therefore could
> not establish a secure connection to it. To learn more about this
> situation and how to fix it, please visit the web page mentioned above.
>
> Okay, I'll go fix it...
>
I'm now sure this is a curl/openssl problem, nothing to do with clamav.
Sorry for the noise on the channel (but if someone can tell me how to make openssl 1.1.1 pick up the root certificates... :-) ).
Cheers,
Gary B-)
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list