|
| From: | Bob Proulx |
| Subject: | [savannah-help-public] [sr #108776] ssl updates? |
| Date: | Wed, 25 Mar 2015 07:39:24 +0000 |
| User-agent: | Mozilla/5.0 (X11; Linux i686 (x86_64)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36 |
Follow-up Comment #2, sr #108776 (project administration):
There is at least two separate issues. One is that the installed
ca-certificates on fencepost are out of date and need to be updated. I filed
a sysadmin request to have that done. For this ticket I am going to assume
that happens. I think that is necessary but I don't think that is
sufficient.
Second is whether Savannah is providing a valid trust chain. One certificate
is listed as an additional download. That may be breaking the trust chain.
However when I have ssllabs test www.fsf.org it reports exactly the same extra
download for that trust chain too. But when I test both savannah.gnu.org and
www.fsf.org using wget the result is that www.fsf.org validates but
savannah.gnu.org does not. Therefore something must be different and
incorrect about the savannah.gnu.org trust chain.
Third are the SSL features available for Savannah. This is going to be an
ongoing problem due to everything being connected. The first thought would be
to simply upgrade the system. However having tested that I find several
things break. Among them being the Xen VM bootstrap process is broken likely
leaving us with an unbootable system and that is just the start. There is a
laundry list of things that are upgrade-broken. I have requested a clean VM
in which to transfer services so that we could get things upgrade clean but so
far nothing has been provided.
I am right now looking at both the trust chain and the cipher situation.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?108776>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
| [Prev in Thread] | Current Thread | [Next in Thread] |