Re: [pca] getupdates.oracle.com now available for testing!
On Sun, Nov 21, 2010 at 12:04 PM, Dennis Clarke wrote: > > > > Does anyone know, I mean really know, when Oracle will get its act > together on this simple yet critical service ? > > Hi Dennis, My understanding from the above thread is that the new method/url will not go live for production use until December 10th and that the old way should be used until at least then. Or am I misunderstanding? But even if that's correct am I reading the thread correctly that using the old method via "https" is not working? If so, is that some unrelated problem? Either way, can it be fixed? Or am I misunderstanding again? Jon > > -- > Dennis Clarke > dcla...@opensolaris.ca <- Email related to the open source Solaris > dcla...@blastwave.org <- Email related to open source for Solaris > > > >
Re: [pca] getupdates.oracle.com now available for testing!
> The https server at sunsolve.sun.com doesn't respond, but > http works. At least for me. That is somewhat bizarre. This is like watching an old well loved building collapse in slow motion. :-( So then ... here is what I did. On my server ( with a valid contract ) I did the following : 1) fetch the patchdiag.xref from good ol SunSolve that worked for the moment 2) run PCA t determine that patches have updated since June 19th which is when I last applied patches to this server. 3) look at list 4) look at the report for patches needed : # cat patch_report_missing Using /export/medusa/root/pca_data/xref/patchdiag.xref from Nov/19/10 Host: deimos (SunOS 5.10/Generic_142901-14/i386/i86pc) List: missing (157/8633) Patch IR CR RSB Age Synopsis -- -- - -- --- --- --- 119255 73 < 77 RS- 5 SunOS 5.10_x86: Install and Patch Utilities Patch 5) I then attempt to fetch the patch from Sunsolve with good ol PCA and watch that fail miserbly. 6) I read http://sunsolve.sun.com/search/document.do?assetkey=1-79-1199543.1-1 7) I then fetch the certificates file : # /opt/csw/bin/wget http://sunsolve.sun.com/search/document.do\?attach=yes\&assetkey=urn:cds:attach:cds/attachments/pshsure/1199543.1/WGET3_getupdates.pem 8) I put that someplace that I can get to later # mv document.do\?attach=yes\&assetkey=urn:cds:attach:cds%2Fattachments%2Fpshsure%2F1199543.1%2FWGET3_getupdates.pem $PCA_XREFDIR/getupdates.pem 9) I look at the cert file : # head $PCA_XREFDIR/getupdates.pem -BEGIN CERTIFICATE- MIIEdzCCA+CgAwIBAgIQeFTJcTtAoD2TTksbfyZhcDANBgkqhkiG9w0BAQUFADCB ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0x MDA0MTMwMDAwMDBaFw0xMTA1MDUyMzU5NTlaMIG4MQswCQYDVQQGEwJVUzETMBEG A1UECBMKQ2FsaWZvcm5pYTEXMBUGA1UEBxQOUmVkd29vZCBTaG9yZXMxGzAZBgNV BAoUEk9yYWNsZSBDb3Jwb3JhdGlvbjESMBAGA1UECxQJR2xvYmFsIElUMTMwMQYD VQQLFCpUZXJtcyBvZiB1c2UgYXQgd3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpMTAx # # /opt/csw/bin/openssl x509 -text -in $PCA_XREFDIR/getupdates.pem Certificate: Data: Version: 3 (0x2) Serial Number: 78:54:c9:71:3b:40:a0:3d:93:4e:4b:1b:7f:26:61:70 Signature Algorithm: sha1WithRSAEncryption Issuer: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign Validity Not Before: Apr 13 00:00:00 2010 GMT Not After : May 5 23:59:59 2011 GMT Subject: C=US, ST=California, L=Redwood Shores, O=Oracle Corporation, OU=Global IT, OU=Terms of use at www.verisign.com/rpa (c)10, CN=*.oracle.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:cb:2b:bd:5b:70:71:e2:a6:cc:06:78:73:cc:e3: a7:fd:fa:5d:22:79:55:54:c7:f7:54:25:e2:7d:5e: d8:77:34:c4:c6:ed:60:7a:ea:c8:cb:10:15:33:47: 3d:b3:e2:dd:45:49:e4:1f:52:09:01:74:91:82:33: 6f:5d:3c:39:6f:90:ff:04:18:35:c8:27:17:cd:67: 3b:e3:22:bb:0b:69:41:10:02:7e:73:44:86:cc:43: 91:fe:12:4a:96:75:d2:8d:0b:15:cf:10:8f:d5:8f: d1:7e:40:f6:91:45:1a:fa:79:10:1f:58:27:a2:f4: 09:57:a2:9b:5f:0d:5c:8f:9d Exponent: 65537 (0x10001) X509v3 extensions: Authority Information Access: OCSP - URI:http://ocsp.verisign.com X509v3 Basic Constraints: CA:FALSE X509v3 Certificate Policies: Policy: 2.16.840.1.113733.1.7.23.3 CPS: https://www.verisign.com/rpa X509v3 CRL Distribution Points: URI:http://SVRIntl-crl.verisign.com/SVRIntl.crl X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, Microsoft Server Gated Crypto X509v3 Key Usage: Digital Signature, Key Encipherment 1.3.6.1.5.5.7.1.12: 0`.^.\0Z0X0V..image/gif0!0.0...+..Kk.(.R8.).K..!..0&.$http://logo.verisign.com/vslogo1.gif Signature Algorithm: sha1WithRSAEncryption 0d:4d:7d:17:cd:11:89:0f:a4:5a:13:aa:43:91:ab:11:30:fd: 9f:fa:fa:e6:ab:d6:c8:d9:12:3b:53:72:f2:40:47:61:c8:db: 0d:19:04:f1:0b:ef:bc:b9:0f:02:bf:b3:cd:de:c4:d7:2a:03: 17:64:f7:4a:f9:e7:35:60:34:e2:55:50:b2:16:fc:52:26:b7: d8:34:13:38:99:7f:6a:3d:a7:32:ed:6b:91:44:e1:2e:00:0b: eb:ab:36:4f:f1:9b:71:f1:58:5f:11:89:43:01:52:f3:9e:6d: fe:2a:f2:a9:24:46:44:ad:ca:70:2d:ad:0c:62:32:43:e3:47: b3:26 -B
Re: [pca] getupdates.oracle.com now available for testing!
