Strange Cloudflare Cert on www.opencsw.org
Dagobert Michelsen
dam at opencsw.org
Sun Apr 23 19:51:41 CEST 2017
Hi Hsan,
Am 23.04.2017 um 16:55 schrieb ihsan at opencsw.org:
>> I noticed that our package propagation is broken because the buglist could not be retreived
>> by the go program from https://www.opencsw.org/buglist/json
>>
>> The cert from Cloudflare can not be viewed by our current openssl, maybe the ciphers are
>> too new?
>>
>>
>> web at web [web]:/home/web/bin/gar/go > openssl s_client -connect www.opencsw.org:443 -showcerts
>> CONNECTED(00000004)
>> 18446744071545616348:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:757:
>
> You have to use SNI. All browsers are doing that by default, but with OpenSSL you have to specify it first:
> $ openssl s_client -servername www.opencsw.org -connect www.opencsw.org:443 -showcerts
I can’t fiugure out how to do this in GO, which is what our propagation is using.
Any hot tipps appreciated…
Best regards
— Dago
--
"You don't become great by trying to be great, you become great by wanting to do something,
and then doing it so hard that you become great in the process." - xkcd #896
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.opencsw.org/pipermail/buildfarm/attachments/20170423/8af34066/attachment.asc>
More information about the buildfarm
mailing list