[Baypiggies] SSL cert expired on pypi.python.org

Grant Ridder shortdudey123 at gmail.com
Wed Dec 7 23:07:34 EST 2016 

Awesome, thanks!!!

-Grant

On Wed, Dec 7, 2016 at 7:55 PM, Guido van Rossum <gvanrossum at gmail.com>
wrote:

> Should be over by now...
>
> https://status.fastly.com/incidents/3nvqmv1xdrmx
>
> --Guido (mobile)
>
> On Dec 7, 2016 7:29 PM, "Grant Ridder" <shortdudey123 at gmail.com> wrote:
>
>> Not sure where to send this, so I thought i would start here.
>>
>> Cert shows expired when accessing pypi.python.org via curl, but chrome
>> appears fine
>>
>> -Grant
>>
>> $ echo quit | openssl s_client -connect pypi.python.org:443 | openssl
>> x509 -text | grep Validity -A 2
>> depth=1 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2
>> Extended Validation Server CA
>> verify error:num=20:unable to get local issuer certificate
>> verify return:0
>> DONE
>>         Validity
>>             Not Before: Sep  5 00:00:00 2014 GMT
>>             Not After : Sep  9 12:00:00 2016 GMT
>> $ dig pypi.python.org
>>
>> ; <<>> DiG 9.8.3-P1 <<>> pypi.python.org
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53800
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;pypi.python.org.       IN  A
>>
>> ;; ANSWER SECTION:
>> pypi.python.org.    71355   IN  CNAME   prod.python.map.fastly.net.
>> prod.python.map.fastly.net. 17  IN  A   151.101.40.223
>>
>> ;; Query time: 82 msec
>> ;; SERVER: 208.67.222.222#53(208.67.222.222)
>> ;; WHEN: Wed Dec  7 19:09:43 2016
>> ;; MSG SIZE  rcvd: 89
>>
>> $ curl -v https://pypi.python.org
>> * Rebuilt URL to: https://pypi.python.org/
>> *   Trying 151.101.40.223...
>> * Connected to pypi.python.org (151.101.40.223) port 443 (#0)
>> * SSL certificate problem: Invalid certificate chain
>> * Closing connection 0
>> curl: (60) SSL certificate problem: Invalid certificate chain
>> More details here: http://curl.haxx.se/docs/sslcerts.html
>>
>> curl performs SSL certificate verification by default, using a "bundle"
>>  of Certificate Authority (CA) public keys (CA certs). If the default
>>  bundle file isn't adequate, you can specify an alternate file
>>  using the --cacert option.
>> If this HTTPS server uses a certificate signed by a CA represented in
>>  the bundle, the certificate verification probably failed due to a
>>  problem with the certificate (it might be expired, or the name might
>>  not match the domain name in the URL).
>> If you'd like to turn off curl's verification of the certificate, use
>>  the -k (or --insecure) option.
>> $
>>
>> _______________________________________________
>> Baypiggies mailing list
>> Baypiggies at python.org
>> To change your subscription options or unsubscribe:
>> https://mail.python.org/mailman/listinfo/baypiggies
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/baypiggies/attachments/20161207/5fb8a17a/attachment.html>

More information about the Baypiggies mailing list