www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geoffrey Corey <geoffcor...@gmail.com>
Subject Re: Git - SSL certificate problem
Date Wed, 29 Apr 2015 22:19:24 GMT
Once we get the new signed cert from the CA (which I'm hoping will be done
by the end of this week) then git-wip-us will be among the first services
on the list to have the cert replaced. If everything goes well, then this
will be done sometime next week. The only monkey wrench is that I need to
put out a 72 hour notice for probable downtime.

Best case scenario: it will be done by 01:00 UTC on Tuesday May 5th. Worst
case: it ill be done sometime next week.

And yeah, since you are public wifi networks, disabling ssl verification is
a bad idea.

On Wed, Apr 29, 2015 at 3:10 PM, OmPrakash Muppirala <bigosmallm@gmail.com>
wrote:

> On Wed, Apr 29, 2015 at 3:03 PM, Geoffrey Corey <geoffcorey7@gmail.com>
> wrote:
>
> > Sorry, I thought you had already turned off ssl verficiation in your git
> > config.
> >
> > For now, you can run this: git config --global http.sslVerify false (if
> you
> > aren't careful, cna be very bad), or you can prefix running git commands
> > with GIT_SSL_NO_VERIFY=true git <command>
> >
> >
>
> I really don't want to do this.  Especially if we are talking about a few
> days worth of waiting.
>
> I am not sure what it means to 'be careful' if I am going to voluntarily
> turn off SSL verification.  I use my laptop in coffee shops and other
> potentially nefarious WIFI connections and I don't want to compromise the
> security of ASF Git and/or my laptop.
>
>
> > I'm still waiting on getting the signed cert from our CA.
> >
> >
> I am guessing it is going to be a few days and not weeks or months?
>
> Thanks,
> Om
>
>
> > On Wed, Apr 29, 2015 at 2:58 PM, OmPrakash Muppirala <
> bigosmallm@gmail.com
> > >
> > wrote:
> >
> > > Geoffrey, is there an ETA for fixing the SHA-1 signature issue?  I
> don't
> > > have any other laptop and I need to get my git working to do any Apache
> > > related work.  Some info about the fix, ETA, etc. would be useful so
> > that I
> > > can schedule my time accordingly.
> > >
> > > Thanks,
> > > Om
> > >
> > > On Sat, Apr 25, 2015 at 9:48 AM, OmPrakash Muppirala <
> > bigosmallm@gmail.com
> > > >
> > > wrote:
> > >
> > > >
> > > > On Apr 25, 2015 8:24 AM, "Geoffrey Corey" <geoffcorey7@gmail.com>
> > wrote:
> > > > >
> > > > > The cert itself is valid, but the intermediate cert has a SHA-1
> > > > signature,
> > > > > which windows seems to have stopped recognizing as valid now (as
> well
> > > as
> > > > > chrome).
> > > > >
> > > > > This being worked on, but I thought instead of making a (possibly)
> > > large
> > > > > change on a Friday afternoon would not have been the best option.
> > > >
> > > > On the bright side,  you will the entire weekend to fix the problems
> > that
> > > > come up ;-)
> > > >
> > > > On a serious note,  it's good to know that this is being worked on.
>  I
> > > > can help test things when a fix is in.
> > > >
> > > > Thanks,
> > > > Om
> > > >
> > > > > On Apr 25, 2015 7:18 AM, "Alex Harui" <aharui@adobe.com> wrote:
> > > > >
> > > > > > I’ve hit this on my home Windows box as well.  Haven’t found
a
> > > > solution.
> > > > > > I just don’t use my Windows box as much any more.  FWIW, I
use
> > > CygWin.
> > > > > >
> > > > > > On 4/25/15, 1:52 AM, "OmPrakash Muppirala" <bigosmallm@gmail.com
> >
> > > > wrote:
> > > > > >
> > > > > > >This might be a very specific issue, but I thought I'd ask
here
> to
> > > > see if
> > > > > > >anyone can point me in the right direction.
> > > > > > >
> > > > > > >I am setting up my new Windows box, using Git Bash, trying
to
> > clone
> > > a
> > > > repo
> > > > > > >from the ASF git server.
> > > > > > >
> > > > > > >Here is what I am trying and the corresponding error message:
> > > > > > >
> > > > > > >$ git clone
> > > > https://git-wip-us.apache.org/repos/asf/flex-utilities.git
> > > > > > >Cloning into 'flex-utilities'...
> > > > > > >fatal: unable to access '
> > > > > > >https://git-wip-us.apache.org/repos/asf/flex-utilities.
> > > > > > >git/': SSL certificate problem: unable to get local issuer
> > > certificate
> > > > > > >
> > > > > > >
> > > > > > >Googling for the SSL certificate problem revealed that the
> easiest
> > > > way to
> > > > > > >fix this is to disable ssl verification by git.  I don't
think
> it
> > > is a
> > > > > > >good
> > > > > > >idea.  Moreover, I have never seen this issue in the past
(with
> my
> > > > other
> > > > > > >windows machines), so I thought I'd first try to get to
the
> bottom
> > > of
> > > > the
> > > > > > >issue before attempting shortcuts.
> > > > > > >
> > > > > > >Any pointers?
> > > > > > >
> > > > > > >Thanks,
> > > > > > >Om
> > > > > >
> > > > > >
> > > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message