Bug#967086: Empty pages when authenticated
On Thu, Aug 06, 2020 at 10:37:27AM +0200, Raphael Hertzog wrote: > On Thu, 06 Aug 2020, Stéphane Glondu wrote: > > Le 05/08/2020 à 14:36, Raphael Hertzog a écrit : > > >> tracker.debian.org does not seem to respond or responds always empty > > >> pages (no error) when I use a client certificate. > > > > > > I don't have the issue with my own certificate. > > > > > > I see this in the error log: > > > [Wed Aug 05 11:17:05.798925 2020] [ssl:error] [pid 31979:tid > > > 140564909500160] [client 80.227.5.106:40019] AH02039: Certificate > > > Verification: Error (66): EE certificate key too weak > > > [Wed Aug 05 11:59:09.029731 2020] [ssl:error] [pid 31979:tid > > > 140565890987776] [client 80.227.5.106:9418] AH02039: Certificate > > > Verification: Error (66): EE certificate key too weak > > > > This is not my IP address. > > Looking at your mail headers, I found 152.81.9.54 and I got similar logs: > hertzog@ticharich:~$ grep 152.81.9.54 > /var/log/apache2/tracker.debian.org-error.log > [Thu Aug 06 07:57:16.520838 2020] [ssl:error] [pid 29597:tid 140564724860672] > [client 152.81.9.54:55460] AH02039: Certificate Verification: Error (66): EE > certificate key too weak > [Thu Aug 06 07:57:48.093622 2020] [ssl:error] [pid 29597:tid 140564909500160] > [client 152.81.9.54:55462] AH02039: Certificate Verification: Error (10): > certificate has expired > > > When I first encountered the error, I realised my certificate was > > expired. Then, I generated a new certificate. I still get the > > undesirable behaviour with the new certificate. > > I'm not sure what else I can do to help you here. I'm putting DSA in copy > in case they know what's going on here. I never had such an issue. > > Did you drop you old certificate and restart your browser? > Maybe also provide the output of "openssl x509 -noout -text" on the cert. Cheers, Julien
Bug#967086: Empty pages when authenticated
On Thu, 06 Aug 2020, Stéphane Glondu wrote: > Le 05/08/2020 à 14:36, Raphael Hertzog a écrit : > >> tracker.debian.org does not seem to respond or responds always empty > >> pages (no error) when I use a client certificate. > > > > I don't have the issue with my own certificate. > > > > I see this in the error log: > > [Wed Aug 05 11:17:05.798925 2020] [ssl:error] [pid 31979:tid > > 140564909500160] [client 80.227.5.106:40019] AH02039: Certificate > > Verification: Error (66): EE certificate key too weak > > [Wed Aug 05 11:59:09.029731 2020] [ssl:error] [pid 31979:tid > > 140565890987776] [client 80.227.5.106:9418] AH02039: Certificate > > Verification: Error (66): EE certificate key too weak > > This is not my IP address. Looking at your mail headers, I found 152.81.9.54 and I got similar logs: hertzog@ticharich:~$ grep 152.81.9.54 /var/log/apache2/tracker.debian.org-error.log [Thu Aug 06 07:57:16.520838 2020] [ssl:error] [pid 29597:tid 140564724860672] [client 152.81.9.54:55460] AH02039: Certificate Verification: Error (66): EE certificate key too weak [Thu Aug 06 07:57:48.093622 2020] [ssl:error] [pid 29597:tid 140564909500160] [client 152.81.9.54:55462] AH02039: Certificate Verification: Error (10): certificate has expired > When I first encountered the error, I realised my certificate was > expired. Then, I generated a new certificate. I still get the > undesirable behaviour with the new certificate. I'm not sure what else I can do to help you here. I'm putting DSA in copy in case they know what's going on here. I never had such an issue. Did you drop you old certificate and restart your browser? Cheers, -- ⢀⣴⠾⠻⢶⣦⠀ Raphaël Hertzog ⣾⠁⢠⠒⠀⣿⡁ ⢿⡄⠘⠷⠚⠋The Debian Handbook: https://debian-handbook.info/get/ ⠈⠳⣄ Debian Long Term Support: https://deb.li/LTS
Bug#967086: Empty pages when authenticated
Le 05/08/2020 à 14:36, Raphael Hertzog a écrit : >> tracker.debian.org does not seem to respond or responds always empty >> pages (no error) when I use a client certificate. > > I don't have the issue with my own certificate. > > I see this in the error log: > [Wed Aug 05 11:17:05.798925 2020] [ssl:error] [pid 31979:tid 140564909500160] > [client 80.227.5.106:40019] AH02039: Certificate Verification: Error (66): EE > certificate key too weak > [Wed Aug 05 11:59:09.029731 2020] [ssl:error] [pid 31979:tid 140565890987776] > [client 80.227.5.106:9418] AH02039: Certificate Verification: Error (66): EE > certificate key too weak This is not my IP address. > So maybe get a new certificate? When I first encountered the error, I realised my certificate was expired. Then, I generated a new certificate. I still get the undesirable behaviour with the new certificate. Cheers, -- Stéphane
Bug#967086: Empty pages when authenticated
Hi, On Tue, 04 Aug 2020, Stéphane Glondu wrote: > tracker.debian.org does not seem to respond or responds always empty > pages (no error) when I use a client certificate. I don't have the issue with my own certificate. I see this in the error log: [Wed Aug 05 11:17:05.798925 2020] [ssl:error] [pid 31979:tid 140564909500160] [client 80.227.5.106:40019] AH02039: Certificate Verification: Error (66): EE certificate key too weak [Wed Aug 05 11:59:09.029731 2020] [ssl:error] [pid 31979:tid 140565890987776] [client 80.227.5.106:9418] AH02039: Certificate Verification: Error (66): EE certificate key too weak So maybe get a new certificate? I don't think that I can change anything in the configuration on my side. Cheers, -- ⢀⣴⠾⠻⢶⣦⠀ Raphaël Hertzog ⣾⠁⢠⠒⠀⣿⡁ ⢿⡄⠘⠷⠚⠋The Debian Handbook: https://debian-handbook.info/get/ ⠈⠳⣄ Debian Long Term Support: https://deb.li/LTS
Bug#967086: Empty pages when authenticated
Package: tracker.debian.org Severity: important Dear Maintainer, tracker.debian.org does not seem to respond or responds always empty pages (no error) when I use a client certificate. Cheers, -- Stéphane -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-1-amd64 (SMP w/4 CPU threads) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled