svn https access
pete wright
nomadlogic at gmail.com
Wed May 7 20:46:00 UTC 2014
so i am in the process of downloading the fingerprint keys for the new
pkg infrastructure and have noticed that https access to freebsd.org's
SVN repository is using self signed certs?
> openssl s_client -showcerts -connect svn0.us-east.freebsd.org:443
CONNECTED(00000003)
depth=0 C = US, ST = CA, O = FreeBSD.org, OU = clusteradm, CN =
svnmir.ysv.FreeBSD.org, emailAddress = clusteradm at FreeBSD.org
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = CA, O = FreeBSD.org, OU = clusteradm, CN =
svnmir.ysv.FreeBSD.org, emailAddress = clusteradm at FreeBSD.org
verify error:num=21:unable to verify the first certificate
verify return:1
--
Server certificate
subject=/C=US/ST=CA/O=FreeBSD.org/OU=clusteradm/CN=svnmir.ysv.FreeBSD.org/emailAddress=clusteradm at FreeBSD.org
issuer=/C=US/ST=CA/O=FreeBSD.org/OU=clusteradm/CN=svnmir.ysv.FreeBSD.org/emailAddress=clusteradm at FreeBSD.org
---
No client certificate CA names sent
loading that site in firefox gives a warning indicating that the CA is
not registered as well. is this done on purpose? kind of hesitant to
enable pkg fingerprints on my nodes if i could be using a potentially
forged fingerprint.
-pete
--
pete wright
www.nycbug.org
@nomadlogicLA
More information about the freebsd-questions
mailing list