On 30/05/2020 5:23 p.m., Bob Rudis wrote:
I've updated the dashboard (https://rud.is/r-project-cert-status/)
script and my notifier script to account for the entire chain in each
cert.
You never posted which certificate has expired. Your dashboard shows
they're all valid, but the download still fails, presumably because
something not shown has expired.
Hopefully someone who can actually act on this can figure out what needs
doing.
Duncan Murdoch
On Sat, May 30, 2020 at 5:16 PM Bob Rudis <b...@rud.is> wrote:
# A tibble: 13 x 1
site
<chr>
1 beta.r-project.org
2 bugs.r-project.org
3 cran-archive.r-project.org
4 cran.r-project.org
5 developer.r-project.org
6 ess.r-project.org
7 ftp.cran.r-project.org
8 journal.r-project.org
9 r-project.org
10 svn.r-project.org
11 user2011.r-project.org
12 www.cran.r-project.org
13 www.r-project.org
is the whole list b/c of the wildcard cert.
On Sat, May 30, 2020 at 5:07 PM Bob Rudis <b...@rud.is> wrote:
It's the top of chain CA cert, so browsers are being lazy and helpful
to humans by (incorrectly, albeit) relying on the existing trust
relationship.
libcurl (et al) is not nearly as forgiving.
On Sat, May 30, 2020 at 5:01 PM peter dalgaard <pda...@gmail.com> wrote:
Odd. Safari has no problem and says certificate expires August 16 2020, but I
also see the download.file issue with 4.0.1 beta:
download.file("https://www.r-project.org";, tempfile())
trying URL 'https://www.r-project.org'
Error in download.file("https://www.r-project.org";, tempfile()) :
cannot open URL 'https://www.r-project.org'
In addition: Warning message:
In download.file("https://www.r-project.org";, tempfile()) :
URL 'https://www.r-project.org/': status was 'Peer certificate cannot be
authenticated with given CA certificates'
(note slightly different error message).
svn is also affected:
Peters-MacBook-Air:R pd$ svn up
Updating '.':
Error validating server certificate for 'https://svn.r-project.org:443':
- The certificate has expired.
Certificate information:
- Hostname: *.r-project.org
- Valid: from Aug 16 00:00:00 2018 GMT until Aug 15 23:59:59 2020 GMT
- Issuer: COMODO RSA Domain Validation Secure Server CA, COMODO CA Limited,
Salford, Greater Manchester, GB
- Fingerprint: 93:B8:AF:9F:0A:67:2F:3A:C9:BA:FF:86:BB:2C:08:47:02:7F:1D:8D
(R)eject, accept (t)emporarily or accept (p)ermanently? t
U src/library/grid/R/grob.R
....
ssltest shows two certificates of which only one is expired?
-pd
On 30 May 2020, at 22:17 , Gábor Csárdi <csardi.ga...@gmail.com> wrote:
On macOS 10.15.5 and R-devel:
download.file("https://www.r-project.org";, tempfile())
trying URL 'https://www.r-project.org'
Error in download.file("https://www.r-project.org";, tempfile()) :
cannot open URL 'https://www.r-project.org'
In addition: Warning message:
In download.file("https://www.r-project.org";, tempfile()) :
URL 'https://www.r-project.org': status was 'SSL peer certificate or
SSH remote key was not OK'
https://www.ssllabs.com/ssltest says:
COMODO RSA Certification Authority
Fingerprint SHA256:
4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da
Pin SHA256: grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=
Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51
minutes ago) EXPIRED
AFAICT this is the reason:
https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020
FYI,
Gabor
______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
--
Peter Dalgaard, Professor,
Center for Statistics, Copenhagen Business School
Solbjerg Plads 3, 2000 Frederiksberg, Denmark
Phone: (+45)38153501
Office: A 4.23
Email: pd....@cbs.dk Priv: pda...@gmail.com
______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
