haskell.org not sending intermediate certs
davean at xkcd.com
Sun Dec 18 22:49:43 UTC 2016
admin at h.o is the correct list though I expect all of us are on ghc-devs at h.o
I at least read admin with a far higher priority though.
We've gone and added the full chain for clients that don't self-acquire
them and also tightened up the allowed cipher list.
Please let us know if you encounter any further issues.
On Sun, Dec 18, 2016 at 2:12 PM, Erik Hesselink <hesselink at gmail.com> wrote:
> I noticed this as well, since my work VPN does fairly strict certificate
> checking and didn't allow me to connect to any haskell.org urls due to
> I'm not sure about the right list, I've added admin at haskell.org to the CC
> On 18 December 2016 at 07:12, Edward Z. Yang <ezyang at mit.edu> wrote:
>> See: https://www.sslshopper.com/ssl-checker.html#hostname=www.haskell.org
>> This is causing curl to fail to download it:
>> ezyang at sabre:~/Downloads$ curl https://www.haskell.org/cabal/
>> curl: (60) server certificate verification failed. CAfile:
>> /etc/ssl/certs/ca-certificates.crt CRLfile: none
>> More details here: http://curl.haxx.se/docs/sslcerts.html
>> curl performs SSL certificate verification by default, using a "bundle"
>> of Certificate Authority (CA) public keys (CA certs). If the default
>> bundle file isn't adequate, you can specify an alternate file
>> using the --cacert option.
>> If this HTTPS server uses a certificate signed by a CA represented in
>> the bundle, the certificate verification probably failed due to a
>> problem with the certificate (it might be expired, or the name might
>> not match the domain name in the URL).
>> If you'd like to turn off curl's verification of the certificate, use
>> the -k (or --insecure) option.
>> Apologies if this is the wrong list.
>> ghc-devs mailing list
>> ghc-devs at haskell.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ghc-devs