fetch -no-verify-peer allows to fetch from https even if the remote site can not be verified. It no longer works. --------- f10# fetch -v -no-verify-peer https://gist.githubusercontent.com/anonymous/eb379038510a6f15c0cb/raw/cc836df6365e975fd19b49f9eedee5f1ebfa4e46/mnemosyne-2.3.diff looking up gist.githubusercontent.com connecting to gist.githubusercontent.com:443 SSL options: 81004bff Peer verification enabled Using CA cert file: /etc/ssl/cert.pem Certificate verification failed for /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA 34380826280:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1168: fetch: https://gist.githubusercontent.com/anonymous/eb379038510a6f15c0cb/raw/cc836df6365e975fd19b49f9eedee5f1ebfa4e46/mnemosyne-2.3.diff: Authentication error --------- The cause seems to be that the system-ssl-lib no longer supports disabling the verification via setenv("SSL_NO_VERIFY_PEER", "", 1); which it did in the past ? (/usr/src/usr.bin/fetch/fetch.c, line 1034) Fix: TODO: Find a fix. How-To-Repeat: see above
Well, what a difference a '-' makes. This fails: fetch -no-verify-peer ... This works: fetch --no-verify-peer ...