subject:"Re\: \[libreoffice\-website\] Can not get into the wiki..."

Re: [libreoffice-website] Can not get into the wiki...

2017-11-21 Thread Guilhem Moulin

Hi,

On Tue, 21 Nov 2017 at 11:57:10 +0100, Dennis Roczek wrote:
> We just got a new wiki-certificate from Let's encrypt. Maybe they
> changed something fundamental...?

The cert was last renewed 2 weeks ago, if there was a problem with the
X.509 chain I guess someone would have complained before :-P

$ openssl s_client -connect wiki.documentfoundation.org:443 -servername 
wiki.documentfoundation.org /dev/null \
| openssl x509 -noout -dates
notBefore=Nov  4 02:07:05 2017 GMT
notAfter=Feb  2 02:07:05 2018 GMT

> @Guilhem: do you know more about changes there?

I noticed the OSCP responsed stapled to the TLS handshake was out of
date since this morning at 03:00 UTC.

$ openssl s_client -connect wiki.documentfoundation.org:443 -servername 
wiki.documentfoundation.org -status /dev/null
[…]
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
Produced At: Nov 14 03:08:00 2017 GMT
Responses:
Certificate ID:
  Hash Algorithm: sha1
  Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D
  Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1
  Serial Number: 03686441D74F5FFBC5CF4FDD4504FBFA9DDA
Cert Status: good
This Update: Nov 14 03:00:00 2017 GMT
Next Update: Nov 21 03:00:00 2017 GMT
[…]

Apparently nginx kept querying the OCSP responder but all requests timed
out so the stapled data wasn't refreshed.  That's weird, AFAIK nginx
only caches DNS responses for the zone TTL, but we got a valid response
after reloading the server:

$ openssl s_client -connect wiki.documentfoundation.org:443 -servername 
wiki.documentfoundation.org -status /dev/null
[…]
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
Produced At: Nov 19 03:11:00 2017 GMT
Responses:
Certificate ID:
  Hash Algorithm: sha1
  Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D
  Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1
  Serial Number: 0324F7EDB9BE813D301B509273649D7E7614
Cert Status: good
This Update: Nov 19 03:00:00 2017 GMT
Next Update: Nov 26 03:00:00 2017 GMT
[…]

I assume not all browsers were affected because some fallback to quering
the OCSP responder manually when the stapled information is out of date.

Cheers,
-- 
Guilhem.

-- 
To unsubscribe e-mail to: website+unsubscr...@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/website/
All messages sent to this list will be publicly archived and cannot be deleted

Re: [libreoffice-website] Can not get into the wiki...

2017-11-21 Thread Daniel A. Rodriguez

Yep, thank you guys.

2017-11-21 8:16 GMT-03:00 Regina Henschel :
> Hi Daniel,
>
> Please try again. It works for me now.
>
> Kind regards
> Regina
>
>
> Daniel A. Rodriguez schrieb am 21.11.2017 um 11:28:
>>
>> At this time I'm getting this message
>>
>> ---
>> An error occurred during a connection to wiki.documentfoundation.org.
>> The OCSP response contains out-of-date information. Error code:
>> SEC_ERROR_OCSP_OLD_RESPONSE
>> ---
>>
>
>
> --
> To unsubscribe e-mail to: website+unsubscr...@global.libreoffice.org
> Problems?
> https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
> List archive: https://listarchives.libreoffice.org/global/website/
> All messages sent to this list will be publicly archived and cannot be
> deleted

-- 
To unsubscribe e-mail to: website+unsubscr...@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/website/
All messages sent to this list will be publicly archived and cannot be deleted

Re: [libreoffice-website] Can not get into the wiki...

2017-11-21 Thread Regina Henschel


Hi Daniel,

Please try again. It works for me now.

Kind regards
Regina

Daniel A. Rodriguez schrieb am 21.11.2017 um 11:28:

At this time I'm getting this message

---
An error occurred during a connection to wiki.documentfoundation.org.
The OCSP response contains out-of-date information. Error code:
SEC_ERROR_OCSP_OLD_RESPONSE
---




--
To unsubscribe e-mail to: website+unsubscr...@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/website/
All messages sent to this list will be publicly archived and cannot be deleted

Re: [libreoffice-website] Can not get into the wiki...

2017-11-21 Thread Dennis Roczek

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi Daniel,

On 21.11.2017 11:53, Dennis Roczek wrote:
> Hi Daniel,
> 
> On 21.11.2017 11:28, Daniel A. Rodriguez wrote:
>> At this time I'm getting this message
> 
>> ---
>> An error occurred during a connection to wiki.documentfoundation.org.
>> The OCSP response contains out-of-date information. Error code:
>> SEC_ERROR_OCSP_OLD_RESPONSE
>> ---
> 
> 
> I do not get this error. But I guess I know what the problem is: Do yo
u
> transmitter your HTTP Refferer? (maybe it is blocked by an extension)
> 
> Regards,
> Dennis Roczek
>
I have to correct: It works in Vivaldi (based on newest Chrome), but not
in Opera12 o.O

We just got a new wiki-certificate from Let's encrypt. Maybe they
changed something fundamental...?

