[7882] in Release_7.7_team

home help back first fref pref prev next nref lref last post

Re: precise dialup "release candidate"

daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Tue Feb 12 23:00:22 2013

Message-Id: <201302130359.r1D3xvQr029989@outgoing.mit.edu>
To: Anders Kaseorg <andersk@MIT.EDU>
cc: Jonathon Weiss <jweiss@MIT.EDU>, release-team@MIT.EDU,
        linerva-root@MIT.EDU, ops@MIT.EDU
In-reply-to: <alpine.DEB.2.00.1302062138390.3204@dr-wily.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Date: Tue, 12 Feb 2013 22:59:57 -0500
From: Jonathon Weiss <jweiss@MIT.EDU>
Content-Transfer-Encoding: 8bit


Anders,

Thanks.

cert: I re-orderd the certs though I left all of the pieces there.

typo: fixed, and I also added some additional text from jdreed

patches: great, thanks for conformong that.

	Jonathon


Anders Kaseorg <andersk@MIT.EDU> wrote:

> Minor issues with https://test.dialup.mit.edu/:
> 
> The missing quote in <a href=http://ist.mit.edu"> causes a broken link to 
> http://ist.mit.edu%22.
> 
> The SSL certificate chain is in the wrong order 
> (http://tools.ietf.org/html/rfc5246#page-48) and has an extraneous entry 
> for the self-signed root.
> 
> $ openssl s_client -connect test.dialup.mit.edu:443
> …
> Certificate chain
>  0 s:/C=US/postalCode=02139/ST=Ma/L=Cambridge/street=77 Massachusetts 
> Ave/O=Massachusetts Institute of Technology/OU=Information Services & 
> Technology/CN=*.dialup.mit.edu
>    i:/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA
>  1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
>    i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
>  2 s:/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA
>    i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
> 
> Removing AddTrust External CA Root from the chain would resolve this.
> 
> Sorry I failed to reply to your earlier mail about patches.  It looks like 
> you identified the right ones.  As for the earlier segfault issues, I 
> think they were resolved upstream (r206/d1df9b6).
> 
> Anders


home help back first fref pref prev next nref lref last post