* HTTPS access for gcc.gnu.org @ 2014-05-08 16:57 Lisa Marie Maginnis 2014-05-08 19:57 ` Frank Ch. Eigler 0 siblings, 1 reply; 10+ messages in thread From: Lisa Marie Maginnis @ 2014-05-08 16:57 UTC (permalink / raw) To: overseers, Frank Ch. Eigler [-- Attachment #1: Type: text/plain, Size: 434 bytes --] Hello, I've gotten a few requests to set up https for gcc.gnu.org. Is this something we want to do? I can get a certificate for gcc.gnu.org, is there a volunteer admin willing to install it? I think this is worth doing IMHO. Let me know so we can get the ball rolling on this, Thanks :) -- ~Lisa Marie Maginnis Senior System Administrator Free Software Foundation http://fsf.org http://gnu.org GPG Key: 61EEC710 [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 836 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: HTTPS access for gcc.gnu.org 2014-05-08 16:57 HTTPS access for gcc.gnu.org Lisa Marie Maginnis @ 2014-05-08 19:57 ` Frank Ch. Eigler [not found] ` <20140509003739.GA29060@libreplanet-meow> 0 siblings, 1 reply; 10+ messages in thread From: Frank Ch. Eigler @ 2014-05-08 19:57 UTC (permalink / raw) To: Lisa Marie Maginnis; +Cc: overseers Hi, Lisa - > Is this something we want to do? I can get a certificate for gcc.gnu.org, is > there a volunteer admin willing to install it? I think this is worth doing IMHO. Absolutely. Can you handle a CSR for a key we generate here? - FChE ^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <20140509003739.GA29060@libreplanet-meow>]
[parent not found: <20140509004806.GE3316@redhat.com>]
* Re: HTTPS access for gcc.gnu.org [not found] ` <20140509004806.GE3316@redhat.com> @ 2014-05-09 21:02 ` Lisa Marie Maginnis 2014-05-09 21:05 ` Frank Ch. Eigler 0 siblings, 1 reply; 10+ messages in thread From: Lisa Marie Maginnis @ 2014-05-09 21:02 UTC (permalink / raw) To: Frank Ch. Eigler; +Cc: overseers [-- Attachment #1.1: Type: text/plain, Size: 588 bytes --] > I'm not opposed to at least plain user/shell access, but this is new, > so I'll need to discuss it with the other overseers. In the mean time, > I can install a CRT quickly if you can get one generated for us. > Thanks! I've genearted the cert. I didn't attach my public key (I did this time). I'd rather not send it over email (unless you want to give me your GPG Key ID). Let me know either way so I can get the cert to you. Thanks! -- ~Lisa Marie Maginnis Senior System Administrator Free Software Foundation http://fsf.org http://gnu.org GPG Key: 61EEC710 [-- Attachment #1.2: id_rsa.pub --] [-- Type: text/plain, Size: 396 bytes --] ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKmBZkXj4bdLQMpAVODbUwe7+9UCxxP+rCUGfW18XuVUf22qsA57JyoeePOVatwkD5HhYBMBbKYRltXGsojE6wq1NZhFyy5yJUEzZebK5GFMXvTvY8bpKCHesIlZM/6zAaWDvipjc1l32aDJ6kzRHxZAkpVzIrexCxnSCzfCR188FOcw61iotNC3JNbpASd6TTli9eDV6jm/uczj+VOXbmBhTHdiEUnqW+vOAf2Nc60JOnlDCOB0i7mRKvpTq9MLd3185/Nc5l2rOBCrvnocsJN/IqF8LAsFhWO/1f+Yhq4t/x8N+4w98jobQ2o4ZCaGrx3kNu+IobFKPr4sbeV2lD elisa@stephost [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 836 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: HTTPS access for gcc.gnu.org 2014-05-09 21:02 ` Lisa Marie Maginnis @ 2014-05-09 21:05 ` Frank Ch. Eigler 2014-05-12 13:44 ` Lisa Marie Maginnis 0 siblings, 1 reply; 10+ messages in thread From: Frank Ch. Eigler @ 2014-05-09 21:05 UTC (permalink / raw) To: Lisa Marie Maginnis; +Cc: overseers Hi, Lisa - Thanks for your ssh public key, we'll keep it somewhere safe, should logon access be required. As for the ssl certificate, please feel free to send it unencrypted, since a crt (unlike a .key) contains no secret information. - FChE ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: HTTPS access for gcc.gnu.org 2014-05-09 21:05 ` Frank Ch. Eigler @ 2014-05-12 13:44 ` Lisa Marie Maginnis 2014-05-12 14:32 ` Frank Ch. Eigler 0 siblings, 1 reply; 10+ messages in thread From: Lisa Marie Maginnis @ 2014-05-12 13:44 UTC (permalink / raw) To: Frank Ch. Eigler; +Cc: overseers [-- Attachment #1: Type: text/plain, Size: 4101 bytes --] Hello, Please see below for the certificate and Gandi's intermediate certificate. Thanks :) Certificate: -----BEGIN CERTIFICATE----- MIIF2jCCBMKgAwIBAgIRAPdYKRwXTUoyQMLO8TtJMNkwDQYJKoZIhvcNAQEFBQAw QTELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUdBTkRJIFNBUzEeMBwGA1UEAxMVR2Fu ZGkgU3RhbmRhcmQgU1NMIENBMB4XDTE0MDUwOTAwMDAwMFoXDTE1MDUwOTIzNTk1 OVowVjEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQL ExJHYW5kaSBTdGFuZGFyZCBTU0wxFDASBgNVBAMTC2djYy5nbnUub3JnMIICIjAN BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3gBfIrMGR1IwmDjKej+8TIs/X2dr nMU3cdnmaUXLjVL6QVFiFW04Q2Kk/pUuMAjM9J4yLy+c+3aDoyqLMPM1Rv4ho1oe 1dMEc1oacbY6jfhAH1eVJ9yUuFMEgch+PP4D4CwwPTNiKt4pTl900IWtu6yFg2h1 bbgxQBJf1WWimyI27wybSE+Rpg4mh/+77OCHwMSODr32NcQ0yHfX2ks1q5glgS3J EORTr3Pm+98Zi3MCcs1X5rQdn4nPnwI4K/KzKQ/NTmkRDyCJwQLt0S6m5zhrf5P8 AJuX3rd7ItOBraEJ0aSN1EaWiDKN0DqwfczeKEijFIbbhK47MgOHI5AbsILtvgZr ujfhU9IevmiZf3j7oIZha1v4xm/UtY2iTy/JI+16focGXn6jDYK5m/jLi16oZRMV z5EQoc0DvNHTxmze4Rvy87f4gvJeZTTpadI2+F1m+L3ysuJKQxmx8bcjsFwr1/mA PsmP5pMay6zmLuobEU8zCSZaR6ZobF8ylGH7MNbRh10HlYEC0ajSesasqmtXlhbr pvlFEMYK/Tqsw0EuQ0RGMFDincwWZM9LeaHEYb4nBwlM0/7LbZulGm+NNxrry3Jy h9OuOo8ndUI/h9JVJYFGgbX13j51+OdDkDH7rvM8nkkzsXKwY3LKLC616KWaFTVy 19iDQVA8I27JJ90CAwEAAaOCAbYwggGyMB8GA1UdIwQYMBaAFLao/6KoL9CmzUux aPPnUBAxp3khMB0GA1UdDgQWBBSCx1vBzs711Q0pJCOpDA9KLYnN4DAOBgNVHQ8B Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB BQUHAwIwYAYDVR0gBFkwVzBLBgsrBgEEAbIxAQICGjA8MDoGCCsGAQUFBwIBFi5o dHRwOi8vd3d3LmdhbmRpLm5ldC9jb250cmFjdHMvZnIvc3NsL2Nwcy9wZGYvMAgG BmeBDAECATA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmdhbmRpLm5ldC9H YW5kaVN0YW5kYXJkU1NMQ0EuY3JsMGoGCCsGAQUFBwEBBF4wXDA3BggrBgEFBQcw AoYraHR0cDovL2NydC5nYW5kaS5uZXQvR2FuZGlTdGFuZGFyZFNTTENBLmNydDAh BggrBgEFBQcwAYYVaHR0cDovL29jc3AuZ2FuZGkubmV0MCcGA1UdEQQgMB6CC2dj Yy5nbnUub3Jngg93d3cuZ2NjLmdudS5vcmcwDQYJKoZIhvcNAQEFBQADggEBAJRO iwu9rZwuusYNixJ/bmMZHajq2scvfS9iALPYIPpWgsH2ceiU4f0qT1prJxOkLoLG 4LZyFC4eXlf9297G8G9a6x/fmeMu5GJwmYsa+ypTGxQ98olsDVgSgKrvcXUqQ+C8 pOuReSXM/JkgrrfhgA9+bGkxgAVlgoF//+5bkKAOUYdjABxxzuz+8ARy/DFwFh1a IZ5f/p+RBhTKWno1d2TYwXFoyNSS990iaM5i1zn06FEx4jGW/1T1FCkcQE5usyLx RAaGzFmgrq6pqGeKrrrdJg6IjkZFpi58JQSBSC5tNQhPNoRbaAzbmiIAkoR0B4ty USJSLROEY0+plggjtE8= -----END CERTIFICATE----- Intermediate certificate: -----BEGIN CERTIFICATE----- MIIEozCCA4ugAwIBAgIQWrYdrB5NogYUx1U9Pamy3DANBgkqhkiG9w0BAQUFADCB lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt SGFyZHdhcmUwHhcNMDgxMDIzMDAwMDAwWhcNMjAwNTMwMTA0ODM4WjBBMQswCQYD VQQGEwJGUjESMBAGA1UEChMJR0FOREkgU0FTMR4wHAYDVQQDExVHYW5kaSBTdGFu ZGFyZCBTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2VD2l 2w0ieFBqWiOJP5eh1AcaqVgIm6AVwzK2t/HouaVvrTf2bnEbtHUtSF6fxhWqge/l xIiVijpsd8y1zWXkZ+VzyVBSlMEnST6ga0EWQbaUmUGuPsviBkYJ6U2+yUxVqRh+ pt9u/UqyzGxO2chQFZOz8unjwmqtOtX7w3lQnyV5KbJHZHwgPuIITZMpFLY0bs9x Rn52EPT9bKoB0sIG3pKDzFiQLpLeHmW3Yy89sutwjEzgvhWd3sFNVvgLxo4HuV3f lfB7QB8aLNecK0t29Fn1Q8EsZhCenmaWYJ0cdBtOGFwIsG5symkaAum7ynjvZi7j Mv1BXJV0gU302v5LAgMBAAGjggE+MIIBOjAfBgNVHSMEGDAWgBShcl8mGyiYQ5Vd BzfVhZadS9LDRTAdBgNVHQ4EFgQUtqj/oqgv0KbNS7Fo8+dQEDGneSEwDgYDVR0P AQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwGAYDVR0gBBEwDzANBgsrBgEE AbIxAQICGjBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLnVzZXJ0cnVzdC5j b20vVVROLVVTRVJGaXJzdC1IYXJkd2FyZS5jcmwwdAYIKwYBBQUHAQEEaDBmMD0G CCsGAQUFBzAChjFodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVROQWRkVHJ1c3RT ZXJ2ZXJfQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3Qu Y29tMA0GCSqGSIb3DQEBBQUAA4IBAQAZU78DPZvia1r9ukkfT+zhxoI5PNIDBA+r ez6CqYUQH/TeMq9YP/9w8zAdly1MmuLsDD4ULS+YSJ2uFmqsLUKqtWSkcLvrc5R7 RkznehR2W0wdhKEgdB8uS1xwiNy99xk97VkN4j8m4pyspDyVHPi+jAOu8OWcTbzH m1gAv6+t+jducW0YNA7B6mr4Dd9pVFYV8iiz/qRj7MUEZGC7/irw9IehsK69quQv 4wMLL2ZfhaQye0btJQzn8bfnGf1gul+Hd96YB5bkXupjfajeVdphXDyQg0MEBzzd 8/ifBlIK3se2e4/hEfcEejX/arxbx1BJCHBvlEPNnsdw8dvQbdqP -----END CERTIFICATE----- -- ~Lisa Marie Maginnis Senior System Administrator Free Software Foundation http://fsf.org http://gnu.org GPG Key: 61EEC710 [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 836 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: HTTPS access for gcc.gnu.org 2014-05-12 13:44 ` Lisa Marie Maginnis @ 2014-05-12 14:32 ` Frank Ch. Eigler 2014-05-12 15:05 ` Joseph S. Myers 0 siblings, 1 reply; 10+ messages in thread From: Frank Ch. Eigler @ 2014-05-12 14:32 UTC (permalink / raw) To: Lisa Marie Maginnis; +Cc: Frank Ch. Eigler, overseers Hi, Lisa - > Please see below for the certificate and Gandi's intermediate > certificate. Thank you, https://gcc.gnu.org/ now appears to work (using SNI to let clients select between that and the other alter-ego virtualhosts on that server.) - FChE ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: HTTPS access for gcc.gnu.org 2014-05-12 14:32 ` Frank Ch. Eigler @ 2014-05-12 15:05 ` Joseph S. Myers 2014-07-09 16:22 ` Gerald Pfeifer 0 siblings, 1 reply; 10+ messages in thread From: Joseph S. Myers @ 2014-05-12 15:05 UTC (permalink / raw) To: Frank Ch. Eigler; +Cc: Lisa Marie Maginnis, Frank Ch. Eigler, overseers On Mon, 12 May 2014, Frank Ch. Eigler wrote: > Hi, Lisa - > > > Please see below for the certificate and Gandi's intermediate > > certificate. > > Thank you, https://gcc.gnu.org/ now appears to work (using SNI to let > clients select between that and the other alter-ego virtualhosts on > that server.) Gerald, we'll now need to fix the http:// references for the stylesheet to avoid mixed secure/insecure content getting blocked (more generally, http://gcc.gnu.org/ links should be updated to https, but the stylesheet is what simply doesn't work for https accesses to gcc.gnu.org at present). -- Joseph S. Myers joseph@codesourcery.com ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: HTTPS access for gcc.gnu.org 2014-05-12 15:05 ` Joseph S. Myers @ 2014-07-09 16:22 ` Gerald Pfeifer 2014-07-25 20:59 ` Joseph S. Myers 0 siblings, 1 reply; 10+ messages in thread From: Gerald Pfeifer @ 2014-07-09 16:22 UTC (permalink / raw) To: Joseph S. Myers Cc: Frank Ch. Eigler, Lisa Marie Maginnis, Frank Ch. Eigler, overseers On Mon, 12 May 2014, Joseph S. Myers wrote: > Gerald, we'll now need to fix the http:// references for the stylesheet to > avoid mixed secure/insecure content getting blocked (more generally, > http://gcc.gnu.org/ links should be updated to https, but the