Re: fatal: unable to access 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/': SSL certificate problem: certificate has expired

2020-05-30 Thread Toralf Förster 
On 5/30/20 7:10 PM, Konstantin Ryabitsev wrote:
> (and the fact that you were seeing it in the first
> place suggests that you should update your openssl library, see
> https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020).
>
> -K
FWIW I do use dev-libs/libressl-3.0.2

--
Toralf

Re: fatal: unable to access 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/': SSL certificate problem: certificate has expired

2020-05-30 Thread Konstantin Ryabitsev 
On Sat, 30 May 2020 at 12:16, Konstantin Ryabitsev
 wrote:
> > > $ curl https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
> > > curl: (60) SSL certificate problem: certificate has expired
> > > More details here: https://curl.haxx.se/docs/sslcerts.html
> > >
> > > curl failed to verify the legitimacy of the server and therefore could not
> > > establish a secure connection to it. To learn more about this situation 
> > > and
> > > how to fix it, please visit the web page mentioned above.
> > >
> >
> > Well, the cert is expired: "notAfter=May 30 10:48:38 2020 GMT"
>
> It's one of the intermediaries. We're replacing that cert right now.

The bad intermediate cert is gone now, so you shouldn't see this
problem any more (and the fact that you were seeing it in the first
place suggests that you should update your openssl library, see
https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020).

-K

Re: fatal: unable to access 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/': SSL certificate problem: certificate has expired

2020-05-30 Thread Konstantin Ryabitsev 
On Sat, May 30, 2020 at 03:47:19PM +0200, Toralf Förster wrote:
> > $ git pull
> > 15:07:08.488836 git.c:439   trace: built-in: git pull
> > 15:07:08.504295 run-command.c:663   trace: run_command: git fetch 
> > --update-head-ok
> > 15:07:08.506481 git.c:439   trace: built-in: git fetch 
> > --update-head-ok
> > 15:07:08.516608 run-command.c:663   trace: run_command: GIT_DIR=.git 
> > git-remote-https origin 
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
> > fatal: unable to access 
> > 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/': SSL 
> > certificate problem: certificate has expired
> >
> > $ curl https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
> > curl: (60) SSL certificate problem: certificate has expired
> > More details here: https://curl.haxx.se/docs/sslcerts.html
> >
> > curl failed to verify the legitimacy of the server and therefore could not
> > establish a secure connection to it. To learn more about this situation and
> > how to fix it, please visit the web page mentioned above.
> >
> 
> Well, the cert is expired: "notAfter=May 30 10:48:38 2020 GMT"

It's one of the intermediaries. We're replacing that cert right now.

-K

Re: fatal: unable to access 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/': SSL certificate problem: certificate has expired

2020-05-30 Thread Toralf Förster 
On 5/30/20 3:07 PM, Toralf Förster wrote:
> :-( :
>
> $ export GIT_TRACE=1
>
> $ git pull
> 15:07:08.488836 git.c:439   trace: built-in: git pull
> 15:07:08.504295 run-command.c:663   trace: run_command: git fetch 
> --update-head-ok
> 15:07:08.506481 git.c:439   trace: built-in: git fetch 
> --update-head-ok
> 15:07:08.516608 run-command.c:663   trace: run_command: GIT_DIR=.git 
> git-remote-https origin 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
> fatal: unable to access 
> 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/': SSL 
> certificate problem: certificate has expired
>
> $ curl https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
> curl: (60) SSL certificate problem: certificate has expired
> More details here: https://curl.haxx.se/docs/sslcerts.html
>
> curl failed to verify the legitimacy of the server and therefore could not
> establish a secure connection to it. To learn more about this situation and
> how to fix it, please visit the web page mentioned above.
>

Well, the cert is expired: "notAfter=May 30 10:48:38 2020 GMT"


