|
From: | Bob Proulx |
Subject: | [savannah-help-public] [sr #108776] ssl updates? |
Date: | Wed, 25 Mar 2015 07:39:24 +0000 |
User-agent: | Mozilla/5.0 (X11; Linux i686 (x86_64)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36 |
Follow-up Comment #2, sr #108776 (project administration): There is at least two separate issues. One is that the installed ca-certificates on fencepost are out of date and need to be updated. I filed a sysadmin request to have that done. For this ticket I am going to assume that happens. I think that is necessary but I don't think that is sufficient. Second is whether Savannah is providing a valid trust chain. One certificate is listed as an additional download. That may be breaking the trust chain. However when I have ssllabs test www.fsf.org it reports exactly the same extra download for that trust chain too. But when I test both savannah.gnu.org and www.fsf.org using wget the result is that www.fsf.org validates but savannah.gnu.org does not. Therefore something must be different and incorrect about the savannah.gnu.org trust chain. Third are the SSL features available for Savannah. This is going to be an ongoing problem due to everything being connected. The first thought would be to simply upgrade the system. However having tested that I find several things break. Among them being the Xen VM bootstrap process is broken likely leaving us with an unbootable system and that is just the start. There is a laundry list of things that are upgrade-broken. I have requested a clean VM in which to transfer services so that we could get things upgrade clean but so far nothing has been provided. I am right now looking at both the trust chain and the cipher situation. _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/support/?108776> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |