Date: Wed, 28 Dec 2016 22:27:53 -0600 From: Benjamin Kaduk <kaduk@mit.edu> To: Michael C Voorhis <mvoorhis@cs.wpi.edu> Cc: freebsd-doc@freebsd.org Subject: Re: FreeBSD Handbook A.3.6 has incorrect (old?) cert-fingerprint info for svn.freebsd.org Message-ID: <20161229042753.GE8460@kduck.kaduk.org> In-Reply-To: <20161227133400.C86B3601EC@cwe.cs.wpi.edu> References: <20161227133400.C86B3601EC@cwe.cs.wpi.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 27, 2016 at 08:34:00AM -0500, Michael C Voorhis wrote: > The FreeBSD handbook section A.3.6, under > > https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/svn.html > > lists certificate fingerprints which appear to be outdated. It > appears that the SHA1 fingerprint, listed in the handbook as > > E9:37:73:80:B5:32:1B:93:92:94:98:17:59:F0:FA:A2:5F:1E:DE:B9 > > Should be > > 86:5C:C5:84:F5:2D:40:FA:C6:F9:F0:D9:F5:40:D0:D5:6B:90:CB:CE . > > Similarly, the SHA256 fingerprint listed on the handbook-page is > > D5:27:1C:B6:55:E6:A8:7D:48:D5:0C:F0:DA:9D:51:60:D7:42:6A:F2:05:F1:8A:47:BE:78:A1:3A:72:06:92:60 > > where it should be > > 3D:68:44:40:22:B1:96:B2:D3:0B:DD:1A:C9:AA:FF:CB:EC:89:FE:A2:4B:AF:11:F9:7C:AD:D9:F2:67:B7:35:18 . > > According to my web-browser, the cert has been in place since 14 June > 2016, and will expire on 29 June 2017. The fingerprints you quote are preceded by a note: % Note: The FreeBSD Subversion mirrors previously used self-signed SSL certificates % documented in this chapter. As of July 14, 2015, all mirrors now use an official % SSL certificate that will be recognized by Subversion if the security/ca_root_nss % port is installed. The legacy self-signed certificates and server names are still % available but are deprecated and no longer supported. -Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20161229042753.GE8460>