* Re: sourcewware.org has incorrect SSL certiciate (cygwin.com)
[not found] <CAGc9EvcKCc=qKBgZCe9bmoExyOwiaNwRJ2iyWjo4RR06EnDY8w@mail.gmail.com>
@ 2014-06-28 1:01 ` Ian Lance Taylor
2014-06-28 1:05 ` Frank Ch. Eigler
0 siblings, 1 reply; 5+ messages in thread
From: Ian Lance Taylor @ 2014-06-28 1:01 UTC (permalink / raw)
To: Jonny Grant, overseers
Overseers, anybody know what's up with this? Are we doing SSL
certificates incorrectly?
Jonny, note that sourceware.org and cygwin.com are the same physical
machine.
Ian
Jonny Grant <jg@jguk.org> writes:
> Hello Ian
>
> I saw you are technical contact for sourceware.org WHOIS
>
> I case you are not aware: Could I ask if you could discuss with
> webmaster of sourceware.org to update the SSL certificate to be for
> sourceware.org rather than cygwin.com.
>
> Access to sourceware.org is blocked by corporate firewall due to this
> at present:
>
> =================
> This is probably not the site that you are looking for!
> You attempted to reach sourceware.org, but instead you actually
> reached a server identifying itself as cygwin.com. This may be caused
> by a misconfiguration on the server or by something more serious. An
> attacker on your network could be trying to get you to visit a fake
> (and potentially harmful) version of sourceware.org.
> =================
>
> Regards, Jon
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: sourcewware.org has incorrect SSL certiciate (cygwin.com)
2014-06-28 1:01 ` sourcewware.org has incorrect SSL certiciate (cygwin.com) Ian Lance Taylor
@ 2014-06-28 1:05 ` Frank Ch. Eigler
2014-06-28 10:15 ` Jonny Grant
0 siblings, 1 reply; 5+ messages in thread
From: Frank Ch. Eigler @ 2014-06-28 1:05 UTC (permalink / raw)
To: jg, overseers
Hi -
> Overseers, anybody know what's up with this? Are we doing SSL
> certificates incorrectly?
At the SMTP/qmail level, one can't have https-style domain-based
virtual hosting, so we use the sourceware.org certificate. Perhaps
this is related to the problem, but there wasn't much information as
to what operation was actually blocked by their firewall.
- FChE
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: sourcewware.org has incorrect SSL certiciate (cygwin.com)
2014-06-28 1:05 ` Frank Ch. Eigler
@ 2014-06-28 10:15 ` Jonny Grant
2014-06-29 12:00 ` Joseph S. Myers
0 siblings, 1 reply; 5+ messages in thread
From: Jonny Grant @ 2014-06-28 10:15 UTC (permalink / raw)
To: Frank Ch. Eigler, overseers
On 28/06/14 02:04, Frank Ch. Eigler wrote:
> Hi -
>
>> Overseers, anybody know what's up with this? Are we doing SSL
>> certificates incorrectly?
>
> At the SMTP/qmail level, one can't have https-style domain-based
> virtual hosting, so we use the sourceware.org certificate. Perhaps
> this is related to the problem, but there wasn't much information as
> to what operation was actually blocked by their firewall.
Hi Frank
This was the email I received, and I clicked on the link:
https://sourceware.org/bugzilla/show_bug.cgi?id=13228
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
When I tried the other day, the SSL certificate in Chrome showed me
cygwin.com, I now see when I check today that is working ok (but I am at
home, not behind corporate firewall).
Could I ask if the configuration has just been changed?
I can check again next week at office.
Regards, Jon
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: sourcewware.org has incorrect SSL certiciate (cygwin.com)
2014-06-28 10:15 ` Jonny Grant
@ 2014-06-29 12:00 ` Joseph S. Myers
2014-06-30 8:05 ` Jonny Grant
0 siblings, 1 reply; 5+ messages in thread
From: Joseph S. Myers @ 2014-06-29 12:00 UTC (permalink / raw)
To: Jonny Grant; +Cc: Frank Ch. Eigler, overseers
On Sat, 28 Jun 2014, Jonny Grant wrote:
> This was the email I received, and I clicked on the link:
>
>
>
> https://sourceware.org/bugzilla/show_bug.cgi?id=13228
At HTTPS level, I believe we're using SNI - make sure your firewall
supports this. As Windows XP is now end-of-life and IE on XP was the last
major browser not supporting SNI, SNI is likely to become increasingly
widely used.
--
Joseph S. Myers
joseph@codesourcery.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: sourcewware.org has incorrect SSL certiciate (cygwin.com)
2014-06-29 12:00 ` Joseph S. Myers
@ 2014-06-30 8:05 ` Jonny Grant
0 siblings, 0 replies; 5+ messages in thread
From: Jonny Grant @ 2014-06-30 8:05 UTC (permalink / raw)
To: Joseph S. Myers; +Cc: Frank Ch. Eigler, overseers
On 29 June 2014 13:00, Joseph S. Myers <joseph@codesourcery.com> wrote:
B> On Sat, 28 Jun 2014, Jonny Grant wrote:
>
>> This was the email I received, and I clicked on the link:
>>
>>
>>
>> https://sourceware.org/bugzilla/show_bug.cgi?id=13228
>
> At HTTPS level, I believe we're using SNI - make sure your firewall
> supports this. As Windows XP is now end-of-life and IE on XP was the last
> major browser not supporting SNI, SNI is likely to become increasingly
> widely used.
Hello Joseph
Many thanks for you reply. I checked again this morning and it has the
same problem at office. The corporate firewall probably has an SNI
issue, so I have informed them.
My only other idea was if you could host your site on separate IPs
Sorry to send you on a wild goose chase.
Regards, Jon
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-06-30 8:05 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <CAGc9EvcKCc=qKBgZCe9bmoExyOwiaNwRJ2iyWjo4RR06EnDY8w@mail.gmail.com>
2014-06-28 1:01 ` sourcewware.org has incorrect SSL certiciate (cygwin.com) Ian Lance Taylor
2014-06-28 1:05 ` Frank Ch. Eigler
2014-06-28 10:15 ` Jonny Grant
2014-06-29 12:00 ` Joseph S. Myers
2014-06-30 8:05 ` Jonny Grant
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).