From: Federico Iezzi <fiezzi@google.com>
To: gcc@gcc.gnu.org, abuse@support.gandi.net
Subject: urgent - Google Cloud public subnet blacklisted by gcc.org
Date: Tue, 10 Jan 2023 13:56:25 +0100 [thread overview]
Message-ID: <CAJ_7uVwnvKRvmZjd-p45QpbPetzt88=9BrM9e+=F0fYcCHrE3g@mail.gmail.com> (raw)
Hey everybody,
Apologies for this request, and perhaps the wrong mailing list.
I hope this gets the right level of attention.
It seems like the GCC frontend/WAF have blacklisted the entire subnet
used by Google Cloud for Internet access.
Follows some traces.
Could you please unblock us? It's really important that this gets
sorted out as quickly as possible. Any Google Cloud customer using GCC
is completely unable to do so.
$ curl ifconfig.me
35.234.162.99
$ curl -v -o /dev/null -L gcc.gnu.org
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0* Trying 8.43.85.97:80...
* Connected to gcc.gnu.org (8.43.85.97) port 80 (#0)
> GET / HTTP/1.1
> Host: gcc.gnu.org
> User-Agent: curl/7.81.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden <================== 403 status code
< Date: Tue, 10 Jan 2023 12:47:36 GMT
< Server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k
mod_qos/11.70 mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3
< Content-Length: 318
< Content-Type: text/html; charset=iso-8859-1
<
{ [318 bytes data]
100 318 100 318 0 0 1628 0 --:--:-- --:--:-- --:--:-- 1630
* Connection #0 to host gcc.gnu.org left intact
$ openssl s_client -connect gcc.gnu.org:443
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = gcc.gnu.org
verify return:1
---
Certificate chain
0 s:CN = gcc.gnu.org
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 1 03:06:21 2023 GMT; NotAfter: Apr 1 03:06:20 2023 GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISA0MlBNNOfNOyyCm05C8ADkiKMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzAxMDEwMzA2MjFaFw0yMzA0MDEwMzA2MjBaMBYxFDASBgNVBAMT
C2djYy5nbnUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1HG7
XIr/cqKN8VasqxmCUsRjnqtGvqV1X5EFkSK5KYqO5q3qzmTDW+++x0hj3Fjmr+Sz
gul1a7Ws5juz53u/ZE9s0nFFNNNMe8dYoWFnMZGuZtLtjOPcefwpdTSr8jgfgXX/
xtb26/1764Ur8AEYLgKvCWOUwSG76SFeJP8hLeB6vva/IviM74A5iA1rN8oKbnZx
Xh8pPha+a/zTWQFjPIy7jswyBJEVGL4jgtap7tq3gKKzYDcn0KR6vQ2vy02FeLsa
r7hEePflsveSsILaq/yXsVlzg2wQyRqJf80B50UDe6/oJwVbQ1xtB25WYvugCgC1
2EffvxZEFce5z5hANQIDAQABo4ICRjCCAkIwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
BBT2ZpZq6vJKyza5vHKsu6XMspWaPjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDm
H6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5v
LmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAW
BgNVHREEDzANggtnY2MuZ251Lm9yZzBMBgNVHSAERTBDMAgGBmeBDAECATA3Bgsr
BgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0
Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3ALc++yTfnE26dfI5xbpY9Gxd
/ELPep81xJ4dCYEl7bSZAAABhWuCUn0AAAQDAEgwRgIhAJGKgClxZHwGOVJZw4BT
xV1qi7/jKA2+DmQgixhtLPNlAiEAnj6QSgMroYH9uF1r46nlkRgd2IdOvtjY68o8
pqH5+0wAdQDoPtDaPvUGNTLnVyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAYVrglJ5
AAAEAwBGMEQCIHYVJijDvRCJtRpjtvxLlx6ZPavi3aTZyCY3XnABXqWwAiBXFVsi
hihzouvqoxEjlaEb1zPTyhHlR93ZCnHcuogn+TANBgkqhkiG9w0BAQsFAAOCAQEA
DUhNrKE1HfHekBZDsEEr3xGIFBsUOOCy6Qhb69foSQs9cpx07cZHFyUO0c/kQACv
fbLykdvjjGq3vW4kOleLpCq8RH6BMSNAKvn9GJFVnjQu2vR9G+Wrm7yNiBACtdVv
QLBHnu26WkO6AnL/WUJ5Uu4sJcs6NxIJkq26DQfKefDouC20+LBcz1PwoOEg1W0N
7gR4WY/gpGhFP57OspF607SlyWgS6dRR2WEloguQ6jOt9lqpyf/uRnxGr/es8ige
GxDBZH6TxGC7gihbl53FAnusOeimEesqz1IhRIAorhrLniOFDyEdjUBBcigJMPYt
yjj861MgdK+0FRLEQM2WRA==
-----END CERTIFICATE-----
subject=CN = gcc.gnu.org <================== No Proxy in between
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4681 bytes and written 406 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: F2BFBAFB1D0DDAF2452069AEC037513168A2D4D0DCC1E6FCA16CFB64ACA345F1
Session-ID-ctx:
Master-Key:
E75FB7953CA1B56801AD6738BE0771EADB1D7760DA2A5B21B0203CB34731BE9F71F5531118827FCAB00FD121577D052C
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 67 6e 81 31 bf f4 94 ff-cc 41 95 f4 a6 dd 58 ba gn.1.....A....X.
0010 - 1c bf 40 99 f6 38 b0 2b-1b 60 c9 ef bf b9 b5 1c ..@..8.+.`......
0020 - 28 9e 85 15 d1 82 0c 7e-b3 65 82 d0 2e 6f 77 71 (......~.e...owq
0030 - 48 b5 2c d3 c9 1a 1c 62-5c 0a c8 3e fd e6 9d bd H.,....b\..>....
0040 - 16 ad 90 37 30 24 45 ee-a3 2d 73 b8 30 8b 02 95 ...70$E..-s.0...
0050 - 0d 55 e2 98 e9 b1 43 db-06 67 a1 4d 9d 83 5c 13 .U....C..g.M..\.
0060 - 5a 1e 21 0c c2 fc cc de-6b 10 cf 66 3a 68 db 26 Z.!.....k..f:h.&
0070 - 73 4b 54 7e 90 55 3b 54-a4 1e d0 16 59 65 e3 41 sKT~.U;T....Ye.A
0080 - 7f 75 27 87 f4 e1 ae 20-b2 11 6a 0f 72 7a 36 30 .u'.... ..j.rz60
0090 - 4f 64 7b ae dd c9 bb c1-67 1e e4 cd 18 fe 08 ec Od{.....g.......
00a0 - 60 fa a2 2c 0b 43 f2 55-af b5 e7 71 62 0c 88 bd `..,.C.U...qb...
00b0 - 7c f7 90 25 a5 27 01 c5-5e 32 9b 9a d1 33 b7 54 |..%.'..^2...3.T
00c0 - 61 2a bf a1 ca 24 13 18-1f aa c1 20 1a fc b9 68 a*...$..... ...h
Start Time: 1673354833
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
$ curl -o /dev/null -v -L https://gcc.gnu.org
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0* Trying 8.43.85.97:443...
* Connected to gcc.gnu.org (8.43.85.97) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS header, Certificate Status (22):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [106 bytes data]
* TLSv1.2 (IN), TLS header, Certificate Status (22):
{ [5 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [4014 bytes data]
* TLSv1.2 (IN), TLS header, Certificate Status (22):
{ [5 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [300 bytes data]
* TLSv1.2 (IN), TLS header, Certificate Status (22):
{ [5 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS header, Finished (20):
} [5 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS header, Finished (20):
{ [5 bytes data]
* TLSv1.2 (IN), TLS header, Certificate Status (22):
{ [5 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=gcc.gnu.org
* start date: Jan 1 03:06:21 2023 GMT
* expire date: Apr 1 03:06:20 2023 GMT
* subjectAltName: host "gcc.gnu.org" matched cert's "gcc.gnu.org"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x56456e26e550)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
> GET / HTTP/2
> Host: gcc.gnu.org
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
< HTTP/2 403 <================== Still 403 status code
< date: Tue, 10 Jan 2023 12:43:12 GMT
< server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k
mod_qos/11.70 mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3
< content-length: 318
< content-type: text/html; charset=iso-8859-1
<
{ [318 bytes data]
100 318 100 318 0 0 546 0 --:--:-- --:--:-- --:--:-- 547
* Connection #0 to host gcc.gnu.org left intact
$ GIT_CURL_VERBOSE=1 GIT_TRACE=1 git clone http://gcc.gnu.org/git/gcc.git
12:54:29.918761 git.c:455 trace: built-in: git clone
http://gcc.gnu.org/git/gcc.git
Cloning into 'gcc'...
