On Sat, 12 Jan 2019 at 07:56, Ankur Sinha <[email protected]> wrote:
> Hello,
>
> When I try to access a few fedora related resources from my university
> network, I tend to get certificate errors. I was getting these from
> fedoramagazine.org, then from meetbot, and I got one when running
> `fedpkg build` that really freaked me out:
>
> $ fedpkg build
> Could not execute build: The connection to PDC failed while trying to get
> the active release branches. The error was: HTTPSConnectionPool(host='
> pdc.fedoraproject.org', port=443): Max retries exceeded with url:
> /rest_api/v1/component-branches/?global_component=lifeograph&fields=name&fields=active
> (Caused by SSLError(SSLCertVerificationError("hostname '
> pdc.fedoraproject.org' doesn't match either of 'phishing-alert.herts.ac.uk',
> 'www.phishing-alert.herts.ac.uk', 'f5-phishing-alert.herts.ac.uk'")))
>
> I tried it again, and it worked (phew!), but I haven't been able to get
> fedoramagazine to work at all.
>
> I've filed a ticket with university IT already. Their initial comment
> was: "site is report (sic) to be using an invalid certificate. It is not
> blocked manually by UH", which is probably inaccurate given that we have
> no issues with these web resources outside the university network.
>
> Would anyone have any hints on what they may be doing? I know it's a
> hard problem to diagnose without knowing what the university IT is upto,
> but any hints that I could pass on to them would be appreciated.
>
>
What you are seeing is someone intercepting the traffic between you and the
real servers. This could be anything from an ASN BGP attack to a security
tool which is to look for phishing, botnets, or other traffic. [Depending
on the place, traffic at universities can be 20-65% botnet traffic because
they usually have a large pipe and rules to not stop research.] I am going
to lean towards this being that the university has put in a f5 proxy tool
to try to stop that traffic by redirecting any certs it finds troublesome
as bad. [And I am going to guess that Let's Encrypt is being treated as
troublesome.]
> --
> Thanks,
> Regards,
>
> Ankur Sinha "FranciscoD"
> https://fedoraproject.org/wiki/User:Ankursinha
>
> Time zone: Europe/London
> _______________________________________________
> infrastructure mailing list -- [email protected]
> To unsubscribe send an email to
> [email protected]
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/[email protected]
>
--
Stephen J Smoogen.
_______________________________________________
infrastructure mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
