From owner-freebsd-www@FreeBSD.ORG  Mon Jul  8 11:41:06 2013
Return-Path: <owner-freebsd-www@FreeBSD.ORG>
Delivered-To: freebsd-www@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 89C8E526
 for <freebsd-www@FreeBSD.org>; Mon,  8 Jul 2013 11:41:06 +0000 (UTC)
 (envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id 7CF961473
 for <freebsd-www@FreeBSD.org>; Mon,  8 Jul 2013 11:41:06 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r68BeXfG053981
 for <freebsd-www@FreeBSD.org>; Mon, 8 Jul 2013 11:41:06 GMT
 (envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r68B6ie1046257
 for freebsd-www@FreeBSD.org; Mon, 8 Jul 2013 11:06:44 GMT
 (envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 8 Jul 2013 11:06:44 GMT
Message-Id: <201307081106.r68B6ie1046257@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
 owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-www@FreeBSD.org
Subject: Current problem reports assigned to freebsd-www@FreeBSD.org
X-BeenThere: freebsd-www@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: **OBSOLETE** FreeBSD Project Webmasters <freebsd-www.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-www>,
 <mailto:freebsd-www-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-www>
List-Post: <mailto:freebsd-www@freebsd.org>
List-Help: <mailto:freebsd-www-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-www>,
 <mailto:freebsd-www-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2013 11:41:06 -0000

Note: to view an individual PR, use:
  http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.


S Tracker      Resp.      Description
--------------------------------------------------------------------------------
o www/179521   www        Google blocks freebsd.org page due to DMCA complaint
o www/179160   www        search "supported hardware" result links all give "pag
o www/175861   www        ftp6.ua.freebsd.org is not present in docs
o www/175685   www        HTTPS does not follow visitor among FreeBSD.org sub-do
o www/175535   www        freebsd.org/ports is out of date
o www/172624   www        Some RSS feeds on www.freebsd.org are broken
o www/171953   www        Pipermail creates HTML pages that have the the body co
o www/166496   www        HP-UX manual pages are mangled
o www/161174   www        Make http://www.freebsd.org/cgi/search.cgi search GNAT
o www/159291   www        Error 404 - when I try to send-pr over freebsd.org/es/
o www/149446   www        [patch] improve misleading title of "report a bug"
f www/146089   www        On www.freebsd.org some IPv6 mirror sites do not work
o www/145917   www        SVG at logo.html is broken
s www/140580   www        svnweb file logs are useless
s www/129923   www        Need stylesheet for FreeBSD Subversion DAV tree
s www/111791   www        FreeBSD website messes up while using "links" browser
s www/103522   www        Search interface oddity
s www/73551    www        [request] fix list archive 'quoted-printable' corrupti
o www/59307    www        [patch] xml/xsl'ify & update publications page
s www/51135    www        Problems with the mailing-lists search interface

20 problems total.


From owner-freebsd-www@FreeBSD.ORG  Mon Jul  8 17:19:49 2013
Return-Path: <owner-freebsd-www@FreeBSD.ORG>
Delivered-To: freebsd-www@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 63E4ABB8
 for <freebsd-www@freebsd.org>; Mon,  8 Jul 2013 17:19:49 +0000 (UTC)
 (envelope-from unsubscribe@greensideonline.com)
Received: from vps2.teclan.org (vps2.teclan.org [213.246.100.231])
 by mx1.freebsd.org (Postfix) with ESMTP id 45CCB1DAD
 for <freebsd-www@freebsd.org>; Mon,  8 Jul 2013 17:19:46 +0000 (UTC)
Received: (qmail 13702 invoked from network); 8 Jul 2013 18:19:39 +0100
Received: from www.greensideonline.com (HELO web) (92.19.236.152)
 by vps2.teclan.org with SMTP; 8 Jul 2013 18:19:26 +0100
Organization: Greenside
Message-ID: <a4137e8cbf41d04aa885e2fe0011c26e@greensideonline.com>
From: "Greenside Online Sales - www.GreensideOnline.com"
 <unsubscribe@greensideonline.com>
To: <freebsd-www@freebsd.org>
Subject: =?windows-1252?Q?Mesh_Style_EN471_Compliant_HiViz_from_69p_-_Limited_Edition?=
Date: Mon, 8 Jul 2013 17:43:05 +0100
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----=SPLITOR00A_001_181501234D";
 type="multipart/alternative"
X-Content-Filtered-By: Mailman/MimeDel 2.1.14
X-BeenThere: freebsd-www@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: unsubscribe@greensideonline.com
List-Id: **OBSOLETE** FreeBSD Project Webmasters <freebsd-www.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-www>,
 <mailto:freebsd-www-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-www>
List-Post: <mailto:freebsd-www@freebsd.org>
List-Help: <mailto:freebsd-www-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-www>,
 <mailto:freebsd-www-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2013 17:19:49 -0000

This is a multi-part message in MIME format.

