Re: haskell.org not sending intermediate certs
curl is working now, and the SSL checker is all green. Thanks! Edward Excerpts from davean's message of 2016-12-18 17:49:43 -0500: > admin@h.o is the correct list though I expect all of us are on ghc-devs@h.o > also :) > I at least read admin with a far higher priority though. > > We've gone and added the full chain for clients that don't self-acquire > them and also tightened up the allowed cipher list. > Please let us know if you encounter any further issues. > > -davean > > On Sun, Dec 18, 2016 at 2:12 PM, Erik Hesselink wrote: > > > I noticed this as well, since my work VPN does fairly strict certificate > > checking and didn't allow me to connect to any haskell.org urls due to > > this. > > > > I'm not sure about the right list, I've added ad...@haskell.org to the CC > > list. > > > > Erik > > > > On 18 December 2016 at 07:12, Edward Z. Yang wrote: > > > >> See: https://www.sslshopper.com/ssl-checker.html#hostname=www.haskell.org > >> > >> This is causing curl to fail to download it: > >> > >> ezyang@sabre:~/Downloads$ curl https://www.haskell.org/cabal/ > >> release/cabal-install-1.24.0.0/cabal-install-1.24.0.0-x86_64 > >> -unknown-mingw32.zip > >> curl: (60) server certificate verification failed. CAfile: > >> /etc/ssl/certs/ca-certificates.crt CRLfile: none > >> More details here: http://curl.haxx.se/docs/sslcerts.html > >> > >> curl performs SSL certificate verification by default, using a "bundle" > >> of Certificate Authority (CA) public keys (CA certs). If the default > >> bundle file isn't adequate, you can specify an alternate file > >> using the --cacert option. > >> If this HTTPS server uses a certificate signed by a CA represented in > >> the bundle, the certificate verification probably failed due to a > >> problem with the certificate (it might be expired, or the name might > >> not match the domain name in the URL). > >> If you'd like to turn off curl's verification of the certificate, use > >> the -k (or --insecure) option. > >> > >> Apologies if this is the wrong list. > >> > >> Thanks, > >> Edward > >> ___ > >> ghc-devs mailing list > >> ghc-devs@haskell.org > >> http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs > >> > > > > ___ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
Re: Help needed: Restrictions of proc-notation with RebindableSyntax
> On Dec 17, 2016, at 9:19 AM, Ross Paterson wrote: > > On Tue, Nov 29, 2016 at 12:41:53PM +, Simon Peyton Jones wrote: >> Type checking and desugaring for arrow syntax has received Absolutely >> No Love for several years. I do not understand how it works very well, >> and I would not be at all surprised if it is broken in corner cases. >> >> It really needs someone to look at it carefully, document it better, and >> perhaps refactor it – esp by using a different data type rather than >> piggy-backing on HsExpr. > > HsCmd was split from HsExpr in 2012. It still re-uses MatchGroup, Stmt, > etc, though. > > The desugaring is made more complicated by doing a lot of analysis that > might be better done in the renamer. And -- unrelated to the original post in this thread -- these complications in desugarer (specifically, the use of fixM) are making my incoming levity-polymorphism update much harder (see https://phabricator.haskell.org/D2852). Even if you don't have time to make the edits yourself, if you could give a 10,000 ft view as to how to remove fixM from the desugarer, I'd be very grateful. I've not looked deeply at this, mostly because it's hard for me to make anything but very local changes to code I don't understand. Thanks! Richard ___ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
Re: haskell.org not sending intermediate certs
