* certificate has expired for https://mandoc.bsd.lv according to curl @ 2022-12-07 19:35 Jon Ronnenberg 2022-12-07 20:14 ` Kristaps Dzonsons 2022-12-07 21:51 ` Raf Czlonka 0 siblings, 2 replies; 6+ messages in thread From: Jon Ronnenberg @ 2022-12-07 19:35 UTC (permalink / raw) To: discuss Here is what I get from curl 7.54.0: curl -vI https://mandoc.bsd.lv/snapshots/mandoc-1.14.6.tar.gz Trying 66.111.2.12... TCP_NODELAY set Connected to mandoc.bsd.lv (66.111.2.12) port 443 (#0) ALPN, offering h2 ALPN, offering http/1.1 Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH successfully set certificate verify locations: CAfile: /etc/ssl/cert.pem CApath: none TLSv1.2 (OUT), TLS handshake, Client hello (1): TLSv1.2 (IN), TLS handshake, Server hello (2): TLSv1.2 (IN), TLS handshake, Certificate (11): TLSv1.2 (OUT), TLS alert, Server hello (2): SSL certificate problem: certificate has expired stopped the pause stream! Closing connection 0 curl: (60) SSL certificate problem: certificate has expired -- To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: certificate has expired for https://mandoc.bsd.lv according to curl 2022-12-07 19:35 certificate has expired for https://mandoc.bsd.lv according to curl Jon Ronnenberg @ 2022-12-07 20:14 ` Kristaps Dzonsons 2022-12-07 20:27 ` Jon Ronnenberg 2022-12-07 21:51 ` Raf Czlonka 1 sibling, 1 reply; 6+ messages in thread From: Kristaps Dzonsons @ 2022-12-07 20:14 UTC (permalink / raw) To: discuss That's my fault for not updating the box in a hot second... I'll get us up to speed asap, which will pull the newest ACME certs. Thank you for reporting this! On 12/7/22 11:35, Jon Ronnenberg wrote: > Here is what I get from curl 7.54.0: > > curl -vI https://mandoc.bsd.lv/snapshots/mandoc-1.14.6.tar.gz > Trying 66.111.2.12... > TCP_NODELAY set > Connected to mandoc.bsd.lv (66.111.2.12) port 443 (#0) > ALPN, offering h2 > ALPN, offering http/1.1 > Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH > successfully set certificate verify locations: > CAfile: /etc/ssl/cert.pem > CApath: none > TLSv1.2 (OUT), TLS handshake, Client hello (1): > TLSv1.2 (IN), TLS handshake, Server hello (2): > TLSv1.2 (IN), TLS handshake, Certificate (11): > TLSv1.2 (OUT), TLS alert, Server hello (2): > SSL certificate problem: certificate has expired > stopped the pause stream! > Closing connection 0 > curl: (60) SSL certificate problem: certificate has expired > -- > To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv > -- To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: certificate has expired for https://mandoc.bsd.lv according to curl 2022-12-07 20:14 ` Kristaps Dzonsons @ 2022-12-07 20:27 ` Jon Ronnenberg 0 siblings, 0 replies; 6+ messages in thread From: Jon Ronnenberg @ 2022-12-07 20:27 UTC (permalink / raw) To: discuss Thank you for responding so quickly! Will you write here when the certificate has been updated? Currently `brew install openssh` is b0rken - and surely many other other "brews" that depends on mandoc. On Wed, Dec 7, 2022 at 9:14 PM Kristaps Dzonsons <kristaps@bsd.lv> wrote: > > That's my fault for not updating the box in a hot second... I'll get us > up to speed asap, which will pull the newest ACME certs. Thank you for > reporting this! > > On 12/7/22 11:35, Jon Ronnenberg wrote: > > Here is what I get from curl 7.54.0: > > > > curl -vI https://mandoc.bsd.lv/snapshots/mandoc-1.14.6.tar.gz > > Trying 66.111.2.12... > > TCP_NODELAY set > > Connected to mandoc.bsd.lv (66.111.2.12) port 443 (#0) > > ALPN, offering h2 > > ALPN, offering http/1.1 > > Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH > > successfully set certificate verify locations: > > CAfile: /etc/ssl/cert.pem > > CApath: none > > TLSv1.2 (OUT), TLS handshake, Client hello (1): > > TLSv1.2 (IN), TLS handshake, Server hello (2): > > TLSv1.2 (IN), TLS handshake, Certificate (11): > > TLSv1.2 (OUT), TLS alert, Server hello (2): > > SSL certificate problem: certificate has expired > > stopped the pause stream! > > Closing connection 0 > > curl: (60) SSL certificate problem: certificate has expired > > -- > > To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv > > > -- > To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv > -- To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: certificate has expired for https://mandoc.bsd.lv according to curl 2022-12-07 19:35 certificate has expired for https://mandoc.bsd.lv according to curl Jon Ronnenberg 2022-12-07 20:14 ` Kristaps Dzonsons @ 2022-12-07 21:51 ` Raf Czlonka 2022-12-08 10:19 ` Jon Ronnenberg 1 sibling, 1 reply; 6+ messages in thread From: Raf Czlonka @ 2022-12-07 21:51 UTC (permalink / raw) To: discuss Hi Jon, On Wed, Dec 07, 2022 at 07:35:07PM GMT, Jon Ronnenberg wrote: > Here is what I get from curl 7.54.0: > > curl -vI https://mandoc.bsd.lv/snapshots/mandoc-1.14.6.tar.gz > Trying 66.111.2.12... > TCP_NODELAY set > Connected