haskell.org not sending intermediate certs

davean davean at xkcd.com
Sun Dec 18 22:49:43 UTC 2016


admin at h.o is the correct list though I expect all of us are on ghc-devs at h.o
also :)
I at least read admin with a far higher priority though.

We've gone and added the full chain for clients that don't self-acquire
them and also tightened up the allowed cipher list.
Please let us know if you encounter any further issues.

-davean

On Sun, Dec 18, 2016 at 2:12 PM, Erik Hesselink <hesselink at gmail.com> wrote:

> I noticed this as well, since my work VPN does fairly strict certificate
> checking and didn't allow me to connect to any haskell.org urls due to
> this.
>
> I'm not sure about the right list, I've added admin at haskell.org to the CC
> list.
>
> Erik
>
> On 18 December 2016 at 07:12, Edward Z. Yang <ezyang at mit.edu> wrote:
>
>> See: https://www.sslshopper.com/ssl-checker.html#hostname=www.haskell.org
>>
>> This is causing curl to fail to download it:
>>
>> ezyang at sabre:~/Downloads$ curl  https://www.haskell.org/cabal/
>> release/cabal-install-1.24.0.0/cabal-install-1.24.0.0-x86_64
>> -unknown-mingw32.zip
>> curl: (60) server certificate verification failed. CAfile:
>> /etc/ssl/certs/ca-certificates.crt CRLfile: none
>> More details here: http://curl.haxx.se/docs/sslcerts.html
>>
>> curl performs SSL certificate verification by default, using a "bundle"
>>  of Certificate Authority (CA) public keys (CA certs). If the default
>>  bundle file isn't adequate, you can specify an alternate file
>>  using the --cacert option.
>> If this HTTPS server uses a certificate signed by a CA represented in
>>  the bundle, the certificate verification probably failed due to a
>>  problem with the certificate (it might be expired, or the name might
>>  not match the domain name in the URL).
>> If you'd like to turn off curl's verification of the certificate, use
>>  the -k (or --insecure) option.
>>
>> Apologies if this is the wrong list.
>>
>> Thanks,
>> Edward
>> _______________________________________________
>> ghc-devs mailing list
>> ghc-devs at haskell.org
>> http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/ghc-devs/attachments/20161218/b4bed4c5/attachment.html>


More information about the ghc-devs mailing list