stylesheet > is what simply doesn't work for https accesses to gcc.gnu.org at present). I believe I have fixed everything now. gcc.gnu.org should be fully https these days. If any of you notices anything missing, please let me know. Gerald ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: HTTPS access for gcc.gnu.org 2014-07-09 16:22 ` Gerald Pfeifer @ 2014-07-25 20:59 ` Joseph S. Myers 2014-07-25 21:52 ` Gerald Pfeifer 0 siblings, 1 reply; 10+ messages in thread From: Joseph S. Myers @ 2014-07-25 20:59 UTC (permalink / raw) To: Gerald Pfeifer Cc: Frank Ch. Eigler, Lisa Marie Maginnis, Frank Ch. Eigler, overseers On Wed, 9 Jul 2014, Gerald Pfeifer wrote: > On Mon, 12 May 2014, Joseph S. Myers wrote: > > Gerald, we'll now need to fix the http:// references for the stylesheet to > > avoid mixed secure/insecure content getting blocked (more generally, > > http://gcc.gnu.org/ links should be updated to https, but the stylesheet > > is what simply doesn't work for https accesses to gcc.gnu.org at present). > > I believe I have fixed everything now. gcc.gnu.org should be fully > https these days. > > If any of you notices anything missing, please let me know. https://gcc.gnu.org/PR12345 redirects to http://gcc.gnu.org/bugzilla/show_bug.cgi?id=12345 (which then redirects back to https) - the same applies for Sourceware Bugzilla as well. I suppose any such redirects located in the web server configuration should be updated to redirect to https. -- Joseph S. Myers joseph@codesourcery.com ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: HTTPS access for gcc.gnu.org 2014-07-25 20:59 ` Joseph S. Myers @ 2014-07-25 21:52 ` Gerald Pfeifer 0 siblings, 0 replies; 10+ messages in thread From: Gerald Pfeifer @ 2014-07-25 21:52 UTC (permalink / raw) To: Joseph S. Myers Cc: Frank Ch. Eigler, Lisa Marie Maginnis, Frank Ch. Eigler, overseers On Fri, 25 Jul 2014, Joseph S. Myers wrote: >> If any of you notices anything missing, please let me know. > https://gcc.gnu.org/PR12345 redirects to > http://gcc.gnu.org/bugzilla/show_bug.cgi?id=12345 (which then redirects > back to https) - the same applies for Sourceware Bugzilla as well. I > suppose any such redirects located in the web server configuration should > be updated to redirect to https. Good catch and diagnosis, Joseph! I just fixed this for gcc.gnu.org/PR12345. Similarly I made the change for Subversion links of the form gcc.gnu.org/r12345. Both now redirect to https directly. (The Subversion links would have stayed with http, so are now using https for the first time after this change.) And I verified that the contents delivered is identical (in case of Subversion links) or equivalent (in case of Bugzilla where some forms have a unique id per invocation). Gerald ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2014-07-25 21:52 UTC | newest] Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2014-05-08 16:57 HTTPS access for gcc.gnu.org Lisa Marie Maginnis 2014-05-08 19:57 ` Frank Ch. Eigler [not found] ` <20140509003739.GA29060@libreplanet-meow> [not found] ` <20140509004806.GE3316@redhat.com> 2014-05-09 21:02 ` Lisa Marie Maginnis 2014-05-09 21:05 ` Frank Ch. Eigler 2014-05-12 13:44 ` Lisa Marie Maginnis 2014-05-12 14:32 ` Frank Ch. Eigler 2014-05-12 15:05 ` Joseph S. Myers 2014-07-09 16:22 ` Gerald Pfeifer 2014-07-25 20:59 ` Joseph S. Myers 2014-07-25 21:52 ` Gerald Pfeifer
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).