to mandoc.bsd.lv (66.111.2.12) port 443 (#0) > ALPN, offering h2 > ALPN, offering http/1.1 > Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH Is the above set in your .curlrc? > successfully set certificate verify locations: > CAfile: /etc/ssl/cert.pem > CApath: none > TLSv1.2 (OUT), TLS handshake, Client hello (1): > TLSv1.2 (IN), TLS handshake, Server hello (2): > TLSv1.2 (IN), TLS handshake, Certificate (11): > TLSv1.2 (OUT), TLS alert, Server hello (2): > SSL certificate problem: certificate has expired > stopped the pause stream! > Closing connection 0 > curl: (60) SSL certificate problem: certificate has expired I can't reproduce it - it works fine with curl packages for OpenBSD-current, macOS 13.0.1, and Ubuntu 20.04 LTS. Regards, Raf -- To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: certificate has expired for https://mandoc.bsd.lv according to curl 2022-12-07 21:51 ` Raf Czlonka @ 2022-12-08 10:19 ` Jon Ronnenberg 2022-12-08 10:28 ` Raf Czlonka 0 siblings, 1 reply; 6+ messages in thread From: Jon Ronnenberg @ 2022-12-08 10:19 UTC (permalink / raw) To: discuss Thanks for looking into this Raf. It might be that it's an issue with my very old mac. The latest supported OS is macOS 10.13.6 High Sierra. I don't have a .curlrc. But I've just upgraded curl to 7.86.0 and it seems to work now. curl -vI https://mandoc.bsd.lv/snapshots/mandoc-1.14.6.tar.gz * Trying 66.111.2.12:443... * Connected to mandoc.bsd.lv (66.111.2.12) port 443 (#0) * ALPN: offers h2 * ALPN: offers http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305 * ALPN: server did not agree on a protocol. Uses default. * Server certificate: * subject: CN=bsd.lv * start date: Nov 5 07:30:24 2022 GMT * expire date: Feb 3 07:30:23 2023 GMT * subjectAltName: host "mandoc.bsd.lv" matched cert's "mandoc.bsd.lv" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok. > HEAD /snapshots/mandoc-1.14.6.tar.gz HTTP/1.1 > Host: mandoc.bsd.lv > User-Agent: curl/7.86.0 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK HTTP/1.1 200 OK < Connection: keep-alive Connection: keep-alive < Content-Length: 697150 Content-Length: 697150 < Content-Type: application/octet-stream Content-Type: application/octet-stream < Date: Thu, 08 Dec 2022 10:12:29 GMT Date: Thu, 08 Dec 2022 10:12:29 GMT < Last-Modified: Thu, 23 Sep 2021 18:03:53 GMT Last-Modified: Thu, 23 Sep 2021 18:03:53 GMT < Server: OpenBSD httpd Server: OpenBSD httpd < * Connection #0 to host mandoc.bsd.lv left intact Sorry for the noise. On Wed, Dec 7, 2022 at 10:52 PM Raf Czlonka <rczlonka@gmail.com> wrote: > > Hi Jon, > > On Wed, Dec 07, 2022 at 07:35:07PM GMT, Jon Ronnenberg wrote: > > Here is what I get from curl 7.54.0: > > > > curl -vI https://mandoc.bsd.lv/snapshots/mandoc-1.14.6.tar.gz > > Trying 66.111.2.12... > > TCP_NODELAY set > > Connected to mandoc.bsd.lv (66.111.2.12) port 443 (#0) > > ALPN, offering h2 > > ALPN, offering http/1.1 > > Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH > > Is the above set in your .curlrc? > > > successfully set certificate verify locations: > > CAfile: /etc/ssl/cert.pem > > CApath: none > > TLSv1.2 (OUT), TLS handshake, Client hello (1): > > TLSv1.2 (IN), TLS handshake, Server hello (2): > > TLSv1.2 (IN), TLS handshake, Certificate (11): > > TLSv1.2 (OUT), TLS alert, Server hello (2): > > SSL certificate problem: certificate has expired > > stopped the pause stream! > > Closing connection 0 > > curl: (60) SSL certificate problem: certificate has expired > > I can't reproduce it - it works fine with curl packages for > OpenBSD-current, macOS 13.0.1, and Ubuntu 20.04 LTS. > > Regards, > > Raf > -- > To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv > -- To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: certificate has expired for https://mandoc.bsd.lv according to curl 2022-12-08 10:19 ` Jon Ronnenberg @ 2022-12-08 10:28 ` Raf Czlonka 0 siblings, 0 replies; 6+ messages in thread From: Raf Czlonka @ 2022-12-08 10:28 UTC (permalink / raw) To: discuss On Thu, Dec 08, 2022 at 10:19:54AM GMT, Jon Ronnenberg wrote: > Thanks for looking into this Raf. > It might be that it's an issue with my very old mac. The latest > supported OS is macOS 10.13.6 High Sierra. > > I don't have a .curlrc. But I've just upgraded curl to 7.86.0 and it > seems to work now. Yup, it seems like an older version of macOS vs certificate chain - something's missing in the former. > Sorry for the noise. NP :^) Regards, Raf -- To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-12-08 10:28 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-12-07 19:35 certificate has expired for https://mandoc.bsd.lv according to curl Jon Ronnenberg 2022-12-07 20:14 ` Kristaps Dzonsons 2022-12-07 20:27 ` Jon Ronnenberg 2022-12-07 21:51 ` Raf Czlonka 2022-12-08 10:19 ` Jon Ronnenberg 2022-12-08 10:28 ` Raf Czlonka
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).