[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lmi] savannah.gnu.org certificate expiration
|
From: |
Greg Chicares |
|
Subject: |
[lmi] savannah.gnu.org certificate expiration |
|
Date: |
Fri, 29 Oct 2021 00:02:25 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 |
https://savannah.nongnu.org/forum/forum.php?forum_id=10054
| On September 30, 2021, as planned the DST Root CA X3 cross-sign has
| expired for the Let's Encrypt trust chain. That was a normal and
| planned event. However coupled with a verification error in the code
| of libraries authenticating certificates it caused some clients that
| have not been updated to fixed versions to have problems validating
| certificates.
|
| If you are experiencing invalid certificate chain problems with Let's
| Encrypt certificates (not a Savannah problem) then please upgrade
| your client to the latest security patches for your system.
That seemed worth mentioning in general. In particular, it happens to
matter for our corporate redhat server:
- To determine whether gnu.org is blocked, we do this:
curl 'https://git.savannah.nongnu.org:443'
Formerly, that always failed, so scripts would use github instead.
- Now, to my surprise, that 'curl' command succeeds; but subsequent
'wget' commands fail unless we add '--no-check-certificate'.
I think I might add '--no-check-certificate' liberally. I could
probably figure out how to update the server's certificates, but
the corporate overseers might look askance at that.
- [lmi] savannah.gnu.org certificate expiration,
Greg Chicares <=