The https server at sunsolve.sun.com doesn't respond, but http works. At least for me. 2010/11/21 Dennis Clarke > > Is sunsolve now officially dead ? > > Looking for 119255-77 (1/1) > Trying SunSolve > Trying https://sunsolve.sun.com/ (1/1) > > No response there anymore so I have to assume that there is an "official" > replacement. > > What would that be at this time ? Anyone know ? > > -- > Dennis Clarke > dcla...@opensolaris.ca <- Email related to the open source Solaris > dcla...@blastwave.org <- Email related to open source for Solaris > > > > -- Alexander -- ↯Lifestream (Twitter, Blog, …) ↣ http://alexs77.soup.io/ ↯ ↯ Chat (Jabber/Google Talk) ↣ a.sk...@gmail.com , AIM: alexws77 ↯
Re: [pca] getupdates.oracle.com now available for testing!
On Sun, Nov 21, 2010 at 10:18 AM, Dennis Clarke wrote: > > Is sunsolve now officially dead ? > > Looking for 119255-77 (1/1) > Trying SunSolve > Trying https://sunsolve.sun.com/ (1/1) > > No response there anymore so I have to assume that there is an "official" > replacement. > > What would that be at this time ? Anyone know ? > > -- > Dennis Clarke > dcla...@opensolaris.ca <- Email related to the open source Solaris > dcla...@blastwave.org <- Email related to open source for Solaris > > > > I was able to download the signed version via the sun provided wget script, but not via pca. Downloading signed patch 119255-77. --2010-11-21 10:26:22-- http://sunsolve.sun.com/pdownload.pl?target=119255-77&method=hs Resolving sunsolve.sun.com... 192.18.108.40 Connecting to sunsolve.sun.com|192.18.108.40|:80... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: http://sunsolve.sun.com/pdownload.do?target=119255-77&method=hs[following] --2010-11-21 10:26:22-- http://sunsolve.sun.com/pdownload.do?target=119255-77&method=hs Reusing existing connection to sunsolve.sun.com:80. HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://getupdates2.sun.com/all_signed/119255-77.jar [following] --2010-11-21 10:26:32-- https://getupdates2.sun.com/all_signed/119255-77.jar Resolving getupdates2.sun.com... 192.18.110.15 Connecting to getupdates2.sun.com|192.18.110.15|:443... connected. WARNING: cannot verify getupdates2.sun.com's certificate, issued by `/O=Sun Microsystems Inc/OU=VeriSign Trust Netwo rk/OU=Class 3 MPKI Secure Server CA/CN=Sun Microsystems Inc SSL CA': Self-signed certificate encountered. HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://a248.e.akamai.net/f/248/21808/15m/sun.download.akamai.com/21808/patches/patchroot/all_signed/11925 5-77.jar?AuthParam=&GroupName=SWUP&FilePath=/21 808/patches/patchroot/all_signed/119255-77.jar&File=119255-77.jar [following] --2010-11-21 10:26:39-- https://a248.e.akamai.net/f/248/21808/15m/sun.download.akamai.com/21808/patches/patchroot/a ll_signed/119255-77.jar?&GroupName=SW UP&FilePath=/21808/patches/patchroot/all_signed/119255-77.jar&File=119255-77.jar Resolving a248.e.akamai.net... 63.84.95.8, 63.84.95.80 Connecting to a248.e.akamai.net|63.84.95.8|:443... connected. WARNING: cannot verify a248.e.akamai.net's certificate, issued by `/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutio ns, Inc./CN=GTE CyberTrust Global Root': Unable to locally verify the issuer's authority. HTTP request sent, awaiting response... 200 OK Length: 1372402 (1.3M) [text/plain] Saving to: `/Jumpstart/Images/10/0910/Patches/sparc/119255-77.jar' Regards -- Gael Martinez
Re: [pca] getupdates.oracle.com now available for testing!
Is sunsolve now officially dead ? Looking for 119255-77 (1/1) Trying SunSolve Trying https://sunsolve.sun.com/ (1/1) No response there anymore so I have to assume that there is an "official" replacement. What would that be at this time ? Anyone know ? -- Dennis Clarke dcla...@opensolaris.ca <- Email related to the open source Solaris dcla...@blastwave.org <- Email related to open source for Solaris