From owner-freebsd-ports@FreeBSD.ORG Fri Aug 2 13:40:21 2013 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 31F44D19 for ; Fri, 2 Aug 2013 13:40:21 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from eu1sys200aog117.obsmtp.com (eu1sys200aog117.obsmtp.com [207.126.144.143]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 7CF152776 for ; Fri, 2 Aug 2013 13:40:20 +0000 (UTC) Received: from mail-wg0-f49.google.com ([74.125.82.49]) (using TLSv1) by eu1sys200aob117.postini.com ([207.126.147.11]) with SMTP ID DSNKUfu2wt88hSxLqoNwlzS+zAs1hVKrxnxk@postini.com; Fri, 02 Aug 2013 13:40:20 UTC Received: by mail-wg0-f49.google.com with SMTP id y10so508802wgg.28 for ; Fri, 02 Aug 2013 06:40:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=sender:date:from:message-id:to:subject:cc:reply-to:in-reply-to :x-gm-message-state; bh=Ll1x6eClseJ2mSBfkZVHm6FWHSQxSJLHkfkt17U6u8E=; b=A7zLryaItLjQQiTcyrez7PHPGa28vnhE+vFN1a22zXJMHnFnF+KIxOkoTLs5jdhIAO BE99zpfEsuaUPB3BzPRaOS244/v5yH7N+quTECQ2G8oGWRieSc2eXFlwwlT3Rhftzlr/ K38debbb0D8kQbQ7cSK2yOII+sBkJwe36FlLZ3PbAvnuW2tnGjcxEM3BVqiIV2srZwYC T8rW1wzW1qKkwIOzxVEOc9ZvDvyR9xMA8xugyphc6cBeex2giT+8ah3jAC6IaKzXfBUp V+W/cKQRn/UHClOltC4WlOsO8iq8eFGFQOi/61lTX2UNGE8jDAn5ZiJ4syCraZksAuLb p93w== X-Received: by 10.194.175.66 with SMTP id by2mr3226330wjc.59.1375450818458; Fri, 02 Aug 2013 06:40:18 -0700 (PDT) X-Received: by 10.194.175.66 with SMTP id by2mr3226323wjc.59.1375450818369; Fri, 02 Aug 2013 06:40:18 -0700 (PDT) Received: from mech-cluster241.men.bris.ac.uk (mech-cluster241.men.bris.ac.uk. [137.222.187.241]) by mx.google.com with ESMTPSA id v9sm3416209wiw.8.2013.08.02.06.40.16 for (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 02 Aug 2013 06:40:17 -0700 (PDT) Sender: Anton Shterenlikht Received: from mech-cluster241.men.bris.ac.uk (localhost [127.0.0.1]) by mech-cluster241.men.bris.ac.uk (8.14.7/8.14.6) with ESMTP id r72DeFHv014847 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 2 Aug 2013 14:40:15 +0100 (BST) (envelope-from mexas@mech-cluster241.men.bris.ac.uk) Received: (from mexas@localhost) by mech-cluster241.men.bris.ac.uk (8.14.7/8.14.6/Submit) id r72DeF4V014846; Fri, 2 Aug 2013 14:40:15 +0100 (BST) (envelope-from mexas) Date: Fri, 2 Aug 2013 14:40:15 +0100 (BST) From: Anton Shterenlikht Message-Id: <201308021340.r72DeF4V014846@mech-cluster241.men.bris.ac.uk> To: kpaasial@gmail.com, mexas@bris.ac.uk Subject: Re: Error validating server certificate for 'https://svn0.us-east.freebsd.org:443': In-Reply-To: X-Gm-Message-State: ALoCoQkVVSG0lEKXEskqXhvg+mSGmnwn3Awo9hgVItkdWh3qYZFCeQKGKbJ7Y39NiVj9MM+r0FpzpVzpR1EIeMllxRqij3XGBITHXI9Yi7n2e/Tb4FI+SoajJCj3FffuZ7MnGKFrTFL3+72aS83k2S6a0Tv1X9V3euX55NKCMFTwcajT7AkPUqQ= Cc: freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: mexas@bris.ac.uk List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Aug 2013 13:40:21 -0000 >From kpaasial@gmail.com Fri Aug 2 14:35:12 2013 > >On Fri, Aug 2, 2013 at 11:51 AM, Kimmo Paasiala wrote: >> On Fri, Aug 2, 2013 at 11:19 AM, Anton Shterenlikht wrote: >>> >From kpaasial@gmail.com Fri Aug 2 09:18:52 2013 >>>> >>>>On Fri, Aug 2, 2013 at 11:10 AM, Anton Shterenlikht wrote: >>>>> # svn up /usr/ports/ >>>>> Updating '/usr/ports': >>>>> Error validating server certificate for 'https://svn0.us-east.freebsd.org:443': >>>>> - The certificate is not issued by a trusted authority. Use the >>>>> fingerprint to validate the certificate manually! >>>>> - The certificate hostname does not match. >>>>> Certificate information: >>>>> - Hostname: svnmir.ysv.FreeBSD.org >>>>> - Valid: from Jul 29 22:01:21 2013 GMT until Dec 13 22:01:21 2040 GMT >>>>> - Issuer: clusteradm, FreeBSD.org, (null), CA, US (clusteradm@FreeBSD.org) >>>>> - Fingerprint: 1C:BD:85:95:11:9F:EB:75:A5:4B:C8:A3:FE:08:E4:02:73:06:1E:61 >>>>> (R)eject, accept (t)emporarily or accept (p)ermanently? >>>>> >>>>> What's going on? >>>>> >>>>> Thanks >>>>> >>>>> Anton >>>>> >>>> >>>>The DNS name for the SVN mirror was changed a few days ago into a >>>>CNAME that points to svnmir.ysv.FreeBSD.org and it no longer matches >>>>the certificate that you have saved on your system, hence the >>>>complaint. It's safe to accept the "new" cert. >>>> >>>>-Kimmo >>> >>> ok, great, thanks for clarifying this. >>> >>> Anton >> >> Np. >> >> You can always check the fingerprints of the certificates manually if >> there's any lingering doubt :) >> >> -Kimmo > >Btw, I was about to ask if the SSL certificate fingerprints for the >SVN mirrors are available somewhere. They are listed in the FreeBSD >Handbook: > >http://www.freebsd.org/doc/handbook/svn-mirrors.html oh.. there is a mirror in UK! I'll switch to it later. Anton