[Rd] r-project.org SSL certificate issues

Bob Rudis bob @end|ng |rom rud@|@
Sat May 30 23:07:29 CEST 2020


It's the top of chain CA cert, so browsers are being lazy and helpful
to humans by (incorrectly, albeit) relying on the existing trust
relationship.

libcurl (et al) is not nearly as forgiving.

On Sat, May 30, 2020 at 5:01 PM peter dalgaard <pdalgd using gmail.com> wrote:
>
> Odd. Safari has no problem and says certificate expires August 16 2020, but I also see the download.file issue with 4.0.1 beta:
>
> > download.file("https://www.r-project.org", tempfile())
> trying URL 'https://www.r-project.org'
> Error in download.file("https://www.r-project.org", tempfile()) :
>   cannot open URL 'https://www.r-project.org'
> In addition: Warning message:
> In download.file("https://www.r-project.org", tempfile()) :
>   URL 'https://www.r-project.org/': status was 'Peer certificate cannot be authenticated with given CA certificates'
>
> (note slightly different error message).
>
> svn is also affected:
>
> Peters-MacBook-Air:R pd$ svn up
> Updating '.':
> Error validating server certificate for 'https://svn.r-project.org:443':
>  - The certificate has expired.
> Certificate information:
>  - Hostname: *.r-project.org
>  - Valid: from Aug 16 00:00:00 2018 GMT until Aug 15 23:59:59 2020 GMT
>  - Issuer: COMODO RSA Domain Validation Secure Server CA, COMODO CA Limited, Salford, Greater Manchester, GB
>  - Fingerprint: 93:B8:AF:9F:0A:67:2F:3A:C9:BA:FF:86:BB:2C:08:47:02:7F:1D:8D
> (R)eject, accept (t)emporarily or accept (p)ermanently? t
> U    src/library/grid/R/grob.R
> ....
>
> ssltest shows two certificates of which only one is expired?
>
> -pd
>
>
>
> > On 30 May 2020, at 22:17 , Gábor Csárdi <csardi.gabor using gmail.com> wrote:
> >
> > On macOS 10.15.5 and R-devel:
> >
> >> download.file("https://www.r-project.org", tempfile())
> > trying URL 'https://www.r-project.org'
> > Error in download.file("https://www.r-project.org", tempfile()) :
> >  cannot open URL 'https://www.r-project.org'
> > In addition: Warning message:
> > In download.file("https://www.r-project.org", tempfile()) :
> >  URL 'https://www.r-project.org': status was 'SSL peer certificate or
> > SSH remote key was not OK'
> >
> > https://www.ssllabs.com/ssltest says:
> >
> > COMODO RSA Certification Authority
> > Fingerprint SHA256:
> > 4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da
> > Pin SHA256: grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=
> > Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51
> > minutes ago)   EXPIRED
> >
> > AFAICT this is the reason:
> > https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020
> >
> > FYI,
> > Gabor
> >
> > ______________________________________________
> > R-devel using r-project.org mailing list
> > https://stat.ethz.ch/mailman/listinfo/r-devel
>
> --
> Peter Dalgaard, Professor,
> Center for Statistics, Copenhagen Business School
> Solbjerg Plads 3, 2000 Frederiksberg, Denmark
> Phone: (+45)38153501
> Office: A 4.23
> Email: pd.mes using cbs.dk  Priv: PDalgd using gmail.com
>
> ______________________________________________
> R-devel using r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel



More information about the R-devel mailing list