I've updated the dashboard (https://rud.is/r-project-cert-status/) script and my notifier script to account for the entire chain in each cert.
On Sat, May 30, 2020 at 5:16 PM Bob Rudis <b...@rud.is> wrote: > > # A tibble: 13 x 1 > site > <chr> > 1 beta.r-project.org > 2 bugs.r-project.org > 3 cran-archive.r-project.org > 4 cran.r-project.org > 5 developer.r-project.org > 6 ess.r-project.org > 7 ftp.cran.r-project.org > 8 journal.r-project.org > 9 r-project.org > 10 svn.r-project.org > 11 user2011.r-project.org > 12 www.cran.r-project.org > 13 www.r-project.org > > is the whole list b/c of the wildcard cert. > > On Sat, May 30, 2020 at 5:07 PM Bob Rudis <b...@rud.is> wrote: > > > > It's the top of chain CA cert, so browsers are being lazy and helpful > > to humans by (incorrectly, albeit) relying on the existing trust > > relationship. > > > > libcurl (et al) is not nearly as forgiving. > > > > On Sat, May 30, 2020 at 5:01 PM peter dalgaard <pda...@gmail.com> wrote: > > > > > > Odd. Safari has no problem and says certificate expires August 16 2020, > > > but I also see the download.file issue with 4.0.1 beta: > > > > > > > download.file("https://www.r-project.org", tempfile()) > > > trying URL 'https://www.r-project.org' > > > Error in download.file("https://www.r-project.org", tempfile()) : > > > cannot open URL 'https://www.r-project.org' > > > In addition: Warning message: > > > In download.file("https://www.r-project.org", tempfile()) : > > > URL 'https://www.r-project.org/': status was 'Peer certificate cannot > > > be authenticated with given CA certificates' > > > > > > (note slightly different error message). > > > > > > svn is also affected: > > > > > > Peters-MacBook-Air:R pd$ svn up > > > Updating '.': > > > Error validating server certificate for 'https://svn.r-project.org:443': > > > - The certificate has expired. > > > Certificate information: > > > - Hostname: *.r-project.org > > > - Valid: from Aug 16 00:00:00 2018 GMT until Aug 15 23:59:59 2020 GMT > > > - Issuer: COMODO RSA Domain Validation Secure Server CA, COMODO CA > > > Limited, Salford, Greater Manchester, GB > > > - Fingerprint: > > > 93:B8:AF:9F:0A:67:2F:3A:C9:BA:FF:86:BB:2C:08:47:02:7F:1D:8D > > > (R)eject, accept (t)emporarily or accept (p)ermanently? t > > > U src/library/grid/R/grob.R > > > .... > > > > > > ssltest shows two certificates of which only one is expired? > > > > > > -pd > > > > > > > > > > > > > On 30 May 2020, at 22:17 , Gábor Csárdi <csardi.ga...@gmail.com> wrote: > > > > > > > > On macOS 10.15.5 and R-devel: > > > > > > > >> download.file("https://www.r-project.org", tempfile()) > > > > trying URL 'https://www.r-project.org' > > > > Error in download.file("https://www.r-project.org", tempfile()) : > > > > cannot open URL 'https://www.r-project.org' > > > > In addition: Warning message: > > > > In download.file("https://www.r-project.org", tempfile()) : > > > > URL 'https://www.r-project.org': status was 'SSL peer certificate or > > > > SSH remote key was not OK' > > > > > > > > https://www.ssllabs.com/ssltest says: > > > > > > > > COMODO RSA Certification Authority > > > > Fingerprint SHA256: > > > > 4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da > > > > Pin SHA256: grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME= > > > > Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51 > > > > minutes ago) EXPIRED > > > > > > > > AFAICT this is the reason: > > > > https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020 > > > > > > > > FYI, > > > > Gabor > > > > > > > > ______________________________________________ > > > > R-devel@r-project.org mailing list > > > > https://stat.ethz.ch/mailman/listinfo/r-devel > > > > > > -- > > > Peter Dalgaard, Professor, > > > Center for Statistics, Copenhagen Business School > > > Solbjerg Plads 3, 2000 Frederiksberg, Denmark > > > Phone: (+45)38153501 > > > Office: A 4.23 > > > Email: pd....@cbs.dk Priv: pda...@gmail.com > > > > > > ______________________________________________ > > > R-devel@r-project.org mailing list > > > https://stat.ethz.ch/mailman/listinfo/r-devel ______________________________________________ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel