From: Nick H. <nic...@ho...> - 2011-02-02 17:29:20
|
There appears to be a new sourceforge server certificate and it gives me a validation error. The advice on the sourceforge site is to check the certificate in a web browser: http://sourceforge.net/apps/trac/sourceforge/wiki/Subversion "When you receive this error, we encourage you to validate that the server is the correct server by putting your checkout URL into a trusted web browser (i.e. https://PROJECTNAME.svn.sourceforge.net/svnroot/PROJECTNAME). You may then check to make sure your browser accepts the certificate. If it does, you can trust the server much like you would any other HTTPS site, like banks, etc." My web browser also fails to validate the certificate. Is this a problem? Nick. |
From: jerome <rom...@ya...> - 2011-02-02 17:50:41
|
Maybe this could help: I do not use web browser or GUI for SVN write access! I only re-enable my account with a new password, then enter the new one on my first commit (console). My certificate is stored on my local profil. Maybe you did not get sourceforge mail? Jérôme --- En date de : Mer 2.2.11, Nick Hall <nic...@ho...> a écrit : > De: Nick Hall <nic...@ho...> > Objet: [Gramps-devel] Error validating sourceforge server certificate > À: "Gramps developers" <gra...@li...> > Date: Mercredi 2 février 2011, 18h29 > There appears to be a new sourceforge > server certificate and it gives me > a validation error. > > The advice on the sourceforge site is to check the > certificate in a web > browser: > > http://sourceforge.net/apps/trac/sourceforge/wiki/Subversion > > "When you receive this error, we encourage you to validate > that the > server is the correct server by putting your checkout URL > into a trusted > web browser (i.e. > https://PROJECTNAME.svn.sourceforge.net/svnroot/PROJECTNAME). > > You may then check to make sure your browser accepts the > certificate. If > it does, you can trust the server much like you would any > other HTTPS > site, like banks, etc." > > My web browser also fails to validate the > certificate. Is this a problem? > > > Nick. > > > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 > USD value)! > Finally, a world-class log management solution at an even > better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer > expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > Gramps-devel mailing list > Gra...@li... > https://lists.sourceforge.net/lists/listinfo/gramps-devel > |
From: Nick H. <nic...@ho...> - 2011-02-02 18:32:47
|
Jerome, I got the email and updated my password. Today I got a certificate that failed to verify. I got the error: "The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually!" Because of the recent security issues I decided to do as it said and validate the certificate manually. I found the fingerprints: http://sourceforge.net/apps/trac/sourceforge/wiki/SSH%20key%20fingerprints But none of them match, so I followed the link for svn: http://sourceforge.net/apps/trac/sourceforge/wiki/Subversion#ServerCertificateVerificationFailed and was still unable to verify the certificate in a web browser. Of course, I can just accept the certificate anyway, but I thought I would ask on the list. Nick. jerome wrote: > Maybe this could help: I do not use web browser or GUI for SVN write access! > > I only re-enable my account with a new password, then enter the new one on my first commit (console). My certificate is stored on my local profil. > > Maybe you did not get sourceforge mail? > > > Jérôme > > > --- En date de : Mer 2.2.11, Nick Hall <nic...@ho...> a écrit : > > >> De: Nick Hall <nic...@ho...> >> Objet: [Gramps-devel] Error validating sourceforge server certificate >> À: "Gramps developers" <gra...@li...> >> Date: Mercredi 2 février 2011, 18h29 >> There appears to be a new sourceforge >> server certificate and it gives me >> a validation error. >> >> The advice on the sourceforge site is to check the >> certificate in a web >> browser: >> >> http://sourceforge.net/apps/trac/sourceforge/wiki/Subversion >> >> "When you receive this error, we encourage you to validate >> that the >> server is the correct server by putting your checkout URL >> into a trusted >> web browser (i.e. >> https://PROJECTNAME.svn.sourceforge.net/svnroot/PROJECTNAME). >> >> You may then check to make sure your browser accepts the >> certificate. If >> it does, you can trust the server much like you would any >> other HTTPS >> site, like banks, etc." >> >> My web browser also fails to validate the >> certificate. Is this a problem? >> >> >> Nick. >> >> >> ------------------------------------------------------------------------------ >> Special Offer-- Download ArcSight Logger for FREE (a $49 >> USD value)! >> Finally, a world-class log management solution at an even >> better price-free! >> Download using promo code Free_Logger_4_Dev2Dev. Offer >> expires >> February 28th, so secure your free ArcSight Logger TODAY! >> http://p.sf.net/sfu/arcsight-sfd2d >> _______________________________________________ >> Gramps-devel mailing list >> Gra...@li... >> https://lists.sourceforge.net/lists/listinfo/gramps-devel >> >> > > > > > > |
From: jerome <rom...@ya...> - 2011-02-02 18:54:18
|
> But none of them match, so I followed the link for svn: > > http://sourceforge.net/apps/trac/sourceforge/wiki/Subversion#ServerCertificateVerificationFailed Yes, I also got it. Maybe the 3rd time since I use Gramps SVN! One year validity ? > and was still unable to verify the certificate in a web > browser. Ah yes, it is stored under $HOME/.subversion (or profile place for others OS). > Of course, I can just accept the certificate anyway, but I > thought I would ask on the list. You are right "untrusted certificate" after the sourceforge attack needs more security. I guess they have just re-initialized the certificate. Jérôme --- En date de : Mer 2.2.11, Nick Hall <nic...@ho...> a écrit : > De: Nick Hall <nic...@ho...> > Objet: Re: Re : [Gramps-devel] Error validating sourceforge server certificate > À: "jerome" <rom...@ya...> > Cc: "Gramps developers" <gra...@li...> > Date: Mercredi 2 février 2011, 19h32 > Jerome, > > I got the email and updated my password. > > Today I got a certificate that failed to verify. I > got the error: "The certificate is not issued by a > trusted authority. Use the fingerprint to validate the > certificate manually!" > > Because of the recent security issues I decided to do as it > said and validate the certificate manually. I found > the fingerprints: > > http://sourceforge.net/apps/trac/sourceforge/wiki/SSH%20key%20fingerprints > > But none of them match, so I followed the link for svn: > > http://sourceforge.net/apps/trac/sourceforge/wiki/Subversion#ServerCertificateVerificationFailed > > and was still unable to verify the certificate in a web > browser. > > Of course, I can just accept the certificate anyway, but I > thought I would ask on the list. > > > Nick. > > > jerome wrote: > > Maybe this could help: I do not use web browser or GUI > for SVN write access! > > > > I only re-enable my account with a new password, then > enter the new one on my first commit (console). My > certificate is stored on my local profil. > > > > Maybe you did not get sourceforge mail? > > > > > > Jérôme > > > > > > --- En date de : Mer 2.2.11, Nick Hall <nic...@ho...> > a écrit : > > > > > >> De: Nick Hall <nic...@ho...> > >> Objet: [Gramps-devel] Error validating sourceforge > server certificate > >> À: "Gramps developers" <gra...@li...> > >> Date: Mercredi 2 février 2011, 18h29 > >> There appears to be a new sourceforge > >> server certificate and it gives me a validation > error. > >> > >> The advice on the sourceforge site is to check > the > >> certificate in a web browser: > >> > >> http://sourceforge.net/apps/trac/sourceforge/wiki/Subversion > >> > >> "When you receive this error, we encourage you to > validate > >> that the server is the correct server by putting > your checkout URL > >> into a trusted web browser (i.e. https://PROJECTNAME.svn.sourceforge.net/svnroot/PROJECTNAME). > >> > >> You may then check to make sure your browser > accepts the > >> certificate. If it does, you can trust the server > much like you would any > >> other HTTPS site, like banks, etc." > >> > >> My web browser also fails to validate the > >> certificate. Is this a problem? > >> > >> > >> Nick. > >> > >> > >> > ------------------------------------------------------------------------------ > >> Special Offer-- Download ArcSight Logger for FREE > (a $49 > >> USD value)! > >> Finally, a world-class log management solution at > an even > >> better price-free! > >> Download using promo code Free_Logger_4_Dev2Dev. > Offer > >> expires February 28th, so secure your free > ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d > >> _______________________________________________ > >> Gramps-devel mailing list > >> Gra...@li... > >> https://lists.sourceforge.net/lists/listinfo/gramps-devel > >> > >> > > > > > > > > > > |
From: Jeremy B. <je...@bi...> - 2011-02-02 18:33:23
|
Sourceforge experienced a major attack/compromise recently and have reset their SSH host keys. http://sourceforge.net/blog/update-on-the-sourceforgenet-attack/ Jeremy Bicha On 2 February 2011 12:50, jerome <rom...@ya...> wrote: > Maybe this could help: I do not use web browser or GUI for SVN write access! > > I only re-enable my account with a new password, then enter the new one on my first commit (console). My certificate is stored on my local profil. > > Maybe you did not get sourceforge mail? > > > Jérôme > > > --- En date de : Mer 2.2.11, Nick Hall <nic...@ho...> a écrit : > >> De: Nick Hall <nic...@ho...> >> Objet: [Gramps-devel] Error validating sourceforge server certificate >> À: "Gramps developers" <gra...@li...> >> Date: Mercredi 2 février 2011, 18h29 >> There appears to be a new sourceforge >> server certificate and it gives me >> a validation error. >> >> The advice on the sourceforge site is to check the >> certificate in a web >> browser: >> >> http://sourceforge.net/apps/trac/sourceforge/wiki/Subversion >> >> "When you receive this error, we encourage you to validate >> that the >> server is the correct server by putting your checkout URL >> into a trusted >> web browser (i.e. >> https://PROJECTNAME.svn.sourceforge.net/svnroot/PROJECTNAME). >> >> You may then check to make sure your browser accepts the >> certificate. If >> it does, you can trust the server much like you would any >> other HTTPS >> site, like banks, etc." >> >> My web browser also fails to validate the >> certificate. Is this a problem? >> >> >> Nick. >> >> >> ------------------------------------------------------------------------------ >> Special Offer-- Download ArcSight Logger for FREE (a $49 >> USD value)! >> Finally, a world-class log management solution at an even >> better price-free! >> Download using promo code Free_Logger_4_Dev2Dev. Offer >> expires >> February 28th, so secure your free ArcSight Logger TODAY! >> http://p.sf.net/sfu/arcsight-sfd2d >> _______________________________________________ >> Gramps-devel mailing list >> Gra...@li... >> https://lists.sourceforge.net/lists/listinfo/gramps-devel >> > > > > > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > Gramps-devel mailing list > Gra...@li... > https://lists.sourceforge.net/lists/listinfo/gramps-devel > |