Check fails (no CA certificates found) #2
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
On a Debian host, check_xmppng yields wrong results when trying to check certificates.
Example:
What's troubling me is that the same command works fine when run on an Archlinux host. So it is probably a bug in packaging python, either in Archlinux or in Debian.
But I think this problem can be solved in check_xmppng by removing these lines check_xmppng#L338-L345.
My understanding is that check_xmppng first tries to make sure that some CA certificates are present before performing the real check. But it cannot work. As stated in python's doc ssl.SSLContext.get_ca_certs, certificates in a capath directory aren’t loaded unless they have been used at least once.
What do you think?
@pitchum thanks for reporting the issue. I could reproduce it in a Debian Buster container and removing the CA certificate statistics fixed the issue.
Thanks for the fix. I hope it will be available in Debian Bullseye.
I just uploaded the package to Debian unstable and if there are no new bugs found in the next few days it should go into Bullseye. We are in the soft-freeze already but the change should be minor enough.