[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-users] Savannah https SSL certificates updated
From: |
Bob Proulx |
Subject: |
Re: [Savannah-users] Savannah https SSL certificates updated |
Date: |
Tue, 24 Mar 2015 13:14:22 -0600 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
Reed Loden wrote:
> Ineiev wrote:
> > It looks like this disabled some of my cron jobs on fencepost.gnu.org;
> > it used to wget https://...savannah.gnu.org/...; now it says
> > ERROR: cannot verify savannah.gnu.org's certificate, issued by
> > `/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2':
> > Unable to locally verify the issuer's authority.
> >
> > Probably I should file a request to sysadmin, or configure
> > something in ~/.
The FSF sysadmin is the place to get any updates onto fencepost.
I will give them a poke and see about getting this updated.
> https://www.ssllabs.com/ssltest/analyze.html?d=savannah.gnu.org
>
> Looks like "USERTrust RSA Certification Authority" root CA cert is missing
> from the ca-certificates store of fencepost. Not sure when it was added to
> browser's root store, but might be a good idea to send it along with the
> entire certificate chain for now. Better yet, update fencepost's
> ca-certificates.
It is also possible that the change from SHA1 to SHA256 was also a
source of problem.
> Aside from that, it would be nice if savannah's SSL/TLS config was updated
> to enable better cipher suite choices and newer protocols. See
> https://wiki.mozilla.org/Security/Server_Side_TLS for some examples on how
> to do this.
Yes. I started working that problem and then Real Life intruded. It
isn't completely simple because Savannah has evolved into a large
framework all interconnected. It has lost some modularity.
Everything is connected. Upgrading one thing causes other things not
to work. Which makes upgrades at the moment problematic.
I will just note that I haven't lost track of the upgrade project. I
have simply had to delay while taking care of other more urgent things
first.
Bob