httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Fredrik Blenning Klaussen <...@blenning.no>
Subject Re: [Bug 55808] File integrity verification using MD5 and SHA1
Date Wed, 13 Jan 2016 23:05:25 GMT


On 13/01/16 23:56, bugzilla@apache.org wrote:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=55808
> 
> --- Comment #9 from Yann Ylavic <ylavic.dev@gmail.com> --- (In
> reply to Tom Fredrik Blenning from comment #7)
>> Both the SHA-1 checksums and the download are linked to http
>> addresses, but the equivalent https addresses are available.
> 
> No digest/signature is "linked" to any address, to the tarball
> only.

http://www.apache.org/dist/httpd/httpd-2.4.18.tar.bz2.sha1

>> 
>> It just so happens that the https addresses do not have a valid
>> security certificate which is a second bug.
> 
> Could you elaborate? No alert when I access 
> https://www.apache.org/dist/httpd/httpd-2.4.18.tar.bz2.sha1 from
> here.

So I start out at https://httpd.apache.org/download.cgi

The two relevant links from this page are:
http://www.eu.apache.org/dist//httpd/httpd-2.4.18.tar.bz2
http://www.apache.org/dist/httpd/httpd-2.4.18.tar.bz2.sha1

Obviously both are http addresses, so that's the first error when
linked from https.

Replacing http with https for both links works, but for the former:
https://www.eu.apache.org/dist//httpd/httpd-2.4.18.tar.bz2

there is a certificate error. Firefox: (Error code:
ssl_error_bad_cert_domain)

See also:
https://www.sslshopper.com/ssl-checker.html#hostname=www.eu.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message