[Rd] r-project.org SSL certificate issues
Bob Rudis
bob @end|ng |rom rud@|@
Sat May 30 23:23:53 CEST 2020
I've updated the dashboard (https://rud.is/r-project-cert-status/)
script and my notifier script to account for the entire chain in each
cert.
On Sat, May 30, 2020 at 5:16 PM Bob Rudis <bob using rud.is> wrote:
>
> # A tibble: 13 x 1
> site
> <chr>
> 1 beta.r-project.org
> 2 bugs.r-project.org
> 3 cran-archive.r-project.org
> 4 cran.r-project.org
> 5 developer.r-project.org
> 6 ess.r-project.org
> 7 ftp.cran.r-project.org
> 8 journal.r-project.org
> 9 r-project.org
> 10 svn.r-project.org
> 11 user2011.r-project.org
> 12 www.cran.r-project.org
> 13 www.r-project.org
>
> is the whole list b/c of the wildcard cert.
>
> On Sat, May 30, 2020 at 5:07 PM Bob Rudis <bob using rud.is> wrote:
> >
> > It's the top of chain CA cert, so browsers are being lazy and helpful
> > to humans by (incorrectly, albeit) relying on the existing trust
> > relationship.
> >
> > libcurl (et al) is not nearly as forgiving.
> >
> > On Sat, May 30, 2020 at 5:01 PM peter dalgaard <pdalgd using gmail.com> wrote:
> > >
> > > Odd. Safari has no problem and says certificate expires August 16 2020, but I also see the download.file issue with 4.0.1 beta:
> > >
> > > > download.file("https://www.r-project.org", tempfile())
> > > trying URL 'https://www.r-project.org'
> > > Error in download.file("https://www.r-project.org", tempfile()) :
> > > cannot open URL 'https://www.r-project.org'
> > > In addition: Warning message:
> > > In download.file("https://www.r-project.org", tempfile()) :
> > > URL 'https://www.r-project.org/': status was 'Peer certificate cannot be authenticated with given CA certificates'
> > >
> > > (note slightly different error message).
> > >
> > > svn is also affected:
> > >
> > > Peters-MacBook-Air:R pd$ svn up
> > > Updating '.':
> > > Error validating server certificate for 'https://svn.r-project.org:443':
> > > - The certificate has expired.
> > > Certificate information:
> > > - Hostname: *.r-project.org
> > > - Valid: from Aug 16 00:00:00 2018 GMT until Aug 15 23:59:59 2020 GMT
> > > - Issuer: COMODO RSA Domain Validation Secure Server CA, COMODO CA Limited, Salford, Greater Manchester, GB
> > > - Fingerprint: 93:B8:AF:9F:0A:67:2F:3A:C9:BA:FF:86:BB:2C:08:47:02:7F:1D:8D
> > > (R)eject, accept (t)emporarily or accept (p)ermanently? t
> > > U src/library/grid/R/grob.R
> > > ....
> > >
> > > ssltest shows two certificates of which only one is expired?
> > >
> > > -pd
> > >
> > >
> > >
> > > > On 30 May 2020, at 22:17 , Gábor Csárdi <csardi.gabor using gmail.com> wrote:
> > > >
> > > > On macOS 10.15.5 and R-devel:
> > > >
> > > >> download.file("https://www.r-project.org", tempfile())
> > > > trying URL 'https://www.r-project.org'
> > > > Error in download.file("https://www.r-project.org", tempfile()) :
> > > > cannot open URL 'https://www.r-project.org'
> > > > In addition: Warning message:
> > > > In download.file("https://www.r-project.org", tempfile()) :
> > > > URL 'https://www.r-project.org': status was 'SSL peer certificate or
> > > > SSH remote key was not OK'
> > > >
> > > > https://www.ssllabs.com/ssltest says:
> > > >
> > > > COMODO RSA Certification Authority
> > > > Fingerprint SHA256:
> > > > 4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da
> > > > Pin SHA256: grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=
> > > > Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51
> > > > minutes ago) EXPIRED
> > > >
> > > > AFAICT this is the reason:
> > > > https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020
> > > >
> > > > FYI,
> > > > Gabor
> > > >
> > > > ______________________________________________
> > > > R-devel using r-project.org mailing list
> > > > https://stat.ethz.ch/mailman/listinfo/r-devel
> > >
> > > --
> > > Peter Dalgaard, Professor,
> > > Center for Statistics, Copenhagen Business School
> > > Solbjerg Plads 3, 2000 Frederiksberg, Denmark
> > > Phone: (+45)38153501
> > > Office: A 4.23
> > > Email: pd.mes using cbs.dk Priv: PDalgd using gmail.com
> > >
> > > ______________________________________________
> > > R-devel using r-project.org mailing list
> > > https://stat.ethz.ch/mailman/listinfo/r-devel
More information about the R-devel
mailing list