admin@h.o is the correct list though I expect all of us are on ghc-devs@h.o also :) I at least read admin with a far higher priority though. We've gone and added the full chain for clients that don't self-acquire them and also tightened up the allowed cipher list. Please let us know if you encounter any further issues. -davean On Sun, Dec 18, 2016 at 2:12 PM, Erik Hesselink wrote: > I noticed this as well, since my work VPN does fairly strict certificate > checking and didn't allow me to connect to any haskell.org urls due to > this. > > I'm not sure about the right list, I've added ad...@haskell.org to the CC > list. > > Erik > > On 18 December 2016 at 07:12, Edward Z. Yang wrote: > >> See: https://www.sslshopper.com/ssl-checker.html#hostname=www.haskell.org >> >> This is causing curl to fail to download it: >> >> ezyang@sabre:~/Downloads$ curl https://www.haskell.org/cabal/ >> release/cabal-install-1.24.0.0/cabal-install-1.24.0.0-x86_64 >> -unknown-mingw32.zip >> curl: (60) server certificate verification failed. CAfile: >> /etc/ssl/certs/ca-certificates.crt CRLfile: none >> More details here: http://curl.haxx.se/docs/sslcerts.html >> >> curl performs SSL certificate verification by default, using a "bundle" >> of Certificate Authority (CA) public keys (CA certs). If the default >> bundle file isn't adequate, you can specify an alternate file >> using the --cacert option. >> If this HTTPS server uses a certificate signed by a CA represented in >> the bundle, the certificate verification probably failed due to a >> problem with the certificate (it might be expired, or the name might >> not match the domain name in the URL). >> If you'd like to turn off curl's verification of the certificate, use >> the -k (or --insecure) option. >> >> Apologies if this is the wrong list. >> >> Thanks, >> Edward >> ___ >> ghc-devs mailing list >> ghc-devs@haskell.org >> http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs >> > > ___ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
Re: haskell.org not sending intermediate certs
I noticed this as well, since my work VPN does fairly strict certificate checking and didn't allow me to connect to any haskell.org urls due to this. I'm not sure about the right list, I've added ad...@haskell.org to the CC list. Erik On 18 December 2016 at 07:12, Edward Z. Yang wrote: > See: https://www.sslshopper.com/ssl-checker.html#hostname=www.haskell.org > > This is causing curl to fail to download it: > > ezyang@sabre:~/Downloads$ curl https://www.haskell.org/cabal/ > release/cabal-install-1.24.0.0/cabal-install-1.24.0.0-x86_ > 64-unknown-mingw32.zip > curl: (60) server certificate verification failed. CAfile: > /etc/ssl/certs/ca-certificates.crt CRLfile: none > More details here: http://curl.haxx.se/docs/sslcerts.html > > curl performs SSL certificate verification by default, using a "bundle" > of Certificate Authority (CA) public keys (CA certs). If the default > bundle file isn't adequate, you can specify an alternate file > using the --cacert option. > If this HTTPS server uses a certificate signed by a CA represented in > the bundle, the certificate verification probably failed due to a > problem with the certificate (it might be expired, or the name might > not match the domain name in the URL). > If you'd like to turn off curl's verification of the certificate, use > the -k (or --insecure) option. > > Apologies if this is the wrong list. > > Thanks, > Edward > ___ > ghc-devs mailing list > ghc-devs@haskell.org > http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs > ___ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
Re: Patch for time repository
I resolved this by just bumping our submodule to latest HEAD in the repo (which was taken by upstream.) Edward Excerpts from Edward Z. Yang's message of 2016-12-17 21:45:20 -0800: > Hi all, > > I'd like to push the following patch (see bottom of email) > to GHC's time repository, but I do not seem to have permissions. > Upstream has already taken the fix but the version we currently > have in the repo is quite a bit older than upstream. > > Can someone do it for me / give me bits? Thanks. > > Edward > > commit 44c23839f964592946c889626f8acbd1f4f72e55 > Author: Edward Z. Yang > Date: Sat Dec 17 20:05:11 2016 -0800 > > Remove useless internal library version bounds. > > These bounds never do anything, and in Cabal HEAD cause > errors which cause GHC's build system to choke. > > Signed-off-by: Edward Z. Yang > > diff --git a/time.cabal b/time.cabal > index 4a6eb02..28f2c21 100644 > --- a/time.cabal > +++ b/time.cabal > @@ -100,7 +100,7 @@ test-suite ShowDefaultTZAbbreviations > ghc-options: -Wall -fwarn-tabs > build-depends: > base, > -time == 1.6.0.1 > +time > main-is: ShowDefaultTZAbbreviations.hs > > test-suite tests > @@ -122,7 +122,7 @@ test-suite tests > build-depends: > base, > deepseq, > -time == 1.6.0.1, > +time, > QuickCheck >= 2.5.1, > test-framework >= 0.8, > test-framework-quickcheck2 >= 0.3, ___ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
