[LLVMdev] New Certificate Installed; llvm.org Back Up; Issues Linger

John Criswell criswell at illinois.edu
Wed Jun 29 09:13:39 PDT 2011 

On 6/28/11 3:56 PM, John Criswell wrote:
> Dear All,
>
> The good news is that the new llvm.org SSL certificate is installed and
> appears to be configured correctly.

As a followup to this, I discovered that I was using the MacPorts 
version of the svn client on our Mac OS X system.  Using the svn client 
in /usr/bin/svn seems to recognize the certificate just fine.

The pattern that I'm seeing is that newer versions of svn (e.g., 1.6.13 
and 1.6.16) seem to work while older versions (1.5.4 and 1.6.12) do not.

If you're having trouble with the new certificate, upgrading svn might 
fix it.

-- John T.

> The bad news is that some machines seem to recognize the intermediate
> SSL certificate (which is apparently used to sign the SSL certificates
> UIUC buys starting this year) while others do not.  In particular, our
> internal Linux machines show no errors, while our Macs and llvm.org's
> SVN client do.
>
> If you see this error message:
>
> Error validating server certificate for 'https://llvm.org:443':
>    - The certificate is not issued by a trusted authority. Use the
>      fingerprint to validate the certificate manually!
> Certificate information:
>    - Hostname: llvm.org
>    - Valid: from Tue, 21 Jun 2011 00:00:00 GMT until Fri, 20 Jun 2014
> 23:59:59 GMT
>    - Issuer: InCommon, Internet2, US
>    - Fingerprint: 3e:a5:0e:1c:c8:fb:71:41:06:71:e8:ac:fc:c5:be:97:4a:21:01:2e
> (R)eject, accept (t)emporarily or accept (p)ermanently?
>
> ... then your client is not happy with the intermediate SSL certificate,
> but you should be able to accept the certificate and continue using SVN.
>
> I've decided to keep the new SSL certificate installed since a cert that
> works for some (hopefully most) LLVM users is better than an expired
> cert that flags a warning for everyone (Tanya, if you disagree, please
> feel free to revert the change).  In the meantime, I'll talk to the IT
> people who renewed our certificate and see if they know what's causing
> this issue.
>
> Sorry for the inconvenience.
>
> -- John T.
>
>
>
>
>
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev

More information about the llvm-dev mailing list