echo | openssl s_client -showcerts -connect  git.kernel.org:443
CONNECTED(0003)
depth=1 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = 
AddTrust External CA Root
verify error:num=10:certificate has expired
notAfter=May 30 10:48:38 2020 GMT
verify return:0
depth=1 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = 
AddTrust External CA Root
verify error:num=10:certificate has expired
notAfter=May 30 10:48:38 2020 GMT
verify return:0
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = 
AddTrust External CA Root
verify error:num=10:certificate has expired
notAfter=May 30 10:48:38 2020 GMT
verify return:0
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL Multi-Domain/CN=kernel.org
   i:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
-BEGIN CERTIFICATE-
MIIGszCCBZugAwIBAgIQRF7gFMlJ3UO909a39zv1mzANBgkqhkiG9w0BAQsFADBf
MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w
DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw
HhcNMTkwOTI3MDAwMDAwWhcNMjAwOTI3MjM1OTU5WjBbMSEwHwYDVQQLExhEb21h
aW4gQ29udHJvbCBWYWxpZGF0ZWQxITAfBgNVBAsTGFBvc2l0aXZlU1NMIE11bHRp
LURvbWFpbjETMBEGA1UEAxMKa2VybmVsLm9yZzCCAaIwDQYJKoZIhvcNAQEBBQAD
ggGPADCCAYoCggGBAOD0/Tk0EeH6/ahZQAiBtoMMY8Bxmql2kxJ+smBIP9Yq+MtJ
utc/CeUbnTTnpLDf1nTjqJ6AGyCE+pzw8sPSXKJrY6he1jjCafjsx193KMvqCUty
SZgDdsV7AKr4KjbbQ9CE3tTR1cBKYcCvro4elAXcLbG53qWe/UXwcIPmvwj8n2WW
irMHTr4b+x1Pr7B2Vhc2IHFdnzb43krTXiXuuWCo84281hxO7EIlD3Enjm7rICpU
coldqOaNS3LRkeiR8RrbQfyiqI8XncSykjzVbOZVSVRCvLzRL0MsBKU1F/WMoBYc
ahV92wnYnpGD1s7Wi1eP8ne5+5SPqwS43G4AXxH0hdU7gkHS4i0n7nGmmfRIxD+I
57dvXdnxgSyT21IHp+lMFashblRg8+ZZD5Oy1ouTqBe604FXsjryeQqRUFePTPRB
vYxlg31qne/UUPpo1GcDAjsTv6YSUyUjXoINBQsvpDUgHYkOkHXEyMVRynpBsbJA
p0elmqf4aMr89tn72QIDAQABo4IC7TCCAukwHwYDVR0jBBgwFoAUs5Cn2MmvTs1h
PJ98rV1/Qf1pMOowHQYDVR0OBBYEFLr+wGAi2JEEPCMYIvyjFmMlmLK/MA4GA1Ud
DwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjBLBgNVHSAERDBCMDYGCysGAQQBsjEBAgIaMCcwJQYIKwYBBQUHAgEW
GWh0dHBzOi8vY3BzLnVzZXJ0cnVzdC5jb20wCAYGZ4EMAQIBMEEGA1UdHwQ6MDgw
NqA0oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NM
Q0EyLmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYBBQUHMAKGMGh0dHA6Ly9jcnQu
dXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNydDAlBggrBgEFBQcw
AYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTBdBgNVHREEVjBUggprZXJuZWwu
b3JnghJhcmNoaXZlLmtlcm5lbC5vcmeCDmdpdC5rZXJuZWwub3JnghJtaXJyb3Jz
Lmtlcm5lbC5vcmeCDnd3dy5rZXJuZWwub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB
8gDwAHYAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFtcsuYjgAA
BAMARzBFAiAgbvK3x78RoQXt035wmJqTm/wMFWgfla2ctSyBXLzepAIhAKApjbW3
8p0jlaBkrKQA8eEieenCN5F+PZtm8JSHhAD2AHYAXqdz+d9WwOe1Nkh90EngMnqR
mgyEoRIShBh1loFxRVgAAAFtcsuYsgAABAMARzBFAiEA4JnyL5WAsHHd4WbhqoG6
/C3KFYmZGg04YUFxqAzwbpMCIBjHZMvO/LKSdVcKC45c5FJwc75O/2+7vbkfFAn1
/WV4MA0GCSqGSIb3DQEBCwUAA4IBAQASeh5QNteAKqY+sr7uBTHq56v1MJbbdMO7
QJaCSQd4P2OSQDA83oGfdkj458+d9gMTvBu+pNi1/l0aIz1IMEsuAJNXhN5jLCB/
n1CHaTK5b9Oda96+MejWAiiTNZo1UBLQ5ixNvGp1MHDklELm/supbatSCP65eEpp
E7OI5lLxCLrvsiwUaSKIIO2tEIgwiMkwopdMgwJa7RqljUP7YlYKnAxizOi+yTrA
nXA0OqLtrl5pwnN3Uj/F91X6c6tOvHWkNZ1qPad6r7ZHCP8mq3RFiMeSixiJ6LR2
gtFRKmvMIUIESh60F91+2AeUfCa/tBfOM+PDpsNNaZ+iHHaicAIw
-END CERTIFICATE-
 1 s:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
   i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA 
Certification Authority
-BEGIN CERTIFICATE-
MIIF6TCCA9GgAwIBAgIQBeTcO5Q4qzuFl8umoZhQ4zANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQw
OTEyMDAwMDAwWhcNMjQwOTExMjM1OTU5WjBfMQswCQYD

fatal: unable to access 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/': SSL certificate problem: certificate has expired

2020-05-30 Thread Toralf Förster 
:-( :

$ export GIT_TRACE=1

$ git pull
15:07:08.488836 git.c:439   trace: built-in: git pull
15:07:08.504295 run-command.c:663   trace: run_command: git fetch 
--update-head-ok
15:07:08.506481 git.c:439   trace: built-in: git fetch 
--update-head-ok
15:07:08.516608 run-command.c:663   trace: run_command: GIT_DIR=.git 
git-remote-https origin 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
fatal: unable to access 
'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/': SSL 
certificate problem: certificate has expired

$ curl https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

--
Toralf