From db670c5fe35ffb13e863dd5560a8a1d9fd780663 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Thu, 25 Apr 2019 19:13:40 +0200 Subject: coverity: help wget to complete coverity's certificate chain --- travis-ci/tools/get-coverity.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/travis-ci/tools/get-coverity.sh b/travis-ci/tools/get-coverity.sh index b7e907a417..c5f622b5a4 100755 --- a/travis-ci/tools/get-coverity.sh +++ b/travis-ci/tools/get-coverity.sh @@ -22,8 +22,14 @@ sudo apt-get update && sudo apt-get -y install wget if [ ! -d $TOOL_BASE ]; then # Download Coverity Scan Analysis Tool if [ ! -e $TOOL_ARCHIVE ]; then - echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m" - wget -nv -O $TOOL_ARCHIVE $TOOL_URL --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN" + echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m" + # According to https://www.ssllabs.com/ssltest/analyze.html?d=scan.coverity.com&latest, + # the certificate chain is incomplete. Let's complete it manually by downloading the + # missing piece (which is far from ideal but better than --no-check-certificate). This should + # be removed once it ends up in /etc/ssl/certs/ca-certificates.crt officially. + cp /etc/ssl/certs/ca-certificates.crt . + wget -nv -O - https://entrust.com/root-certificates/entrust_l1k.cer | tee -a ./ca-certificates.crt + wget --ca-certificate ./ca-certificates.crt -nv -O $TOOL_ARCHIVE $TOOL_URL --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN" fi # Extract Coverity Scan Analysis Tool -- cgit v1.2.1