Date: Wed, 7 May 2014 13:46:00 -0700 From: pete wright <nomadlogic@gmail.com> To: freebsd-questions <questions@freebsd.org> Subject: svn https access Message-ID: <CAGBmCT6VdeTFBUFG_esE60XhYP7AR_1taRoAqgV3u0ShXbh2yA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
so i am in the process of downloading the fingerprint keys for the new pkg infrastructure and have noticed that https access to freebsd.org's SVN repository is using self signed certs? > openssl s_client -showcerts -connect svn0.us-east.freebsd.org:443 CONNECTED(00000003) depth=0 C = US, ST = CA, O = FreeBSD.org, OU = clusteradm, CN = svnmir.ysv.FreeBSD.org, emailAddress = clusteradm@FreeBSD.org verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = US, ST = CA, O = FreeBSD.org, OU = clusteradm, CN = svnmir.ysv.FreeBSD.org, emailAddress = clusteradm@FreeBSD.org verify error:num=21:unable to verify the first certificate verify return:1 -- Server certificate subject=/C=US/ST=CA/O=FreeBSD.org/OU=clusteradm/CN=svnmir.ysv.FreeBSD.org/emailAddress=clusteradm@FreeBSD.org issuer=/C=US/ST=CA/O=FreeBSD.org/OU=clusteradm/CN=svnmir.ysv.FreeBSD.org/emailAddress=clusteradm@FreeBSD.org --- No client certificate CA names sent loading that site in firefox gives a warning indicating that the CA is not registered as well. is this done on purpose? kind of hesitant to enable pkg fingerprints on my nodes if i could be using a potentially forged fingerprint. -pete -- pete wright www.nycbug.org @nomadlogicLA
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGBmCT6VdeTFBUFG_esE60XhYP7AR_1taRoAqgV3u0ShXbh2yA>