| Summary: | [awesome] Repository URI unaccessible | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Michał Górny <mgorny> |
| Component: | Overlays | Assignee: | Daniel Morlock <info> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://qa-reports.gentoo.org/output/repos/awesome.html | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 552950 | ||
|
Description
Michał Górny
2016-10-30 17:05:06 UTC
FYI, this is most likely due to recent change in ca-certificates, so you can expect that most Gentoo users won't be able to sync by default. We get A+ ratings from SSLLabs: https://www.ssllabs.com/ssltest/analyze.html?d=gitlab.awesome-it.de&s=37.120.164.191 We know that StartCom is known to be removed in futur but the current certs should be valid until they expire. Was StartCom already removed from the Gentoo ca-certificates? I think it was placed under insecure USE flag that is off by default. And confirmed:
if ! use insecure_certs ; then
# Remove untrusted certs from StartCom and WoSign (bug #598072)
rm "${c}"/mozilla/StartCom* || die
rm "${c}"/mozilla/WoSign* || die
fi
We changed our SSL authority to Let's Encrypt Authority X3: https://www.ssllabs.com/ssltest/analyze.html?d=gitlab.awesome-it.de&s=37.120.164.191 The repo URI should now be working again. |