[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: `guix pull` over HTTPS
From: |
Leo Famulari |
Subject: |
Re: `guix pull` over HTTPS |
Date: |
Tue, 28 Feb 2017 19:19:04 -0500 |
User-agent: |
Mutt/1.7.2 (2016-11-26) |
On Wed, Mar 01, 2017 at 12:05:57AM +0100, Marius Bakke wrote:
> The ISRG trust chain is supported by NSS since 3.26[0] and Firefox 50.
>
> [0] https://bugzilla.mozilla.org/show_bug.cgi?id=1204656
>
> As long as the ISRG chain works with all software in Guix, I don't see a
> reason to include the IdenTrust root and intermediates. I think we
> should not include the retired intermediate certificates however.
>
> This tiny chain works for all cases I've tried:
>
> cat isrgrootx1.pem letsencryptauthorityx3.pem letsencryptauthorityx4.pem >
> le-certs.pem
I've updated the le-certs Git repo to include this bundle (although I
put the root certificate at the end of the list), and a separate bundle
for the IdenTrust-signed chain.
Let's use the ISRG chain.
> > 2) I'd like at least two other Guix developers to try recreating the
> > repository "from scratch", and to send signed email to this thread
> > saying that they were able to successfully recreate this custom
> > certificate store.
>
> I downloaded each certificate independently and ran the provided 'sed'
> command and ended up with the same SHA256 hashes, which are:
>
> 139a5e4a4e0fa505378c72c5f700934ce8333f4e6b1b508886c4b0eb14f4be99
> dstrootx3.pem
> 3e6cf961c196c63a39bd99e5e34ff42c83669e3d7bcc2e4a0f9c7c7df40d0d7e
> isrgrootx1.pem
> 3acb088b1372351a29c23ba51d28442a22e810224f8d009d8e026c470f463d74 le-certs.pem
> f8a8316dcc1f813774e7d7e2f85d7069d8b387c98a81b6073ef9f415be62410e
> letsencryptauthorityx1.pem
> 3f67c48667781f7a7221320ee5b76c353aa4e0f4b2ed24a8a41113e6638f9724
> letsencryptauthorityx2.pem
> 735a28bd5d93161769dd3a5d1d6337f24d1f2662cfe355930c1cffc38cac6a7d
> letsencryptauthorityx3.pem
> 04f703429322d699af9e4d47e558cb696378fa20073700c9309263c448626d00
> letsencryptauthorityx4.pem
> 6c0a324bb803e9d66b8986ea2085bb9d6bdfe33f5c04a03a3f7024f4aa8e7a2d
> lets-encrypt-x1-cross-signed.pem
> b5791649cc21518a9757d7e1809bc47c5e60edc45c9dddaaf6c060cbe03bcb1d
> lets-encrypt-x2-cross-signed.pem
> e446c5e9dbef9d09ac9f7027c034602492437a05ff6c40011d7235fca639c79a
> lets-encrypt-x3-cross-signed.pem
> f524491d9c2966c01ecec75c7803c7169ff46bc5cfd44c396d418cd7053d8015
> lets-encrypt-x4-cross-signed.pem
Thanks, that matches what I have. One more person, please :)
signature.asc
Description: PGP signature
- Re: `guix pull` over HTTPS, (continued)
- Re: `guix pull` over HTTPS, Leo Famulari, 2017/02/28
- Re: `guix pull` over HTTPS, Marius Bakke, 2017/02/28
- Re: `guix pull` over HTTPS, Leo Famulari, 2017/02/28
- Re: `guix pull` over HTTPS, Marius Bakke, 2017/02/28
- Re: `guix pull` over HTTPS, Marius Bakke, 2017/02/28
- Re: `guix pull` over HTTPS, Marius Bakke, 2017/02/28
- Re: `guix pull` over HTTPS, Marius Bakke, 2017/02/28
- Re: `guix pull` over HTTPS, Marius Bakke, 2017/02/28
- Re: `guix pull` over HTTPS,
Leo Famulari <=
- [PATCH] pull: Use HTTPS by default., Marius Bakke, 2017/02/28
- Re: [PATCH] pull: Use HTTPS by default., Leo Famulari, 2017/02/28
Re: `guix pull` over HTTPS, Christopher Allan Webber, 2017/02/10
Re: `guix pull` over HTTPS, Ludovic Courtès, 2017/02/10
Re: `guix pull` over HTTPS, Bob Proulx, 2017/02/13