[Rd] r-project.org SSL certificate issues

Bob Rudis bob @end|ng |rom rud@|@
Sat May 30 23:16:44 CEST 2020


# A tibble: 13 x 1
   site
   <chr>
 1 beta.r-project.org
 2 bugs.r-project.org
 3 cran-archive.r-project.org
 4 cran.r-project.org
 5 developer.r-project.org
 6 ess.r-project.org
 7 ftp.cran.r-project.org
 8 journal.r-project.org
 9 r-project.org
10 svn.r-project.org
11 user2011.r-project.org
12 www.cran.r-project.org
13 www.r-project.org

is the whole list b/c of the wildcard cert.

On Sat, May 30, 2020 at 5:07 PM Bob Rudis <bob using rud.is> wrote:
>
> It's the top of chain CA cert, so browsers are being lazy and helpful
> to humans by (incorrectly, albeit) relying on the existing trust
> relationship.
>
> libcurl (et al) is not nearly as forgiving.
>
> On Sat, May 30, 2020 at 5:01 PM peter dalgaard <pdalgd using gmail.com> wrote:
> >
> > Odd. Safari has no problem and says certificate expires August 16 2020, but I also see the download.file issue with 4.0.1 beta:
> >
> > > download.file("https://www.r-project.org", tempfile())
> > trying URL 'https://www.r-project.org'
> > Error in download.file("https://www.r-project.org", tempfile()) :
> >   cannot open URL 'https://www.r-project.org'
> > In addition: Warning message:
> > In download.file("https://www.r-project.org", tempfile()) :
> >   URL 'https://www.r-project.org/': status was 'Peer certificate cannot be authenticated with given CA certificates'
> >
> > (note slightly different error message).
> >
> > svn is also affected:
> >
> > Peters-MacBook-Air:R pd$ svn up
> > Updating '.':
> > Error validating server certificate for 'https://svn.r-project.org:443':
> >  - The certificate has expired.
> > Certificate information:
> >  - Hostname: *.r-project.org
> >  - Valid: from Aug 16 00:00:00 2018 GMT until Aug 15 23:59:59 2020 GMT
> >  - Issuer: COMODO RSA Domain Validation Secure Server CA, COMODO CA Limited, Salford, Greater Manchester, GB
> >  - Fingerprint: 93:B8:AF:9F:0A:67:2F:3A:C9:BA:FF:86:BB:2C:08:47:02:7F:1D:8D
> > (R)eject, accept (t)emporarily or accept (p)ermanently? t
> > U    src/library/grid/R/grob.R
> > ....
> >
> > ssltest shows two certificates of which only one is expired?
> >
> > -pd
> >
> >
> >
> > > On 30 May 2020, at 22:17 , Gábor Csárdi <csardi.gabor using gmail.com> wrote:
> > >
> > > On macOS 10.15.5 and R-devel:
> > >
> > >> download.file("https://www.r-project.org", tempfile())
> > > trying URL 'https://www.r-project.org'
> > > Error in download.file("https://www.r-project.org", tempfile()) :
> > >  cannot open URL 'https://www.r-project.org'
> > > In addition: Warning message:
> > > In download.file("https://www.r-project.org", tempfile()) :
> > >  URL 'https://www.r-project.org': status was 'SSL peer certificate or
> > > SSH remote key was not OK'
> > >
> > > https://www.ssllabs.com/ssltest says:
> > >
> > > COMODO RSA Certification Authority
> > > Fingerprint SHA256:
> > > 4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da
> > > Pin SHA256: grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=
> > > Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51
> > > minutes ago)   EXPIRED
> > >
> > > AFAICT this is the reason:
> > > https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020
> > >
> > > FYI,
> > > Gabor
> > >
> > > ______________________________________________
> > > R-devel using r-project.org mailing list
> > > https://stat.ethz.ch/mailman/listinfo/r-devel
> >
> > --
> > Peter Dalgaard, Professor,
> > Center for Statistics, Copenhagen Business School
> > Solbjerg Plads 3, 2000 Frederiksberg, Denmark
> > Phone: (+45)38153501
> > Office: A 4.23
> > Email: pd.mes using cbs.dk  Priv: PDalgd using gmail.com
> >
> > ______________________________________________
> > R-devel using r-project.org mailing list
> > https://stat.ethz.ch/mailman/listinfo/r-devel



More information about the R-devel mailing list