[prev in list] [next in list] [prev in thread] [next in thread]
List: opensuse-buildservice
Subject: Re: OSCP server for download.opensuse.org down?
From: Philipp Wagner <mail () philipp-wagner ! com>
Date: 2021-06-09 12:05:43
Message-ID: b80ccda7-a742-15c2-8b23-d1dff09e8c72 () philipp-wagner ! com
[Download RAW message or body]
Hi,
Seems like this is resolved now, but now the mirrors are out of sync
(gwdg is serving badly outdated things). I saw
https://progress.opensuse.org/issues/93686 and will report back if
things don't go back to normal in the next couple of hours.
Thanks!
Philipp
On 09.06.21 10:27, Philipp Wagner wrote:
> Hi,
>
> Could it be that the OSCP (SSL cert revocation) server for
> download.opensuse.org is down?
>
> apt, by default, requires OSCP responses and fails to install otherwise
> (in contrast to browsers, for example), making the repository
> unavailable for me.
>
> This started this morning (Europe):
>
> Apt error message:
>
> Err:9
> https://download.opensuse.org/repositories/home:/phiwag:/edatools/xUbuntu_18.04
> Release
> Certificate verification failed: The certificate is NOT trusted. The
> received OCSP status response is invalid. Could not handshake: Error in
> the certificate verification. [IP: 195.135.221.134 443]
>
>
> Curl agrees with apt (note the "Invalid OCSP response status: trylater"):
>
> ❯ curl --cert-status -sLO --verbose
> https://download.opensuse.org/repositories/home:/phiwag:/edatools/xUbuntu_18.04/verilator-4.100_4.100.orig.tar.gz \
>
> * Trying 195.135.221.134:443...
> * Connected to download.opensuse.org (195.135.221.134) port 443 (#0)
> * ALPN, offering h2
> * ALPN, offering http/1.1
> } [5 bytes data]
> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> } [512 bytes data]
> * TLSv1.3 (IN), TLS handshake, Server hello (2):
> { [122 bytes data]
> * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
> { [19 bytes data]
> * TLSv1.3 (IN), TLS handshake, Certificate (11):
> { [2744 bytes data]
> * TLSv1.3 (IN), TLS handshake, CERT verify (15):
> { [520 bytes data]
> * TLSv1.3 (IN), TLS handshake, Finished (20):
> { [52 bytes data]
> * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
> } [1 bytes data]
> * TLSv1.3 (OUT), TLS handshake, Finished (20):
> } [52 bytes data]
> * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
> * ALPN, server accepted to use h2
> * Server certificate:
> * subject: CN=opensuse.org
> * start date: Apr 27 00:52:15 2021 GMT
> * expire date: Jul 26 00:52:15 2021 GMT
> * subjectAltName: host "download.opensuse.org" matched cert's
> "*.opensuse.org"
> * issuer: C=US; O=Let's Encrypt; CN=R3
> * SSL certificate verify ok.
> * Invalid OCSP response status: trylater (3)
> * Closing connection 0
> } [5 bytes data]
> * TLSv1.3 (OUT), TLS alert, close notify (256):
> } [2 bytes data]
>
>
> What's the best way to inform someone who can fix this?
>
> Thanks!
>
> Philipp
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic