[LLVMdev] New Certificate Installed; llvm.org Back Up; Issues Linger

Garrison Venn gvenn.cfe.dev at gmail.com
Wed Jun 29 11:43:26 PDT 2011 

Any issues with permanently accepting the intermediate certificate, which I did this morning, 
when getting the message? 

Thanks in advance

Garrison

On Jun 29, 2011, at 12:13, John Criswell wrote:

> On 6/28/11 3:56 PM, John Criswell wrote:
>> Dear All,
>> 
>> The good news is that the new llvm.org SSL certificate is installed and
>> appears to be configured correctly.
> 
> As a followup to this, I discovered that I was using the MacPorts 
> version of the svn client on our Mac OS X system.  Using the svn client 
> in /usr/bin/svn seems to recognize the certificate just fine.
> 
> The pattern that I'm seeing is that newer versions of svn (e.g., 1.6.13 
> and 1.6.16) seem to work while older versions (1.5.4 and 1.6.12) do not.
> 
> If you're having trouble with the new certificate, upgrading svn might 
> fix it.
> 
> -- John T.
> 
>> The bad news is that some machines seem to recognize the intermediate
>> SSL certificate (which is apparently used to sign the SSL certificates
>> UIUC buys starting this year) while others do not.  In particular, our
>> internal Linux machines show no errors, while our Macs and llvm.org's
>> SVN client do.
>> 
>> If you see this error message:
>> 
>> Error validating server certificate for 'https://llvm.org:443':
>>   - The certificate is not issued by a trusted authority. Use the
>>     fingerprint to validate the certificate manually!
>> Certificate information:
>>   - Hostname: llvm.org
>>   - Valid: from Tue, 21 Jun 2011 00:00:00 GMT until Fri, 20 Jun 2014
>> 23:59:59 GMT
>>   - Issuer: InCommon, Internet2, US
>>   - Fingerprint: 3e:a5:0e:1c:c8:fb:71:41:06:71:e8:ac:fc:c5:be:97:4a:21:01:2e
>> (R)eject, accept (t)emporarily or accept (p)ermanently?
>> 
>> ... then your client is not happy with the intermediate SSL certificate,
>> but you should be able to accept the certificate and continue using SVN.
>> 
>> I've decided to keep the new SSL certificate installed since a cert that
>> works for some (hopefully most) LLVM users is better than an expired
>> cert that flags a warning for everyone (Tanya, if you disagree, please
>> feel free to revert the change).  In the meantime, I'll talk to the IT
>> people who renewed our certificate and see if they know what's causing
>> this issue.
>> 
>> Sorry for the inconvenience.
>> 
>> -- John T.
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> LLVM Developers mailing list
>> LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
> 
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev

More information about the llvm-dev mailing list