------=SPLITOR00A_001_181501234D
Content-Type: text/plain;
	charset="windows-1252"
Content-Transfer-Encoding: quoted-printable

If you no longer wish to receive emails from us click here

To see our complete range of products please visit =
www.Greensideonline.com=20
=2E=A0 Offer open to Trade Counter customer only.=A0 If you are a regular =
Bulk Buyer=20
please call sales on 0844 4931 400 and ask to speak to an account manager =
who=20
will be happy to help you.=A0 We offer Schools, Colleges and Government =
Agencies=20
account facilities if required

Phone: 0844 4931 400=A0=A0|=A0=A0Fax: 0844 4931 401=20
Greenside Romford RM3 8EN


------=SPLITOR00A_001_181501234D--


From owner-freebsd-www@FreeBSD.ORG  Thu Jul 11 21:30:00 2013
Return-Path: <owner-freebsd-www@FreeBSD.ORG>
Delivered-To: freebsd-www@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id A3F70CD4
 for <freebsd-www@smarthost.ysv.freebsd.org>;
 Thu, 11 Jul 2013 21:30:00 +0000 (UTC)
 (envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id 8A43D16FF
 for <freebsd-www@smarthost.ysv.freebsd.org>;
 Thu, 11 Jul 2013 21:30:00 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r6BLU0uJ090548
 for <freebsd-www@freefall.freebsd.org>; Thu, 11 Jul 2013 21:30:00 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r6BLU0wT090547;
 Thu, 11 Jul 2013 21:30:00 GMT (envelope-from gnats)
Resent-Date: Thu, 11 Jul 2013 21:30:00 GMT
Resent-Message-Id: <201307112130.r6BLU0wT090547@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-www@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
 "r4721@tormail.org" <r4721@tormail.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 6F386BB1
 for <freebsd-gnats-submit@FreeBSD.org>; Thu, 11 Jul 2013 21:24:17 +0000 (UTC)
 (envelope-from nobody@FreeBSD.org)
Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121])
 by mx1.freebsd.org (Postfix) with ESMTP id 47B8F16DE
 for <freebsd-gnats-submit@FreeBSD.org>; Thu, 11 Jul 2013 21:24:17 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
 by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id r6BLOGcR026896
 for <freebsd-gnats-submit@FreeBSD.org>; Thu, 11 Jul 2013 21:24:16 GMT
 (envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
 by oldred.freebsd.org (8.14.5/8.14.5/Submit) id r6BLOGQU026895;
 Thu, 11 Jul 2013 21:24:16 GMT (envelope-from nobody)
Message-Id: <201307112124.r6BLOGQU026895@oldred.freebsd.org>
Date: Thu, 11 Jul 2013 21:24:16 GMT
From: "r4721@tormail.org" <r4721@tormail.org>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Subject: www/180482: tls certificates on svn https mirrors cannot be verified
X-BeenThere: freebsd-www@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: **OBSOLETE** FreeBSD Project Webmasters <freebsd-www.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-www>,
 <mailto:freebsd-www-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-www>
List-Post: <mailto:freebsd-www@freebsd.org>
List-Help: <mailto:freebsd-www-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-www>,
 <mailto:freebsd-www-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jul 2013 21:30:00 -0000


>Number:         180482
>Category:       www
>Synopsis:       tls certificates on svn https mirrors cannot be verified
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-www
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 11 21:30:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     r4721@tormail.org
>Release:        
>Organization:
>Environment:
>Description:
the ssl certificates on all https:// svn mirrors cannot be verified because they
are self signed and missing Certificate Sign extended key usage. a self signed
certificate must have this, because signing a certificate with another (even
itself) that is specified not-able-to-sign is not valid.

the certificates seem to have been made with -extensions v3_req which defaultly
does not put keyCertSign. (/etc/ssl/openssl.cnf)

[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

reference:
http://thread.gmane.org/gmane.comp.encryption.openssl.user/48686/focus=48701

keyUsage should have keyCertSign appended (or commented out keyUsage which then
would allow all usages)

> openssl verify -CAfile cert.pem cert.pem 
cert.pem: /C=US/ST=CA/O=FreeBSD.org/OU=clusteradm/CN=svnmir.bme.FreeBSD.org
/emailAddress=clusteradm@FreeBSD.org
error 20 at 0 depth lookup:unable to get local issuer certificate

> openssl x509 -text -noout -in svn0.eu.freebsd.org
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Subject Alternative Name: 
                DNS:svnmir.bme.FreeBSD.org, ...

>How-To-Repeat:
> openssl req -subj /CN=test -nodes -newkey rsa:2048 -x509 -extensions v3_req \
 -out cert.pem -keyout /dev/null
Generating a 2048 bit RSA private key
.........................................+++
........................................................................+++
writing new private key to '/dev/null'
-----

> openssl verify -CAfile cert.pem cert.pem 
cert.pem: /CN=test
error 20 at 0 depth lookup:unable to get local issuer certificate

> openssl x509 -text -noout -in cert.pem
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment

>Fix:
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment, keyCertSign
(or any custom combination of keyUsage options that include keyCertSign)

> openssl req -subj /CN=test -nodes -newkey rsa:2048 -x509 -extensions v3_req \
 -out cert.pem -keyout /dev/null
Generating a 2048 bit RSA private key
..............................................+++
.........+++
writing new private key to '/dev/null'
-----

> openssl verify -CAfile cert.pem cert.pem
cert.pem: OK

> openssl x509 -text -noout -in cert.pem
    X509v3 extensions:
      X509v3 Basic Constraints: 
    CA:FALSE
    X509v3 Key Usage: 
      Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign

>Release-Note:
>Audit-Trail:
>Unformatted: