From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/77817 Path: news.gmane.org!not-for-mail From: Greg Troxel Newsgroups: gmane.emacs.gnus.general Subject: Re: SSL certificate issues for git.gnus.org Date: Wed, 16 Mar 2011 07:31:35 -0400 Message-ID: References: <87sk71o198.fsf@lifelogs.com> <87sjvb7p4z.fsf@lifelogs.com> <8762s7n3gq.fsf@topper.koldfront.dk> <87fwrb67zq.fsf@lifelogs.com> <87wrknlnz4.fsf@topper.koldfront.dk> <8739n80x9j.fsf@lifelogs.com> <871v2rg9g4.fsf@dod.no> <87wrkj15yb.fsf@lifelogs.com> <87bp1m3kpx.fsf@lifelogs.com> <87lj0ne2cq.fsf@latte.josefsson.org> <877hc663xo.fsf@latte.josefsson.org> <87sjuuiqj0.fsf@lifelogs.com> <87lj0mfbca.fsf@latte.josefsson.org> <87y64i2i3e.fsf@latte.josefsson.org> <87tyf42wwr.fsf@lifelogs.com> <87pqpr49go.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" X-Trace: dough.gmane.org 1300275120 17550 80.91.229.12 (16 Mar 2011 11:32:00 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Wed, 16 Mar 2011 11:32:00 +0000 (UTC) Cc: ding@gnus.org To: Ted Zlatanov Original-X-From: ding-owner+M26137@lists.math.uh.edu Wed Mar 16 12:31:55 2011 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1PzoxH-0007bV-AN for ding-account@gmane.org; Wed, 16 Mar 2011 12:31:55 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1PzoxG-0000Bd-AI; Wed, 16 Mar 2011 06:31:54 -0500 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1PzoxE-0000BH-NW for ding@lists.math.uh.edu; Wed, 16 Mar 2011 06:31:52 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx1.math.uh.edu with esmtp (Exim 4.72) (envelope-from ) id 1PzoxA-0003VC-05 for ding@lists.math.uh.edu; Wed, 16 Mar 2011 06:31:52 -0500 Original-Received: from linuxpal.mit.edu ([18.62.1.14]) by quimby.gnus.org with esmtp (Exim 4.72) (envelope-from ) id 1Pzox8-00033v-9V for ding@gnus.org; Wed, 16 Mar 2011 12:31:46 +0100 Original-Received: by linuxpal.mit.edu (Postfix, from userid 9545) id 139DC16072; Wed, 16 Mar 2011 07:31:45 -0400 (EDT) X-Hashcash: 1:20:110316:ding@gnus.org::JFVBPRXF08HPdNYn:00001j62 X-Hashcash: 1:20:110316:tzz@lifelogs.com::JFVBPRXF08HPdNYn:03m4d In-Reply-To: <87pqpr49go.fsf@lifelogs.com> (Ted Zlatanov's message of "Wed, 16 Mar 2011 05:59:35 -0500") User-Agent: Gnus/5.110014 (No Gnus v0.14) Emacs/23.2 (berkeley-unix) X-Spam-Score: -4.9 (----) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:77817 Archived-At: --=-=-= Content-Type: text/plain I'm no expert on SSL certificates but I think I did this correctly and curl is happy (thus Git too) with https://git.gnus.org The "CAcert Class 3 Root" is the issuer of the git.gnus.org certificate and the "CA Cert Signing Authority" is next in the chain, as shown by Chrome. So I think they are all offered by the server correctly. I didn't have time to update the docs this morning, but please let me know if there's a problem with the setup. I changed .git/config to edit remote to https for git.gnus.org, and then got a cert failure. I then installed the cacert root ca in /etc/openssl/certs (NetBSD), and git remote update now prompts for a password. So I think the cert is fine anonymous fetching over https doesn't work (and maybe it's not intended to work) --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (NetBSD) iEYEARECAAYFAk2An5cACgkQH9p66AmO1g7hDwCaA8eT+yd1qbe70mY88X0YlBee XWIAnj3E1oQT1gLeUHvy1I4GDAq7R9qa =dUqf -----END PGP SIGNATURE----- --=-=-=--