From owner-freebsd-questions@FreeBSD.ORG Wed May 7 20:46:00 2014 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A7D777F2 for ; Wed, 7 May 2014 20:46:00 +0000 (UTC) Received: from mail-pa0-x233.google.com (mail-pa0-x233.google.com [IPv6:2607:f8b0:400e:c03::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 84EB1C70 for ; Wed, 7 May 2014 20:46:00 +0000 (UTC) Received: by mail-pa0-f51.google.com with SMTP id kq14so1646863pab.24 for ; Wed, 07 May 2014 13:46:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=2UzCFMPXLhEe1naW1C7l7H6C0lGEqHfSPkLOWL2DpzQ=; b=aFHYFx68UcpyKw7EfXH7kgvMVH5CF3BFQV/yXXQ32G7/nA/jYsdQeBwhmvpi39RVBg eViS2S0iM8QXnL2SyKtIwF7uQqy9S2W4JoWQEDp+myAKLEbYIWa/PSevSk++ty2zW0uY piTWJiszHj+cjVYvAH/FaaLrBScYB7n0L6SX2WmL0pclxdG6JvryRxhOel2RWRiGGpmc HOTupBnYzGsbEX5ZiiSpK2Od06fSXN9Ku8EyNdH6g1vF+Q55zZ7jFvlfxRcHoahRjXYM W+OHCOh0/zRhkhgbbNoNMmEevnyy5FJ25GXMMSBsP+NKZPeoh6i72c3jWOfMkU/odFvu HKrw== MIME-Version: 1.0 X-Received: by 10.66.164.165 with SMTP id yr5mr23092445pab.63.1399495560119; Wed, 07 May 2014 13:46:00 -0700 (PDT) Received: by 10.66.145.7 with HTTP; Wed, 7 May 2014 13:46:00 -0700 (PDT) Date: Wed, 7 May 2014 13:46:00 -0700 Message-ID: Subject: svn https access From: pete wright To: freebsd-questions Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 May 2014 20:46:00 -0000 so i am in the process of downloading the fingerprint keys for the new pkg infrastructure and have noticed that https access to freebsd.org's SVN repository is using self signed certs? > openssl s_client -showcerts -connect svn0.us-east.freebsd.org:443 CONNECTED(00000003) depth=0 C = US, ST = CA, O = FreeBSD.org, OU = clusteradm, CN = svnmir.ysv.FreeBSD.org, emailAddress = clusteradm@FreeBSD.org verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = US, ST = CA, O = FreeBSD.org, OU = clusteradm, CN = svnmir.ysv.FreeBSD.org, emailAddress = clusteradm@FreeBSD.org verify error:num=21:unable to verify the first certificate verify return:1 -- Server certificate subject=/C=US/ST=CA/O=FreeBSD.org/OU=clusteradm/CN=svnmir.ysv.FreeBSD.org/emailAddress=clusteradm@FreeBSD.org issuer=/C=US/ST=CA/O=FreeBSD.org/OU=clusteradm/CN=svnmir.ysv.FreeBSD.org/emailAddress=clusteradm@FreeBSD.org --- No client certificate CA names sent loading that site in firefox gives a warning indicating that the CA is not registered as well. is this done on purpose? kind of hesitant to enable pkg fingerprints on my nodes if i could be using a potentially forged fingerprint. -pete -- pete wright www.nycbug.org @nomadlogicLA