Strange Cloudflare Cert on www.opencsw.org

Dagobert Michelsen dam at opencsw.org
Wed Apr 19 10:16:24 CEST 2017 

Hi Ihsan,

I noticed that our package propagation is broken because the buglist could not be retreived
by the go program from https://www.opencsw.org/buglist/json

The cert from Cloudflare can not be viewed by our current openssl, maybe the ciphers are
too new?


web at web [web]:/home/web/bin/gar/go > openssl s_client -connect www.opencsw.org:443 -showcerts
CONNECTED(00000004)
18446744071545616348:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:757:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 297 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
zsh: 22020 exit 1     openssl s_client -connect www.opencsw.org:443 -showcerts
web at web [web]:/home/web/bin/gar/go > which openssl
/opt/csw/bin/openssl

web at web [web]:/home/web/bin/gar/go > openssl s_client -connect mirror.opencsw.org:443 -showcerts
CONNECTED(00000004)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = mirror.opencsw.org
verify return:1
---
Certificate chain
 0 s:/CN=mirror.opencsw.org
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA


Let’s Encrypt works as you can see from the connection to mirror.opencsw.org,
would it be a hassle to roll that back?


Best regards

  — Dago


--
"You don't become great by trying to be great, you become great by wanting to do something,
and then doing it so hard that you become great in the process." - xkcd #896

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.opencsw.org/pipermail/buildfarm/attachments/20170419/309f877b/attachment.asc>

More information about the buildfarm mailing list