From owner-freebsd-stable@freebsd.org Thu Jun 16 23:21:34 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9E6C5A77B6F for ; Thu, 16 Jun 2016 23:21:34 +0000 (UTC) (envelope-from wolfgang@lyxys.ka.sub.org) Received: from saturn.lyxys.ka.sub.org (saturn.lyxys.ka.sub.org [217.29.35.151]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 338801FAF for ; Thu, 16 Jun 2016 23:21:33 +0000 (UTC) (envelope-from wolfgang@lyxys.ka.sub.org) Received: from juno.lyxys.ka.sub.org (juno.lyx [IPv6:fd2a:89ca:7d54:0:240:caff:fe92:4f47]) by saturn.lyxys.ka.sub.org (8.15.2/8.15.2) with ESMTPS id u5GNLAQG053827 (version=TLSv1 cipher=DHE-RSA-AES128-SHA bits=128 verify=FAIL) for ; Fri, 17 Jun 2016 01:21:12 +0200 (CEST) (envelope-from wolfgang@lyxys.ka.sub.org) Received: from juno.lyxys.ka.sub.org (localhost [127.0.0.1]) by juno.lyxys.ka.sub.org (8.15.2/8.15.2) with ESMTPS id u5GNLAIQ047910 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 17 Jun 2016 01:21:10 +0200 (CEST) (envelope-from wolfgang@lyxys.ka.sub.org) Received: (from wolfgang@localhost) by juno.lyxys.ka.sub.org (8.15.2/8.15.2/Submit) id u5GNLAU6047909 for freebsd-stable@freebsd.org; Fri, 17 Jun 2016 01:21:10 +0200 (CEST) (envelope-from wolfgang@lyxys.ka.sub.org) X-Authentication-Warning: juno.lyx: wolfgang set sender to wolfgang@lyxys.ka.sub.org using -f Date: Fri, 17 Jun 2016 01:21:10 +0200 From: Wolfgang Zenker To: freebsd-stable@freebsd.org Subject: new certificate for svn.freebsd.org? Message-ID: <20160616232110.GA47529@lyxys.ka.sub.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: private site User-Agent: Mutt/1.6.1 (2016-04-27) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (saturn.lyxys.ka.sub.org [IPv6:fd2a:89ca:7d54:1:200:24ff:feca:b4cc]); Fri, 17 Jun 2016 01:21:12 +0200 (CEST) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2016 23:21:34 -0000 Hi, I'm getting presented a new SSL certificate for svn.freebsd.org. Like the previous one, it can not be verified by svnlite on any of my 10-STABLE machines, though ca_root_nss is installed. But the previous certificate at least matched the fingerprint given on https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/svn.html Trying to update: # svnlite up /usr/src Updating '/usr/src': Error validating server certificate for 'https://svn.freebsd.org:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! Certificate information: - Hostname: svn.freebsd.org - Valid: from Jun 15 00:00:00 2016 GMT until Jun 29 23:59:59 2017 GMT - Issuer: Gandi Standard SSL CA 2, Gandi, Paris, Paris, FR - Fingerprint: 86:5C:C5:84:F5:2D:40:FA:C6:F9:F0:D9:F5:40:D0:D5:6B:90:CB:CE (R)eject, accept (t)emporarily or accept (p)ermanently? Is it just me? Wolfgang