Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 7 May 2014 13:46:00 -0700
From:      pete wright <nomadlogic@gmail.com>
To:        freebsd-questions <questions@freebsd.org>
Subject:   svn https access
Message-ID:  <CAGBmCT6VdeTFBUFG_esE60XhYP7AR_1taRoAqgV3u0ShXbh2yA@mail.gmail.com>

next in thread | raw e-mail | index | archive | help
so i am in the process of downloading the fingerprint keys for the new
pkg infrastructure and have noticed that https access to freebsd.org's
SVN repository is using self signed certs?


> openssl s_client -showcerts -connect svn0.us-east.freebsd.org:443
CONNECTED(00000003)
depth=0 C = US, ST = CA, O = FreeBSD.org, OU = clusteradm, CN =
svnmir.ysv.FreeBSD.org, emailAddress = clusteradm@FreeBSD.org
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = CA, O = FreeBSD.org, OU = clusteradm, CN =
svnmir.ysv.FreeBSD.org, emailAddress = clusteradm@FreeBSD.org
verify error:num=21:unable to verify the first certificate
verify return:1
--
Server certificate
subject=/C=US/ST=CA/O=FreeBSD.org/OU=clusteradm/CN=svnmir.ysv.FreeBSD.org/emailAddress=clusteradm@FreeBSD.org
issuer=/C=US/ST=CA/O=FreeBSD.org/OU=clusteradm/CN=svnmir.ysv.FreeBSD.org/emailAddress=clusteradm@FreeBSD.org
---
No client certificate CA names sent



loading that site in firefox gives a warning indicating that the CA is
not registered as well.  is this done on purpose?  kind of hesitant to
enable pkg fingerprints on my nodes if i could be using a potentially
forged fingerprint.

-pete


-- 
pete wright
www.nycbug.org
@nomadlogicLA



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGBmCT6VdeTFBUFG_esE60XhYP7AR_1taRoAqgV3u0ShXbh2yA>