@Guilhem: do you know more about changes there?

Regards,
Dennis Roczek
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEhYmMfFabYko4V91Tzj5B/c4qttkFAloUBoYACgkQzj5B/c4q
ttmv9A/8CS/Gn/1d0zTaKf+6SdGHAlNYEwSnfnTINjNhU2RQmWMyUWu89lbWHgBy
DKuE3u6MSIafIOL8W/l0mudz+q0BnGN+fT95uW5fozQtL6Dck2tqMRsa7kTxm+9f
goJWY86ItClrNrsBfhAyfw0ykhBlbAQvVft7qNObRA/C9hrWAfp2jpDZIz9aghWs
/ot00iUCJn/9U711rgawEYJqnQ12mhMPJMmLfr6qvhHsXKm8I20rYZySlGLv579K
2yU1wHidHwbMZymP7UWXifhkwe98YZt6OOn2eT4q079SOvZQ7+o3m/m4AE3HiEZS
/80foWLpl97L6lNjUoehfjZIKmbpiEcOgnSwBS/iEXCH5kw0vPsjxArobDWvruyP
JIuCaBDyzTFe9ONEzzZstXmEWx5fdlubG9H6ZSGaiNwl6hOOMVw0SZvn/j9vjLZE
RH0u0MSYye3mjQASUGA+Ia2MWiTPpvar21zjamuKONIZezV+g4nhtYKIwHtFSXD1
5Y/fROLLMpT41zNTGI7pA5qPYwQ9N2At2B55KR9Aiw2LwDrlOv7hRndqE0mL7TS4
eaiFlZ5ZuddB2bjfmfZQ6gxdY5C3hmQLwDIs5L3grxay9Kw5U6aeBV8CbjSZcThM
gRF75KFcLJlrZfMo9ivgvBtXiIKYwkD4TphV9g20+C8c/4IQ9fA=
=Q6f2
-END PGP SIGNATURE-

-- 
To unsubscribe e-mail to: website+unsubscr...@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/website/
All messages sent to this list will be publicly archived and cannot be deleted

Re: [libreoffice-website] Can not get into the wiki...

2017-11-21 Thread Dennis Roczek

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi Daniel,

On 21.11.2017 11:28, Daniel A. Rodriguez wrote:
> At this time I'm getting this message
> 
> ---
> An error occurred during a connection to wiki.documentfoundation.org.
> The OCSP response contains out-of-date information. Error code:
> SEC_ERROR_OCSP_OLD_RESPONSE
> ---
> 

I do not get this error. But I guess I know what the problem is: Do you
transmitter your HTTP Refferer? (maybe it is blocked by an extension)

Regards,
Dennis Roczek
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEhYmMfFabYko4V91Tzj5B/c4qttkFAloUBacACgkQzj5B/c4q
ttmP1RAAhZ0wyADoulfeWweHWiu8sc/5kvwCWbNcZyGUjYb3PoZP/C4tK08WlQKc
eFMvF8lDHygthRfDRRSzbezbGEYlS3OBuFMbajZssagjsjnAElGQaTcRV7I8BIob
gJCKXncdkPHH19mkmaHiJPA3HLzxheBaHeZuxPLX/jK4VSdd3nS3IQHue6eju7XF
rmQk4pLj69Fzx+0lypU/tw2KEXO/gmVGo2tCOVASBfiMY1/1tai9eSjETovoV07+
HxMbD8A9VmRZ4pBIAF4LgLie7jpXyZQ/gasM8WRlP/Xe2ywetW0O0L0SmJz5I1bB
+FKx76SWBWCu7D7rTCtUFfmdF2AOREqhoaCYg43ltpOk6nd9ywU7nZBpFNUj9zW0
KP9g+SHtz+ciG83SelbM3P04Lv61KS9EEAl2DXGymO/IaUvdr4fPhQrrMrnCeVAp
gx13BHwOc5s3w0VFbrDNB4KwkJCMybSOYsXgfbct6sR+ewT14ssVCDd6nUlVwQ/A
JbXGO+BVLuvlKCni81lI5WkpmAmJaysdJfWQqvo6gfXGfNokj3/6wE10OBGgCOBn
kFawbd2rRGNtV1+S1P6MSlYLIhsFFiZK50hga0Yiu5Qb3vvd7Ne7tAxlf+EPDtLL
ZD+aVA+Pyyu5S6s00ERTOnR61liM9lO5prtZEd8EI2wpSqAp8Zw=
=qa75
-END PGP SIGNATURE-

-- 
To unsubscribe e-mail to: website+unsubscr...@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/website/
All messages sent to this list will be publicly archived and cannot be deleted

Re: [libreoffice-website] Can not get into the wiki...

Re: [libreoffice-website] Can not get into the wiki...

Re: [libreoffice-website] Can not get into the wiki...

Re: [libreoffice-website] Can not get into the wiki...

Re: [libreoffice-website] Can not get into the wiki...

5 matches

Site Navigation

Mail list logo

Footer information