Thank you for being proactive!
Since the consensus indicates that all is ok and manually checking the
lxd images shows the cert is ok, I am going to mark this invalid.
** Changed in: pollinate (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a
Unless pollinate used to use --pinnedpubkey as well, it seems that
including the server certificate would have had no effect, so
entropy.ubuntu.com.pem was merely confusing not only in name but also in
its contents, before r319 landed.
--
You received this bug notification because you are a
It seems to be related to a change in r319 [1]. It seems we ended up
dropping more than just the Go Daddy chain. Somewhere in that diff (#3)
was this certificate:
| notAfter=Aug 11 12:00:00 2016 GMT
| subject=C = GB, ST = Southwark, L = London, O = Canonical Group Ltd, CN =
entropy.ubuntu.com
I think the name of the file is super misleading. It definitely looks like
it would be a certificate for entropy.u.c.
On Tue, Sep 11, 2018, 18:21 Paul Collins
wrote:
> I could have sworn that pollinate pinned the entropy.ubuntu.com
> certificate itself, hence this bug, but it's clearly not
I think the name of the file is super misleading. It definitely looks like
it would be a certificate for entropy.u.c.
On Tue, Sep 11, 2018, 18:21 Paul Collins
wrote:
> I could have sworn that pollinate pinned the entropy.ubuntu.com
> certificate itself, hence this bug, but it's clearly not
I could have sworn that pollinate pinned the entropy.ubuntu.com
certificate itself, hence this bug, but it's clearly not currently
included in the source package. Thanks for looking into this, and sorry
for the noise!
--
You received this bug notification because you are a member of Ubuntu
The current chain that is shipped in polinate contains DigiCert Global
Root CA and the DigiCert SHA2 Secure Server CA, and the new certificate
is still signed by the same intermediary.
The attached _chain.crt in #2 is incomplete, as it lacks the Global Root
CA.
It seems like no update is
I downloaded entropy.ubuntu.com.crt and ran this command, where
$(pwd)/entropy.ubuntu.com.pem is the certificate file (a CA actually)
from the current cosmic pollinate package:
$ openssl verify -CAfile entropy.ubuntu.com.pem
~/Desktop/entropy.ubuntu.com.crt
I downloaded entropy.ubuntu.com.crt and ran this command, where
$(pwd)/entropy.ubuntu.com.pem is the certificate file (a CA actually)
from the current cosmic pollinate package:
$ openssl verify -CAfile entropy.ubuntu.com.pem
~/Desktop/entropy.ubuntu.com.crt
** Description changed:
entropy.ubuntu.com expires in about 8 days. Since pollinate uses
certificate pinning, the package will need to be updated and SRU'd
before then.
Attached please find the new certificate and certificate chain files,
- although to the best of knowlege only the
** Attachment added: "entropy.ubuntu.com_chain.crt"
https://bugs.launchpad.net/ubuntu/+source/pollinate/+bug/1791572/+attachment/5186962/+files/entropy.ubuntu.com_chain.crt
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
11 matches
Mail list logo