[LLVMdev] New Certificate Installed; llvm.org Back Up; Issues Linger

John Criswell criswell at illinois.edu
Wed Jun 29 11:46:50 PDT 2011 

On 6/29/11 1:43 PM, Garrison Venn wrote:
> Any issues with permanently accepting the intermediate certificate, which I did this morning,
> when getting the message?

No, I haven't seen any issues with just permanently accepting the 
certificate.  It's just that not needing to override a certificate 
warning is more ideal (and safer).

-- John T.

> Thanks in advance
>
> Garrison
>
> On Jun 29, 2011, at 12:13, John Criswell wrote:
>
>> On 6/28/11 3:56 PM, John Criswell wrote:
>>> Dear All,
>>>
>>> The good news is that the new llvm.org SSL certificate is installed and
>>> appears to be configured correctly.
>> As a followup to this, I discovered that I was using the MacPorts
>> version of the svn client on our Mac OS X system.  Using the svn client
>> in /usr/bin/svn seems to recognize the certificate just fine.
>>
>> The pattern that I'm seeing is that newer versions of svn (e.g., 1.6.13
>> and 1.6.16) seem to work while older versions (1.5.4 and 1.6.12) do not.
>>
>> If you're having trouble with the new certificate, upgrading svn might
>> fix it.
>>
>> -- John T.
>>
>>> The bad news is that some machines seem to recognize the intermediate
>>> SSL certificate (which is apparently used to sign the SSL certificates
>>> UIUC buys starting this year) while others do not.  In particular, our
>>> internal Linux machines show no errors, while our Macs and llvm.org's
>>> SVN client do.
>>>
>>> If you see this error message:
>>>
>>> Error validating server certificate for 'https://llvm.org:443':
>>>    - The certificate is not issued by a trusted authority. Use the
>>>      fingerprint to validate the certificate manually!
>>> Certificate information:
>>>    - Hostname: llvm.org
>>>    - Valid: from Tue, 21 Jun 2011 00:00:00 GMT until Fri, 20 Jun 2014
>>> 23:59:59 GMT
>>>    - Issuer: InCommon, Internet2, US
>>>    - Fingerprint: 3e:a5:0e:1c:c8:fb:71:41:06:71:e8:ac:fc:c5:be:97:4a:21:01:2e
>>> (R)eject, accept (t)emporarily or accept (p)ermanently?
>>>
>>> ... then your client is not happy with the intermediate SSL certificate,
>>> but you should be able to accept the certificate and continue using SVN.
>>>
>>> I've decided to keep the new SSL certificate installed since a cert that
>>> works for some (hopefully most) LLVM users is better than an expired
>>> cert that flags a warning for everyone (Tanya, if you disagree, please
>>> feel free to revert the change).  In the meantime, I'll talk to the IT
>>> people who renewed our certificate and see if they know what's causing
>>> this issue.
>>>
>>> Sorry for the inconvenience.
>>>
>>> -- John T.
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> LLVM Developers mailing list
>>> LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
>>> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
>> _______________________________________________
>> LLVM Developers mailing list
>> LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev

More information about the llvm-dev mailing list