[7882] in Release_7.7_team
Re: precise dialup "release candidate"
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Tue Feb 12 23:00:22 2013
Message-Id: <201302130359.r1D3xvQr029989@outgoing.mit.edu>
To: Anders Kaseorg <andersk@MIT.EDU>
cc: Jonathon Weiss <jweiss@MIT.EDU>, release-team@MIT.EDU,
linerva-root@MIT.EDU, ops@MIT.EDU
In-reply-to: <alpine.DEB.2.00.1302062138390.3204@dr-wily.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Date: Tue, 12 Feb 2013 22:59:57 -0500
From: Jonathon Weiss <jweiss@MIT.EDU>
Content-Transfer-Encoding: 8bit
Anders,
Thanks.
cert: I re-orderd the certs though I left all of the pieces there.
typo: fixed, and I also added some additional text from jdreed
patches: great, thanks for conformong that.
Jonathon
Anders Kaseorg <andersk@MIT.EDU> wrote:
> Minor issues with https://test.dialup.mit.edu/:
>
> The missing quote in <a href=http://ist.mit.edu"> causes a broken link to
> http://ist.mit.edu%22.
>
> The SSL certificate chain is in the wrong order
> (http://tools.ietf.org/html/rfc5246#page-48) and has an extraneous entry
> for the self-signed root.
>
> $ openssl s_client -connect test.dialup.mit.edu:443
> …
> Certificate chain
> 0 s:/C=US/postalCode=02139/ST=Ma/L=Cambridge/street=77 Massachusetts
> Ave/O=Massachusetts Institute of Technology/OU=Information Services &
> Technology/CN=*.dialup.mit.edu
> i:/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA
> 1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
> i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
> 2 s:/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA
> i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
>
> Removing AddTrust External CA Root from the chain would resolve this.
>
> Sorry I failed to reply to your earlier mail about patches. It looks like
> you identified the right ones. As for the earlier segfault issues, I
> think they were resolved upstream (r206/d1df9b6).
>
> Anders