[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] Unreachable https and rsync mirrors

From: Ian Kelling
Subject: Re: [Savannah-hackers-public] Unreachable https and rsync mirrors
Date: Mon, 08 Jun 2020 15:17:56 -0400
User-agent: mu4e 1.4.6; emacs 28.0.50

Bob Proulx <> writes:

> Bob Proulx wrote:
>> All of those seem to be the outdated CA list and openssl on
>> download0.  All but one of the above were issued by Comodo.  Which is
>> the mostly common thread among them.  They apparently have a newly
>> issued trust anchor.
> It turns out that this was a pretty widely felt expired certificate.
> And tickles an openssl bug.  And therefore fixes have been rippling
> through.
> The way I have been reading the blogs on this the problem is one of
> the certificate chains has expired.  Coupled with openssl prior to 1.1
> which flagged as invalid the chain if either were invalid.  Requiring
> both of them to be valid.  As opposed to validating it as okay if any
> of the chains validated as it is supposed to have been working.
> Over the weekend I realized that I could extract the expired
> certificate and leave only the valid one and this would fix the
> problem.  And I could even update the bundle.
> But then the Debian Stretch LTS team prepared a package upgrade doing
> all of the work very nicely packaged making this trivial to install
> their package and not needing any work at all.  :-)
> I have upgrade the CA certificate bundle on our three machines that
> were needing it, download0, vcs0, mgt0.  Testing shows that the
> previous certificates that were previously invalid are now validating.
> I am going to wait and let the mirmon scripts run and hopefully that
> will now validate those mirrors and they will come back online in the
> redirector over the next couple of hours.
> Bob

Awesome. Onto server upgrades! I just decommissioned a debian lenny
machine this last weekend.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]