[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] invisible-mirror.net uses untrusted certificate
|
From: |
Axel Beckert |
|
Subject: |
Re: [Lynx-dev] invisible-mirror.net uses untrusted certificate |
|
Date: |
Sun, 3 Oct 2021 22:44:30 +0200 |
|
User-agent: |
NeoMutt/20170113 (1.7.2) |
Hi Andreas,
On Sun, Oct 03, 2021 at 02:45:29PM +0200, Andreas Metzler wrote:
> looks like invisible-mirror.net stumbled over the recent letsencrypt
> change
> <https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/>
Ack. uscan did notice that as well:
debian/watch: uscan returned an error: In watchfile debian/watch,
reading webpage https://invisible-mirror.net/archives/lynx/tarballs/
failed: 500 Can't connect to invisible-mirror.net:443 (certificate
verify failed)
(It's fine now again, at least for me locally, but
https://tracker.debian.org/pkg/lynx still shows that error as it
hasn't retested it yet.)
> Net sure why it works in firefox, but it fails with lynx.
AFAIK some browsers cache any encountered intermediate certificate and
if a server doesn't send the (correct) intermediate certificate, the
certificate is still accepted because it can be validated via some
cached intermediate certificate (which even might be checked first in
some of these browsers).
Kind regards, Axel
--
PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/
Mail: abe@deuxchevaux.org \ / Say No to HTML in E-Mail and Usenet
Mail+Jabber: abe@noone.org X
https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/