Bug 639890 – SSL does not work

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 639890 - SSL does not work


Summary:	SSL does not work


Status:	RESOLVED FIXED

Product:	sysadmin
Classification:	Infrastructure
Component:	Certificates
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	GNOME Sysadmins
QA Contact:	GNOME Sysadmins

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2011-01-18 21:04 UTC by Rodney Dawes
Modified:	2013-07-02 20:28 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Rodney Dawes 2011-01-18 21:04:48 UTC

The https://planet.gnome.org/ URL does not load properly. It presents an invalid certificate (which is only valid for www.gnome.org), and if validation is skipped, presents the default RHEL apache installed web site.

Please get a new certificate for the planet domain, or add the domain to the existing certificate, and point the apache config at the proper web site location.

Comment 1 Alberto Ruiz 2011-09-24 21:38:29 UTC

Confirmed, however this is something for the sysadmin team.

Comment 2 Olav Vitters 2011-09-24 21:40:41 UTC

planet.gnome.org is on a shared host. It doesn't have SSL.

Comment 3 Andrea Veri 2013-03-06 13:12:01 UTC

SSL has been enabled on planet.gnome.org. Closing.

Comment 4 Michael Biebl 2013-06-29 04:52:34 UTC

Not sure if it is related, but my Tiny Tiny RSS installation now generates errors when pulling the feed from https://planet.gnome.org/rss20.xml.

Running curl manually, I get 
# curl https://planet.gnome.org/rss20.xml
curl: (35) error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112)

Comment 5 Andrea Veri 2013-07-01 13:25:56 UTC

We recently moved planet.gnome.org to our proxies, I feel you were still caching the old DNS entry. Everything seems to work correctly here, and 'curl https://planet.gnome.org/rss20.xml' works just fine.

Comment 6 Michael Biebl 2013-07-02 10:09:53 UTC

(In reply to comment #5)
> We recently moved planet.gnome.org to our proxies, I feel you were still
> caching the old DNS entry. Everything seems to work correctly here, and 'curl
> https://planet.gnome.org/rss20.xml' works just fine.

I'm still getting the same error today.

Comment 7 Andrea Veri 2013-07-02 20:26:07 UTC

Apparently the wildcard certificate we're currently using on our proxies do have a different root's CA than the one we previously used and we were able to reproduce the issue on a Debian 6 machine. Do you mind installing the required root's CA from http://www.startssl.com/certs?

Comment 8 Michael Biebl 2013-07-02 20:28:11 UTC

The (In reply to comment #7)
> reproduce the issue on a Debian 6 machine. Do you mind installing the required
> root's CA from http://www.startssl.com/certs?

Problem is, that I'm running Tiny Tiny RSS on a hosted server, where I can't install SSL CA certificates.