[packman] Build Service. SSL Error
Hello. When I try to connect to server via osc I get error: SSL Error: sslv3 alert handshake failure How to fix? -- WBR Kyrill ___ Packman mailing list Packman@links2linux.de http://lists.links2linux.de/cgi-bin/mailman/listinfo/packman
Re: [packman] Build Service. SSL Error
On Wed, 18 Jan 2012 17:17:49 +0400 Kyrill Detinov lazy.k...@opensuse.org wrote: Hello. When I try to connect to server via osc I get error: SSL Error: sslv3 alert handshake failure How to fix? Hi Add sslcertck=0 to your ~/.oscrc file for the moment. -- Cheers Malcolm °¿° (Linux Counter #276890) openSUSE 12.1 (x86_64) Kernel 3.1.0-1.2-desktop up 1 day 23:51, 4 users, load average: 0.01, 0.03, 0.05 CPU Intel i5 CPU M520@2.40GHz | Intel Arrandale GPU ___ Packman mailing list Packman@links2linux.de http://lists.links2linux.de/cgi-bin/mailman/listinfo/packman
Re: [packman] Build Service. SSL Error
On 2012-01-18 07:52:50 (-0600), Malcolm malcolm_le...@bellsouth.net wrote: On Wed, 18 Jan 2012 17:17:49 +0400 Kyrill Detinov lazy.k...@opensuse.org wrote: When I try to connect to server via osc I get error: SSL Error: sslv3 alert handshake failure How to fix? Add sslcertck=0 to your ~/.oscrc file for the moment. Yep, specifically in the section for pmbs.links2linux.org The reason is not that our SSL certificate is invalid, but that recent versions of osc introduced stronger SSL peer certificate requirements, and apparently our CAcert certificate is too weak for that. But we don't have a budget to buy one from Verisign, so it'll have to do. cheers -- -o) Pascal Bleser /\\ http://opensuse.org -- we haz green _\_v http://fosdem.org -- we haz conf pgp6HdW1qBJzO.pgp Description: PGP signature ___ Packman mailing list Packman@links2linux.de http://lists.links2linux.de/cgi-bin/mailman/listinfo/packman
Re: [packman] Build Service. SSL Error
On 01/18/2012 04:53 PM, Pascal Bleser wrote: On 2012-01-18 07:52:50 (-0600), Malcolm malcolm_le...@bellsouth.net wrote: On Wed, 18 Jan 2012 17:17:49 +0400 Kyrill Detinov lazy.k...@opensuse.org wrote: When I try to connect to server via osc I get error: SSL Error: sslv3 alert handshake failure How to fix? Add sslcertck=0 to your ~/.oscrc file for the moment. Yep, specifically in the section for pmbs.links2linux.org The reason is not that our SSL certificate is invalid, but that recent versions of osc introduced stronger SSL peer certificate requirements, and apparently our CAcert certificate is too weak for that. But we don't have a budget to buy one from Verisign, so it'll have to do. cheers ___ Packman mailing list Packman@links2linux.de http://lists.links2linux.de/cgi-bin/mailman/listinfo/packman a 50$ cert can do? i know a company ___ Packman mailing list Packman@links2linux.de http://lists.links2linux.de/cgi-bin/mailman/listinfo/packman
Re: [packman] Build Service. SSL Error
Pascal Bleser wrote: On 2012-01-18 07:52:50 (-0600), Malcolm malcolm_le...@bellsouth.net wrote: On Wed, 18 Jan 2012 17:17:49 +0400 Kyrill Detinov lazy.k...@opensuse.org wrote: When I try to connect to server via osc I get error: SSL Error: sslv3 alert handshake failure How to fix? Add sslcertck=0 to your ~/.oscrc file for the moment. Yep, specifically in the section for pmbs.links2linux.org No, that's never a solution. The reason is not that our SSL certificate is invalid, but that recent versions of osc introduced stronger SSL peer certificate requirements, and apparently our CAcert certificate is too weak for that. It has nothing to do with the certificate. Someone decided to put arbitrary restrictions on the accepted ciphers in osc. Apply the following commit to reset it to a working setting: https://github.com/openSUSE/osc/commit/0f2e8e257d3f298dc034b212267bbb5ba04d2430 Alternatively reconfigure your web server to also offer stronger ciphers. Note that the template file for ssl vhosts in the apache package was broken in the past so if you used that you may want to have a look at a newer one and use the cipher string from there. Btw, you can get a certificate free of charge of a Mozilla accepted CA from http://www.startssl.com/ cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) ___ Packman mailing list Packman@links2linux.de http://lists.links2linux.de/cgi-bin/mailman/listinfo/packman