On 13/01/16 23:56, bugzi...@apache.org wrote: > https://bz.apache.org/bugzilla/show_bug.cgi?id=55808 > > --- Comment #9 from Yann Ylavic <ylavic....@gmail.com> --- (In > reply to Tom Fredrik Blenning from comment #7) >> Both the SHA-1 checksums and the download are linked to http >> addresses, but the equivalent https addresses are available. > > No digest/signature is "linked" to any address, to the tarball > only.
http://www.apache.org/dist/httpd/httpd-2.4.18.tar.bz2.sha1 >> >> It just so happens that the https addresses do not have a valid >> security certificate which is a second bug. > > Could you elaborate? No alert when I access > https://www.apache.org/dist/httpd/httpd-2.4.18.tar.bz2.sha1 from > here. So I start out at https://httpd.apache.org/download.cgi The two relevant links from this page are: http://www.eu.apache.org/dist//httpd/httpd-2.4.18.tar.bz2 http://www.apache.org/dist/httpd/httpd-2.4.18.tar.bz2.sha1 Obviously both are http addresses, so that's the first error when linked from https. Replacing http with https for both links works, but for the former: https://www.eu.apache.org/dist//httpd/httpd-2.4.18.tar.bz2 there is a certificate error. Firefox: (Error code: ssl_error_bad_cert_domain) See also: https://www.sslshopper.com/ssl-checker.html#hostname=www.eu.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
