[7880] in Release_7.7_team
Re: precise dialup "release candidate"
daemon@ATHENA.MIT.EDU (Anders Kaseorg)
Wed Feb 6 21:59:23 2013
Date: Wed, 6 Feb 2013 21:59:14 -0500 (EST)
From: Anders Kaseorg <andersk@MIT.EDU>
To: Jonathon Weiss <jweiss@MIT.EDU>
cc: release-team@MIT.EDU, linerva-root@MIT.EDU, ops@MIT.EDU
In-Reply-To: <201302062131.r16LVSUd018147@outgoing.mit.edu>
Message-ID: <alpine.DEB.2.00.1302062138390.3204@dr-wily.mit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=UTF-8
Content-Transfer-Encoding: 8bit
Minor issues with https://test.dialup.mit.edu/:
The missing quote in <a href=http://ist.mit.edu"> causes a broken link to
http://ist.mit.edu%22.
The SSL certificate chain is in the wrong order
(http://tools.ietf.org/html/rfc5246#page-48) and has an extraneous entry
for the self-signed root.
$ openssl s_client -connect test.dialup.mit.edu:443
…
Certificate chain
0 s:/C=US/postalCode=02139/ST=Ma/L=Cambridge/street=77 Massachusetts
Ave/O=Massachusetts Institute of Technology/OU=Information Services &
Technology/CN=*.dialup.mit.edu
i:/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA
1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
2 s:/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
Removing AddTrust External CA Root from the chain would resolve this.
Sorry I failed to reply to your earlier mail about patches. It looks like
you identified the right ones. As for the earlier segfault issues, I
think they were resolved upstream (r206/d1df9b6).
Anders