John Criswell
2011-Jun-28 20:56 UTC
[LLVMdev] New Certificate Installed; llvm.org Back Up; Issues Linger
Dear All,
The good news is that the new llvm.org SSL certificate is installed and
appears to be configured correctly.
The bad news is that some machines seem to recognize the intermediate
SSL certificate (which is apparently used to sign the SSL certificates
UIUC buys starting this year) while others do not. In particular, our
internal Linux machines show no errors, while our Macs and llvm.org's
SVN client do.
If you see this error message:
Error validating server certificate for 'https://llvm.org:443':
- The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
Certificate information:
- Hostname: llvm.org
- Valid: from Tue, 21 Jun 2011 00:00:00 GMT until Fri, 20 Jun 2014
23:59:59 GMT
- Issuer: InCommon, Internet2, US
- Fingerprint: 3e:a5:0e:1c:c8:fb:71:41:06:71:e8:ac:fc:c5:be:97:4a:21:01:2e
(R)eject, accept (t)emporarily or accept (p)ermanently?
... then your client is not happy with the intermediate SSL certificate,
but you should be able to accept the certificate and continue using SVN.
I've decided to keep the new SSL certificate installed since a cert that
works for some (hopefully most) LLVM users is better than an expired
cert that flags a warning for everyone (Tanya, if you disagree, please
feel free to revert the change). In the meantime, I'll talk to the IT
people who renewed our certificate and see if they know what's causing
this issue.
Sorry for the inconvenience.
-- John T.
John Criswell
2011-Jun-29 16:13 UTC
[LLVMdev] New Certificate Installed; llvm.org Back Up; Issues Linger
On 6/28/11 3:56 PM, John Criswell wrote:> Dear All, > > The good news is that the new llvm.org SSL certificate is installed and > appears to be configured correctly.As a followup to this, I discovered that I was using the MacPorts version of the svn client on our Mac OS X system. Using the svn client in /usr/bin/svn seems to recognize the certificate just fine. The pattern that I'm seeing is that newer versions of svn (e.g., 1.6.13 and 1.6.16) seem to work while older versions (1.5.4 and 1.6.12) do not. If you're having trouble with the new certificate, upgrading svn might fix it. -- John T.> The bad news is that some machines seem to recognize the intermediate > SSL certificate (which is apparently used to sign the SSL certificates > UIUC buys starting this year) while others do not. In particular, our > internal Linux machines show no errors, while our Macs and llvm.org's > SVN client do. > > If you see this error message: > > Error validating server certificate for 'https://llvm.org:443': > - The certificate is not issued by a trusted authority. Use the > fingerprint to validate the certificate manually! > Certificate information: > - Hostname: llvm.org > - Valid: from Tue, 21 Jun 2011 00:00:00 GMT until Fri, 20 Jun 2014 > 23:59:59 GMT > - Issuer: InCommon, Internet2, US > - Fingerprint: 3e:a5:0e:1c:c8:fb:71:41:06:71:e8:ac:fc:c5:be:97:4a:21:01:2e > (R)eject, accept (t)emporarily or accept (p)ermanently? > > ... then your client is not happy with the intermediate SSL certificate, > but you should be able to accept the certificate and continue using SVN. > > I've decided to keep the new SSL certificate installed since a cert that > works for some (hopefully most) LLVM users is better than an expired > cert that flags a warning for everyone (Tanya, if you disagree, please > feel free to revert the change). In the meantime, I'll talk to the IT > people who renewed our certificate and see if they know what's causing > this issue. > > Sorry for the inconvenience. > > -- John T. > > > > > > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
Garrison Venn
2011-Jun-29 18:43 UTC
[LLVMdev] New Certificate Installed; llvm.org Back Up; Issues Linger
Any issues with permanently accepting the intermediate certificate, which I did this morning, when getting the message? Thanks in advance Garrison On Jun 29, 2011, at 12:13, John Criswell wrote:> On 6/28/11 3:56 PM, John Criswell wrote: >> Dear All, >> >> The good news is that the new llvm.org SSL certificate is installed and >> appears to be configured correctly. > > As a followup to this, I discovered that I was using the MacPorts > version of the svn client on our Mac OS X system. Using the svn client > in /usr/bin/svn seems to recognize the certificate just fine. > > The pattern that I'm seeing is that newer versions of svn (e.g., 1.6.13 > and 1.6.16) seem to work while older versions (1.5.4 and 1.6.12) do not. > > If you're having trouble with the new certificate, upgrading svn might > fix it. > > -- John T. > >> The bad news is that some machines seem to recognize the intermediate >> SSL certificate (which is apparently used to sign the SSL certificates >> UIUC buys starting this year) while others do not. In particular, our >> internal Linux machines show no errors, while our Macs and llvm.org's >> SVN client do. >> >> If you see this error message: >> >> Error validating server certificate for 'https://llvm.org:443': >> - The certificate is not issued by a trusted authority. Use the >> fingerprint to validate the certificate manually! >> Certificate information: >> - Hostname: llvm.org >> - Valid: from Tue, 21 Jun 2011 00:00:00 GMT until Fri, 20 Jun 2014 >> 23:59:59 GMT >> - Issuer: InCommon, Internet2, US >> - Fingerprint: 3e:a5:0e:1c:c8:fb:71:41:06:71:e8:ac:fc:c5:be:97:4a:21:01:2e >> (R)eject, accept (t)emporarily or accept (p)ermanently? >> >> ... then your client is not happy with the intermediate SSL certificate, >> but you should be able to accept the certificate and continue using SVN. >> >> I've decided to keep the new SSL certificate installed since a cert that >> works for some (hopefully most) LLVM users is better than an expired >> cert that flags a warning for everyone (Tanya, if you disagree, please >> feel free to revert the change). In the meantime, I'll talk to the IT >> people who renewed our certificate and see if they know what's causing >> this issue. >> >> Sorry for the inconvenience. >> >> -- John T. >> >> >> >> >> >> _______________________________________________ >> LLVM Developers mailing list >> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu >> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev > > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev