Opened 10 years ago
Closed 10 years ago
#43344 closed defect (fixed)
Server certificate not trusted on buildslaves
| Reported by: | ryandesign (Ryan Carsten Schmidt) | Owned by: | skarulkar@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | server/hosting | Version: | |
| Keywords: | Cc: | mojca (Mojca Miklavec) | |
| Port: |
Description
The Lion, Mountain Lion and Mavericks buildslaves are not building anything since the certificates changed to fix the heartbleed bug:
svn: E175002: Unable to connect to a repository at URL 'https://svn.macports.org/repository/macports/contrib/mpab' svn: E175002: OPTIONS of 'https://svn.macports.org/repository/macports/contrib/mpab': Server certificate verification failed: issuer is not trusted (https://svn.macports.org)
The new certificates need to be manually accepted once on each of those three buildslaves. We just went through this recently when we switched ssl providers so hopefully we still remember the process:
Change History (4)
comment:1 Changed 10 years ago by mojca (Mojca Miklavec)
| Cc: | mojca@… added |
|---|
comment:2 follow-up: 3 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)
Also, from the Subversion and Heartbleed announcement today, you should manually remove the old certificate from the list of accepted certificates:
On Apr 12, 2014, at 21:08, Ben Reser <breser at apache dot org> wrote:
If you have already trusted certificates that are now revoked you will also need to remove them from your authentication store for Subversion. This will be stored under ~/.subversion/auth/svn.ssl.server or %APPDATA%\Subversion\auth\svn.ssl.server. You can delete the entire directory to remove all accepted certificates or just delete specific files within the directory to remove just those certs. The files are simply text files containing some data, you should be able to read them to locate the specific keys you which to remove.
In fact, probably every user running Lion or newer should be doing that as well... We may need to announce that.
comment:3 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)
Replying to ryandesign@…:
In fact, probably every user running Lion or newer should be doing that as well... We may need to announce that.
Well, every user accessing the MacPorts subversion repository. So primarily developers, although some users may be using subversion working copies to get around rsync restrictions on their network.
comment:4 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
In the mean time, the certificates have been accepted and the buildslaves are working fine.
Cc Me!