[LLVMdev] New Certificate Installed; llvm.org Back Up; Issues Linger
Garrison Venn
gvenn.cfe.dev at gmail.com
Wed Jun 29 11:43:26 PDT 2011
Any issues with permanently accepting the intermediate certificate, which I did this morning,
when getting the message?
Thanks in advance
Garrison
On Jun 29, 2011, at 12:13, John Criswell wrote:
> On 6/28/11 3:56 PM, John Criswell wrote:
>> Dear All,
>>
>> The good news is that the new llvm.org SSL certificate is installed and
>> appears to be configured correctly.
>
> As a followup to this, I discovered that I was using the MacPorts
> version of the svn client on our Mac OS X system. Using the svn client
> in /usr/bin/svn seems to recognize the certificate just fine.
>
> The pattern that I'm seeing is that newer versions of svn (e.g., 1.6.13
> and 1.6.16) seem to work while older versions (1.5.4 and 1.6.12) do not.
>
> If you're having trouble with the new certificate, upgrading svn might
> fix it.
>
> -- John T.
>
>> The bad news is that some machines seem to recognize the intermediate
>> SSL certificate (which is apparently used to sign the SSL certificates
>> UIUC buys starting this year) while others do not. In particular, our
>> internal Linux machines show no errors, while our Macs and llvm.org's
>> SVN client do.
>>
>> If you see this error message:
>>
>> Error validating server certificate for 'https://llvm.org:443':
>> - The certificate is not issued by a trusted authority. Use the
>> fingerprint to validate the certificate manually!
>> Certificate information:
>> - Hostname: llvm.org
>> - Valid: from Tue, 21 Jun 2011 00:00:00 GMT until Fri, 20 Jun 2014
>> 23:59:59 GMT
>> - Issuer: InCommon, Internet2, US
>> - Fingerprint: 3e:a5:0e:1c:c8:fb:71:41:06:71:e8:ac:fc:c5:be:97:4a:21:01:2e
>> (R)eject, accept (t)emporarily or accept (p)ermanently?
>>
>> ... then your client is not happy with the intermediate SSL certificate,
>> but you should be able to accept the certificate and continue using SVN.
>>
>> I've decided to keep the new SSL certificate installed since a cert that
>> works for some (hopefully most) LLVM users is better than an expired
>> cert that flags a warning for everyone (Tanya, if you disagree, please
>> feel free to revert the change). In the meantime, I'll talk to the IT
>> people who renewed our certificate and see if they know what's causing
>> this issue.
>>
>> Sorry for the inconvenience.
>>
>> -- John T.
>>
>>
>>
>>
>>
>> _______________________________________________
>> LLVM Developers mailing list
>> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
>
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
More information about the llvm-dev
mailing list