[Baypiggies] SSL cert expired on pypi.python.org
Grant Ridder
shortdudey123 at gmail.com
Wed Dec 7 23:07:34 EST 2016
Awesome, thanks!!!
-Grant
On Wed, Dec 7, 2016 at 7:55 PM, Guido van Rossum <gvanrossum at gmail.com>
wrote:
> Should be over by now...
>
> https://status.fastly.com/incidents/3nvqmv1xdrmx
>
> --Guido (mobile)
>
> On Dec 7, 2016 7:29 PM, "Grant Ridder" <shortdudey123 at gmail.com> wrote:
>
>> Not sure where to send this, so I thought i would start here.
>>
>> Cert shows expired when accessing pypi.python.org via curl, but chrome
>> appears fine
>>
>> -Grant
>>
>> $ echo quit | openssl s_client -connect pypi.python.org:443 | openssl
>> x509 -text | grep Validity -A 2
>> depth=1 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2
>> Extended Validation Server CA
>> verify error:num=20:unable to get local issuer certificate
>> verify return:0
>> DONE
>> Validity
>> Not Before: Sep 5 00:00:00 2014 GMT
>> Not After : Sep 9 12:00:00 2016 GMT
>> $ dig pypi.python.org
>>
>> ; <<>> DiG 9.8.3-P1 <<>> pypi.python.org
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53800
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;pypi.python.org. IN A
>>
>> ;; ANSWER SECTION:
>> pypi.python.org. 71355 IN CNAME prod.python.map.fastly.net.
>> prod.python.map.fastly.net. 17 IN A 151.101.40.223
>>
>> ;; Query time: 82 msec
>> ;; SERVER: 208.67.222.222#53(208.67.222.222)
>> ;; WHEN: Wed Dec 7 19:09:43 2016
>> ;; MSG SIZE rcvd: 89
>>
>> $ curl -v https://pypi.python.org
>> * Rebuilt URL to: https://pypi.python.org/
>> * Trying 151.101.40.223...
>> * Connected to pypi.python.org (151.101.40.223) port 443 (#0)
>> * SSL certificate problem: Invalid certificate chain
>> * Closing connection 0
>> curl: (60) SSL certificate problem: Invalid certificate chain
>> More details here: http://curl.haxx.se/docs/sslcerts.html
>>
>> curl performs SSL certificate verification by default, using a "bundle"
>> of Certificate Authority (CA) public keys (CA certs). If the default
>> bundle file isn't adequate, you can specify an alternate file
>> using the --cacert option.
>> If this HTTPS server uses a certificate signed by a CA represented in
>> the bundle, the certificate verification probably failed due to a
>> problem with the certificate (it might be expired, or the name might
>> not match the domain name in the URL).
>> If you'd like to turn off curl's verification of the certificate, use
>> the -k (or --insecure) option.
>> $
>>
>> _______________________________________________
>> Baypiggies mailing list
>> Baypiggies at python.org
>> To change your subscription options or unsubscribe:
>> https://mail.python.org/mailman/listinfo/baypiggies
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/baypiggies/attachments/20161207/5fb8a17a/attachment.html>
More information about the Baypiggies
mailing list