haskell.org not sending intermediate certs

Edward Z. Yang ezyang at mit.edu
Mon Dec 19 04:04:51 UTC 2016 

curl is working now, and the SSL checker is all green. Thanks!

Edward

Excerpts from davean's message of 2016-12-18 17:49:43 -0500:
> admin at h.o is the correct list though I expect all of us are on ghc-devs at h.o
> also :)
> I at least read admin with a far higher priority though.
> 
> We've gone and added the full chain for clients that don't self-acquire
> them and also tightened up the allowed cipher list.
> Please let us know if you encounter any further issues.
> 
> -davean
> 
> On Sun, Dec 18, 2016 at 2:12 PM, Erik Hesselink <hesselink at gmail.com> wrote:
> 
> > I noticed this as well, since my work VPN does fairly strict certificate
> > checking and didn't allow me to connect to any haskell.org urls due to
> > this.
> >
> > I'm not sure about the right list, I've added admin at haskell.org to the CC
> > list.
> >
> > Erik
> >
> > On 18 December 2016 at 07:12, Edward Z. Yang <ezyang at mit.edu> wrote:
> >
> >> See: https://www.sslshopper.com/ssl-checker.html#hostname=www.haskell.org
> >>
> >> This is causing curl to fail to download it:
> >>
> >> ezyang at sabre:~/Downloads$ curl  https://www.haskell.org/cabal/
> >> release/cabal-install-1.24.0.0/cabal-install-1.24.0.0-x86_64
> >> -unknown-mingw32.zip
> >> curl: (60) server certificate verification failed. CAfile:
> >> /etc/ssl/certs/ca-certificates.crt CRLfile: none
> >> More details here: http://curl.haxx.se/docs/sslcerts.html
> >>
> >> curl performs SSL certificate verification by default, using a "bundle"
> >>  of Certificate Authority (CA) public keys (CA certs). If the default
> >>  bundle file isn't adequate, you can specify an alternate file
> >>  using the --cacert option.
> >> If this HTTPS server uses a certificate signed by a CA represented in
> >>  the bundle, the certificate verification probably failed due to a
> >>  problem with the certificate (it might be expired, or the name might
> >>  not match the domain name in the URL).
> >> If you'd like to turn off curl's verification of the certificate, use
> >>  the -k (or --insecure) option.
> >>
> >> Apologies if this is the wrong list.
> >>
> >> Thanks,
> >> Edward
> >> _______________________________________________
> >> ghc-devs mailing list
> >> ghc-devs at haskell.org
> >> http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
> >>
> >
> >

More information about the ghc-devs mailing list