Date: Fri, 17 Jun 2016 08:53:15 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-stable@freebsd.org Subject: Re: new certificate for svn.freebsd.org? Message-ID: <0da160bc-c923-4547-7cee-57d7e23af819@FreeBSD.org> In-Reply-To: <20160616232110.GA47529@lyxys.ka.sub.org> References: <20160616232110.GA47529@lyxys.ka.sub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --gfs9GqiEM2EuOw8lHwg7prFjESq6gImmL Content-Type: multipart/mixed; boundary="aGIDiUQdk13jFHp9OmuQ92Hjir7bBTbhE" From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-stable@freebsd.org Message-ID: <0da160bc-c923-4547-7cee-57d7e23af819@FreeBSD.org> Subject: Re: new certificate for svn.freebsd.org? References: <20160616232110.GA47529@lyxys.ka.sub.org> In-Reply-To: <20160616232110.GA47529@lyxys.ka.sub.org> --aGIDiUQdk13jFHp9OmuQ92Hjir7bBTbhE Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 17/06/2016 00:21, Wolfgang Zenker wrote: > I'm getting presented a new SSL certificate for svn.freebsd.org. > Like the previous one, it can not be verified by svnlite on any > of my 10-STABLE machines, though ca_root_nss is installed. But > the previous certificate at least matched the fingerprint given > on https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/svn.html The certificate was renewed yesterday -- a routine renewal as the cert was due to expire within a week. Looks like the documentation is (as ever) lagging behind. Not sure why you can't validate the Gandi cert -- presumably this is due to missing an intermediate certificate from Gandi which isn't in the ca_root_nss collection. In those cases, the server should provide the intermediate certificates as well as the site certificate, which it does. (You can use 'openssl s_client' to test, amongst other methods.) This points towards an error in certificate validation in the svnlite cod= e. Cheers, Matthew --aGIDiUQdk13jFHp9OmuQ92Hjir7bBTbhE-- --gfs9GqiEM2EuOw8lHwg7prFjESq6gImmL Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJXY6xxXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkAT9ygP/3bG5VTkcUGnPrkW1nF5N6o6 pNy+SsJ7v9CtblTpLzfOUi+/KogDXPrZN5qsnjD0Ch/tKipaaZbhPy/bucIP0uT6 3bd5kb2p3SKbqNyHkdQxJsYK+flyg2bUev8RtcJAvni+t2+3r18IQNg+g2D8igof IMtX0YicUcLW1GrYdRnFu7YSHnv73+OBtrWlbYRlKIYnxtPLHMvprfAhnXBxdBBu ZxTuNUexApa6bP+JUxYWkhFpTvgh25GYIqGh9GrPtSmd4rjM/i2F94WKS+r035VP gci10irm5uOay/ei+kGcx0O7xsj3BWrxzEB5aZvPQu5MUpacJN+Uym/cNpLi2Db/ j5fhmp/Y+4kjfM0FUlnD2WugkV0JX2GfI2QoFgDmUehEocWd+xsBphzQD9EGre6l FRSPGki0F7EvUV7Y1x8w42KOTqdE4XmYKxvJ7mH1RpIltz4+I2TolFXomK/UHPIS e4dYcgZSt4ukCi/nmoIg3cYU/ivZjs3AcKYhVn4Gck+vjTGi+wUxZf+2F++SB9tz JCkuwV6+IejXKzHfoCdfos2wYT3neU3dhKYsXC55PfsClgIqqI3VuTbBOwqUTc0/ HHjvuNUUP4saV5nc5X/6HE+lDpkwmV259f34kdhjsFGnZFP4l76aj2bkX2CgiJKc nuI0qNcE4FPfN1LiKZ/3 =dhsd -----END PGP SIGNATURE----- --gfs9GqiEM2EuOw8lHwg7prFjESq6gImmL--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0da160bc-c923-4547-7cee-57d7e23af819>