* HTTPS access for gcc.gnu.org
@ 2014-05-08 16:57 Lisa Marie Maginnis
2014-05-08 19:57 ` Frank Ch. Eigler
0 siblings, 1 reply; 10+ messages in thread
From: Lisa Marie Maginnis @ 2014-05-08 16:57 UTC (permalink / raw)
To: overseers, Frank Ch. Eigler
[-- Attachment #1: Type: text/plain, Size: 434 bytes --]
Hello,
I've gotten a few requests to set up https for gcc.gnu.org.
Is this something we want to do? I can get a certificate for gcc.gnu.org, is
there a volunteer admin willing to install it? I think this is worth doing IMHO.
Let me know so we can get the ball rolling on this,
Thanks :)
--
~Lisa Marie Maginnis
Senior System Administrator
Free Software Foundation
http://fsf.org http://gnu.org
GPG Key: 61EEC710
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: HTTPS access for gcc.gnu.org
2014-05-08 16:57 HTTPS access for gcc.gnu.org Lisa Marie Maginnis
@ 2014-05-08 19:57 ` Frank Ch. Eigler
[not found] ` <20140509003739.GA29060@libreplanet-meow>
0 siblings, 1 reply; 10+ messages in thread
From: Frank Ch. Eigler @ 2014-05-08 19:57 UTC (permalink / raw)
To: Lisa Marie Maginnis; +Cc: overseers
Hi, Lisa -
> Is this something we want to do? I can get a certificate for gcc.gnu.org, is
> there a volunteer admin willing to install it? I think this is worth doing IMHO.
Absolutely. Can you handle a CSR for a key we generate here?
- FChE
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: HTTPS access for gcc.gnu.org
[not found] ` <20140509004806.GE3316@redhat.com>
@ 2014-05-09 21:02 ` Lisa Marie Maginnis
2014-05-09 21:05 ` Frank Ch. Eigler
0 siblings, 1 reply; 10+ messages in thread
From: Lisa Marie Maginnis @ 2014-05-09 21:02 UTC (permalink / raw)
To: Frank Ch. Eigler; +Cc: overseers
[-- Attachment #1.1: Type: text/plain, Size: 588 bytes --]
> I'm not opposed to at least plain user/shell access, but this is new,
> so I'll need to discuss it with the other overseers. In the mean time,
> I can install a CRT quickly if you can get one generated for us.
> Thanks!
I've genearted the cert. I didn't attach my public key (I did this time).
I'd rather not send it over email (unless you want to give me your GPG Key
ID).
Let me know either way so I can get the cert to you.
Thanks!
--
~Lisa Marie Maginnis
Senior System Administrator
Free Software Foundation
http://fsf.org http://gnu.org
GPG Key: 61EEC710
[-- Attachment #1.2: id_rsa.pub --]
[-- Type: text/plain, Size: 396 bytes --]
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKmBZkXj4bdLQMpAVODbUwe7+9UCxxP+rCUGfW18XuVUf22qsA57JyoeePOVatwkD5HhYBMBbKYRltXGsojE6wq1NZhFyy5yJUEzZebK5GFMXvTvY8bpKCHesIlZM/6zAaWDvipjc1l32aDJ6kzRHxZAkpVzIrexCxnSCzfCR188FOcw61iotNC3JNbpASd6TTli9eDV6jm/uczj+VOXbmBhTHdiEUnqW+vOAf2Nc60JOnlDCOB0i7mRKvpTq9MLd3185/Nc5l2rOBCrvnocsJN/IqF8LAsFhWO/1f+Yhq4t/x8N+4w98jobQ2o4ZCaGrx3kNu+IobFKPr4sbeV2lD elisa@stephost
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: HTTPS access for gcc.gnu.org
2014-05-09 21:02 ` Lisa Marie Maginnis
@ 2014-05-09 21:05 ` Frank Ch. Eigler
2014-05-12 13:44 ` Lisa Marie Maginnis
0 siblings, 1 reply; 10+ messages in thread
From: Frank Ch. Eigler @ 2014-05-09 21:05 UTC (permalink / raw)
To: Lisa Marie Maginnis; +Cc: overseers
Hi, Lisa -
Thanks for your ssh public key, we'll keep it somewhere safe, should logon access
be required.
As for the ssl certificate, please feel free to send it unencrypted,
since a crt (unlike a .key) contains no secret information.
- FChE
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: HTTPS access for gcc.gnu.org
2014-05-09 21:05 ` Frank Ch. Eigler
@ 2014-05-12 13:44 ` Lisa Marie Maginnis
2014-05-12 14:32 ` Frank Ch. Eigler
0 siblings, 1 reply; 10+ messages in thread
From: Lisa Marie Maginnis @ 2014-05-12 13:44 UTC (permalink / raw)
To: Frank Ch. Eigler; +Cc: overseers
[-- Attachment #1: Type: text/plain, Size: 4101 bytes --]
Hello,
Please see below for the certificate and Gandi's intermediate
certificate.
Thanks :)
Certificate:
-----BEGIN CERTIFICATE-----
MIIF2jCCBMKgAwIBAgIRAPdYKRwXTUoyQMLO8TtJMNkwDQYJKoZIhvcNAQEFBQAw
QTELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUdBTkRJIFNBUzEeMBwGA1UEAxMVR2Fu
ZGkgU3RhbmRhcmQgU1NMIENBMB4XDTE0MDUwOTAwMDAwMFoXDTE1MDUwOTIzNTk1
OVowVjEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQL
ExJHYW5kaSBTdGFuZGFyZCBTU0wxFDASBgNVBAMTC2djYy5nbnUub3JnMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3gBfIrMGR1IwmDjKej+8TIs/X2dr
nMU3cdnmaUXLjVL6QVFiFW04Q2Kk/pUuMAjM9J4yLy+c+3aDoyqLMPM1Rv4ho1oe
1dMEc1oacbY6jfhAH1eVJ9yUuFMEgch+PP4D4CwwPTNiKt4pTl900IWtu6yFg2h1
bbgxQBJf1WWimyI27wybSE+Rpg4mh/+77OCHwMSODr32NcQ0yHfX2ks1q5glgS3J
EORTr3Pm+98Zi3MCcs1X5rQdn4nPnwI4K/KzKQ/NTmkRDyCJwQLt0S6m5zhrf5P8
AJuX3rd7ItOBraEJ0aSN1EaWiDKN0DqwfczeKEijFIbbhK47MgOHI5AbsILtvgZr
ujfhU9IevmiZf3j7oIZha1v4xm/UtY2iTy/JI+16focGXn6jDYK5m/jLi16oZRMV
z5EQoc0DvNHTxmze4Rvy87f4gvJeZTTpadI2+F1m+L3ysuJKQxmx8bcjsFwr1/mA
PsmP5pMay6zmLuobEU8zCSZaR6ZobF8ylGH7MNbRh10HlYEC0ajSesasqmtXlhbr
pvlFEMYK/Tqsw0EuQ0RGMFDincwWZM9LeaHEYb4nBwlM0/7LbZulGm+NNxrry3Jy
h9OuOo8ndUI/h9JVJYFGgbX13j51+OdDkDH7rvM8nkkzsXKwY3LKLC616KWaFTVy
19iDQVA8I27JJ90CAwEAAaOCAbYwggGyMB8GA1UdIwQYMBaAFLao/6KoL9CmzUux
aPPnUBAxp3khMB0GA1UdDgQWBBSCx1vBzs711Q0pJCOpDA9KLYnN4DAOBgNVHQ8B
Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
BQUHAwIwYAYDVR0gBFkwVzBLBgsrBgEEAbIxAQICGjA8MDoGCCsGAQUFBwIBFi5o
dHRwOi8vd3d3LmdhbmRpLm5ldC9jb250cmFjdHMvZnIvc3NsL2Nwcy9wZGYvMAgG
BmeBDAECATA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmdhbmRpLm5ldC9H
YW5kaVN0YW5kYXJkU1NMQ0EuY3JsMGoGCCsGAQUFBwEBBF4wXDA3BggrBgEFBQcw
AoYraHR0cDovL2NydC5nYW5kaS5uZXQvR2FuZGlTdGFuZGFyZFNTTENBLmNydDAh
BggrBgEFBQcwAYYVaHR0cDovL29jc3AuZ2FuZGkubmV0MCcGA1UdEQQgMB6CC2dj
Yy5nbnUub3Jngg93d3cuZ2NjLmdudS5vcmcwDQYJKoZIhvcNAQEFBQADggEBAJRO
iwu9rZwuusYNixJ/bmMZHajq2scvfS9iALPYIPpWgsH2ceiU4f0qT1prJxOkLoLG
4LZyFC4eXlf9297G8G9a6x/fmeMu5GJwmYsa+ypTGxQ98olsDVgSgKrvcXUqQ+C8
pOuReSXM/JkgrrfhgA9+bGkxgAVlgoF//+5bkKAOUYdjABxxzuz+8ARy/DFwFh1a
IZ5f/p+RBhTKWno1d2TYwXFoyNSS990iaM5i1zn06FEx4jGW/1T1FCkcQE5usyLx
RAaGzFmgrq6pqGeKrrrdJg6IjkZFpi58JQSBSC5tNQhPNoRbaAzbmiIAkoR0B4ty
USJSLROEY0+plggjtE8=
-----END CERTIFICATE-----
Intermediate certificate:
-----BEGIN CERTIFICATE-----
MIIEozCCA4ugAwIBAgIQWrYdrB5NogYUx1U9Pamy3DANBgkqhkiG9w0BAQUFADCB
lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
SGFyZHdhcmUwHhcNMDgxMDIzMDAwMDAwWhcNMjAwNTMwMTA0ODM4WjBBMQswCQYD
VQQGEwJGUjESMBAGA1UEChMJR0FOREkgU0FTMR4wHAYDVQQDExVHYW5kaSBTdGFu
ZGFyZCBTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2VD2l
2w0ieFBqWiOJP5eh1AcaqVgIm6AVwzK2t/HouaVvrTf2bnEbtHUtSF6fxhWqge/l
xIiVijpsd8y1zWXkZ+VzyVBSlMEnST6ga0EWQbaUmUGuPsviBkYJ6U2+yUxVqRh+
pt9u/UqyzGxO2chQFZOz8unjwmqtOtX7w3lQnyV5KbJHZHwgPuIITZMpFLY0bs9x
Rn52EPT9bKoB0sIG3pKDzFiQLpLeHmW3Yy89sutwjEzgvhWd3sFNVvgLxo4HuV3f
lfB7QB8aLNecK0t29Fn1Q8EsZhCenmaWYJ0cdBtOGFwIsG5symkaAum7ynjvZi7j
Mv1BXJV0gU302v5LAgMBAAGjggE+MIIBOjAfBgNVHSMEGDAWgBShcl8mGyiYQ5Vd
BzfVhZadS9LDRTAdBgNVHQ4EFgQUtqj/oqgv0KbNS7Fo8+dQEDGneSEwDgYDVR0P
AQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwGAYDVR0gBBEwDzANBgsrBgEE
AbIxAQICGjBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLnVzZXJ0cnVzdC5j
b20vVVROLVVTRVJGaXJzdC1IYXJkd2FyZS5jcmwwdAYIKwYBBQUHAQEEaDBmMD0G
CCsGAQUFBzAChjFodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVROQWRkVHJ1c3RT
ZXJ2ZXJfQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3Qu
Y29tMA0GCSqGSIb3DQEBBQUAA4IBAQAZU78DPZvia1r9ukkfT+zhxoI5PNIDBA+r
ez6CqYUQH/TeMq9YP/9w8zAdly1MmuLsDD4ULS+YSJ2uFmqsLUKqtWSkcLvrc5R7
RkznehR2W0wdhKEgdB8uS1xwiNy99xk97VkN4j8m4pyspDyVHPi+jAOu8OWcTbzH
m1gAv6+t+jducW0YNA7B6mr4Dd9pVFYV8iiz/qRj7MUEZGC7/irw9IehsK69quQv
4wMLL2ZfhaQye0btJQzn8bfnGf1gul+Hd96YB5bkXupjfajeVdphXDyQg0MEBzzd
8/ifBlIK3se2e4/hEfcEejX/arxbx1BJCHBvlEPNnsdw8dvQbdqP
-----END CERTIFICATE-----
--
~Lisa Marie Maginnis
Senior System Administrator
Free Software Foundation
http://fsf.org http://gnu.org
GPG Key: 61EEC710
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: HTTPS access for gcc.gnu.org
2014-05-12 13:44 ` Lisa Marie Maginnis
@ 2014-05-12 14:32 ` Frank Ch. Eigler
2014-05-12 15:05 ` Joseph S. Myers
0 siblings, 1 reply; 10+ messages in thread
From: Frank Ch. Eigler @ 2014-05-12 14:32 UTC (permalink / raw)
To: Lisa Marie Maginnis; +Cc: Frank Ch. Eigler, overseers
Hi, Lisa -
> Please see below for the certificate and Gandi's intermediate
> certificate.
Thank you, https://gcc.gnu.org/ now appears to work (using SNI to let
clients select between that and the other alter-ego virtualhosts on
that server.)
- FChE
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: HTTPS access for gcc.gnu.org
2014-05-12 14:32 ` Frank Ch. Eigler
@ 2014-05-12 15:05 ` Joseph S. Myers
2014-07-09 16:22 ` Gerald Pfeifer
0 siblings, 1 reply; 10+ messages in thread
From: Joseph S. Myers @ 2014-05-12 15:05 UTC (permalink / raw)
To: Frank Ch. Eigler; +Cc: Lisa Marie Maginnis, Frank Ch. Eigler, overseers
On Mon, 12 May 2014, Frank Ch. Eigler wrote:
> Hi, Lisa -
>
> > Please see below for the certificate and Gandi's intermediate
> > certificate.
>
> Thank you, https://gcc.gnu.org/ now appears to work (using SNI to let
> clients select between that and the other alter-ego virtualhosts on
> that server.)
Gerald, we'll now need to fix the http:// references for the stylesheet to
avoid mixed secure/insecure content getting blocked (more generally,
http://gcc.gnu.org/ links should be updated to https, but the stylesheet
is what simply doesn't work for https accesses to gcc.gnu.org at present).
--
Joseph S. Myers
joseph@codesourcery.com
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: HTTPS access for gcc.gnu.org
2014-05-12 15:05 ` Joseph S. Myers
@ 2014-07-09 16:22 ` Gerald Pfeifer
2014-07-25 20:59 ` Joseph S. Myers
0 siblings, 1 reply; 10+ messages in thread
From: Gerald Pfeifer @ 2014-07-09 16:22 UTC (permalink / raw)
To: Joseph S. Myers
Cc: Frank Ch. Eigler, Lisa Marie Maginnis, Frank Ch. Eigler, overseers
On Mon, 12 May 2014, Joseph S. Myers wrote:
> Gerald, we'll now need to fix the http:// references for the stylesheet to
> avoid mixed secure/insecure content getting blocked (more generally,
> http://gcc.gnu.org/ links should be updated to https, but the stylesheet
> is what simply doesn't work for https accesses to gcc.gnu.org at present).
I believe I have fixed everything now. gcc.gnu.org should be fully
https these days.
If any of you notices anything missing, please let me know.
Gerald
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: HTTPS access for gcc.gnu.org
2014-07-09 16:22 ` Gerald Pfeifer
@ 2014-07-25 20:59 ` Joseph S. Myers
2014-07-25 21:52 ` Gerald Pfeifer
0 siblings, 1 reply; 10+ messages in thread
From: Joseph S. Myers @ 2014-07-25 20:59 UTC (permalink / raw)
To: Gerald Pfeifer
Cc: Frank Ch. Eigler, Lisa Marie Maginnis, Frank Ch. Eigler, overseers
On Wed, 9 Jul 2014, Gerald Pfeifer wrote:
> On Mon, 12 May 2014, Joseph S. Myers wrote:
> > Gerald, we'll now need to fix the http:// references for the stylesheet to
> > avoid mixed secure/insecure content getting blocked (more generally,
> > http://gcc.gnu.org/ links should be updated to https, but the stylesheet
> > is what simply doesn't work for https accesses to gcc.gnu.org at present).
>
> I believe I have fixed everything now. gcc.gnu.org should be fully
> https these days.
>
> If any of you notices anything missing, please let me know.
https://gcc.gnu.org/PR12345 redirects to
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=12345 (which then redirects
back to https) - the same applies for Sourceware Bugzilla as well. I
suppose any such redirects located in the web server configuration should
be updated to redirect to https.
--
Joseph S. Myers
joseph@codesourcery.com
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: HTTPS access for gcc.gnu.org
2014-07-25 20:59 ` Joseph S. Myers
@ 2014-07-25 21:52 ` Gerald Pfeifer
0 siblings, 0 replies; 10+ messages in thread
From: Gerald Pfeifer @ 2014-07-25 21:52 UTC (permalink / raw)
To: Joseph S. Myers
Cc: Frank Ch. Eigler, Lisa Marie Maginnis, Frank Ch. Eigler, overseers
On Fri, 25 Jul 2014, Joseph S. Myers wrote:
>> If any of you notices anything missing, please let me know.
> https://gcc.gnu.org/PR12345 redirects to
> http://gcc.gnu.org/bugzilla/show_bug.cgi?id=12345 (which then redirects
> back to https) - the same applies for Sourceware Bugzilla as well. I
> suppose any such redirects located in the web server configuration should
> be updated to redirect to https.
Good catch and diagnosis, Joseph!
I just fixed this for gcc.gnu.org/PR12345.
Similarly I made the change for Subversion links of the form
gcc.gnu.org/r12345.
Both now redirect to https directly. (The Subversion links would have
stayed with http, so are now using https for the first time after this
change.) And I verified that the contents delivered is identical (in
case of Subversion links) or equivalent (in case of Bugzilla where some
forms have a unique id per invocation).
Gerald
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2014-07-25 21:52 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-05-08 16:57 HTTPS access for gcc.gnu.org Lisa Marie Maginnis
2014-05-08 19:57 ` Frank Ch. Eigler
[not found] ` <20140509003739.GA29060@libreplanet-meow>
[not found] ` <20140509004806.GE3316@redhat.com>
2014-05-09 21:02 ` Lisa Marie Maginnis
2014-05-09 21:05 ` Frank Ch. Eigler
2014-05-12 13:44 ` Lisa Marie Maginnis
2014-05-12 14:32 ` Frank Ch. Eigler
2014-05-12 15:05 ` Joseph S. Myers
2014-07-09 16:22 ` Gerald Pfeifer
2014-07-25 20:59 ` Joseph S. Myers
2014-07-25 21:52 ` Gerald Pfeifer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).