12:54:29.921626 run-command.c:668 trace: run_command: git
remote-http origin http://gcc.gnu.org/git/gcc.git
12:54:29.923332 git.c:742 trace: exec: git-remote-http
origin http://gcc.gnu.org/git/gcc.git
12:54:29.924367 run-command.c:668 trace: run_command:
git-remote-http origin http://gcc.gnu.org/git/gcc.git
12:54:29.929928 http.c:664 == Info: Couldn't find host
gcc.gnu.org in the (nil) file; using defaults
12:54:29.930846 http.c:664 == Info: Trying 8.43.85.97:80...
12:54:30.032316 http.c:664 == Info: Connected to
gcc.gnu.org (8.43.85.97) port 80 (#0)
12:54:30.032385 http.c:611 => Send header, 0000000233
bytes (0x000000e9)
12:54:30.032397 http.c:623 => Send header: GET
/git/gcc.git/info/refs?service=git-upload-pack HTTP/1.1
12:54:30.032400 http.c:623 => Send header: Host: gcc.gnu.org
12:54:30.032403 http.c:623 => Send header: User-Agent: git/2.34.1
12:54:30.032406 http.c:623 => Send header: Accept: */*
12:54:30.032417 http.c:623 => Send header:
Accept-Encoding: deflate, gzip, br, zstd
12:54:30.032427 http.c:623 => Send header:
Accept-Language: C, *;q=0.9
12:54:30.032432 http.c:623 => Send header: Pragma: no-cache
12:54:30.032435 http.c:623 => Send header: Git-Protocol: version=2
12:54:30.032439 http.c:623 => Send header:
12:54:30.124540 http.c:664 == Info: Mark bundle as not
supporting multiuse
12:54:30.124573 http.c:611 <= Recv header, 0000000024
bytes (0x00000018)
12:54:30.124579 http.c:623 <= Recv header: HTTP/1.1 403 Forbidden
12:54:30.124590 http.c:611 <= Recv header, 0000000037
bytes (0x00000025)
12:54:30.124601 http.c:623 <= Recv header: Date: Tue, 10
Jan 2023 12:54:30 GMT
12:54:30.124608 http.c:611 <= Recv header, 0000000134
bytes (0x00000086)
12:54:30.124623 http.c:623 <= Recv header: Server:
Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_qos/11.70
mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3
12:54:30.124635 http.c:611 <= Recv header, 0000000021
bytes (0x00000015)
12:54:30.124641 http.c:623 <= Recv header: Content-Length: 199
12:54:30.124647 http.c:611 <= Recv header, 0000000045
bytes (0x0000002d)
12:54:30.124662 http.c:623 <= Recv header: Content-Type:
text/html; charset=iso-8859-1
12:54:30.124672 http.c:611 <= Recv header, 0000000002
bytes (0x00000002)
12:54:30.124681 http.c:623 <= Recv header:
12:54:30.124697 http.c:664 == Info: Connection #0 to host
gcc.gnu.org left intact
fatal: unable to access 'http://gcc.gnu.org/git/gcc.git/': The
requested URL returned error: 403
next reply other threads:[~2023-01-10 12:57 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-10 12:56 Federico Iezzi [this message]
[not found] ` <CAJ_7uVxQoH3NNZC6OwkK0aMfPkwMA4TXHP6Ye4U38Yvo_uf-Nw@mail.gmail.com>
2023-01-10 14:29 ` Federico Iezzi
2023-01-10 14:42 ` Frank Ch. Eigler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJ_7uVwnvKRvmZjd-p45QpbPetzt88=9BrM9e+=F0fYcCHrE3g@mail.gmail.com' \
--to=fiezzi@google.com \
--cc=abuse@support.gandi.net \
--cc=gcc@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).