José Matos <jamatos <at> fc.up.pt> writes:
> I have tried this procedure and it works with firefox, yet when trying to use
> konqueror (4.1.0) it fails.

KDE 4 Konqueror currently doesn't support SSL certificate authentication
(KIO::TCPSlaveBase::selectClientCertificate is "#if 0"ed out), so no wonder
Koji doesn't work with it.

Kevin Kofler

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

José Matos <jamatos <at> fc.up.pt> writes:
> I have tried this procedure and it works with firefox, yet when trying to use
> konqueror (4.1.0) it fails.

https://bugs.kde.org/show_bug.cgi?id=167668

Kevin Kofler

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

On Saturday 23 August 2008 05:28:22 am Michael Schwendt wrote:
> On Sat, 23 Aug 2008 10:22:10 +0100, Tim Jackson wrote:
> > After I did this, plague-client complains when I try to build for EPEL:
> >
> > Traceback (most recent call last):
> > File "/usr/bin/plague-client", line 420, in <module>
> > cli = PlagueClient(os.path.expanduser(cfg_file))
> > File "/usr/bin/plague-client", line 81, in __init__
> > self._email = self._get_user_email()
> > File "/usr/bin/plague-client", line 138, in _get_user_email
> > cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FIL ETYPE_PEM,
> > buf) OpenSSL.crypto.Error: [('PEM routines', 'PEM_read_bio', 'bad end
> > line')] make: *** [plague] Error 1
> >
> > I'm not really sure what this means (maybe the formatting of one of the
> > certs is incorrect?) Did I do something wrong?
>
> plague-client is broken. My guess in the other reply was good.
> Apply this:
>
> --- plague-client~ 2008-01-31 15:08:22.000000000 +0100
> +++ plague-client 2008-08-23 12:24:53.000000000 +0200
> @@ -133,7 +133,7 @@
> print "%s does not exist or is not readable." % certfile
> sys.exit(1)
> f = open(certfile, "r")
> - buf = f.read(8192)
> + buf = f.read()
> f.close()
> cert =
> OpenSSL.crypto.load_certificate(OpenSSL.crypto.FIL ETYPE_PEM, buf)
> cert_email = cert.get_subject().emailAddress
> [
its probably due to the new ca cert being 8096 bit and user certs are now all
2048 bit

Dennis
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

On Fri, Aug 22, 2008 at 09:04:31PM +0200, Kai Engert wrote:
> Parts of the Fedora infrastructure do not use certificates issued by a
> CA already trusted by Firefox, but from Fedora's own certificate authority.
>
> If you decide to trust Fedora to issue certificates that can identify
> web sites, you could decide to import that CA cert to your set of
> trusted roots.

Could perhaps Fedora/RHEL drop these certificates under
/etc/pki/tls/certs/ to automatically trust them?

If one trusts the Fedora/RHEL keys and packages like firefox for
serving the https connections, then there is not much more further
trust needed to blindly add these.
--
Axel.Thimm at ATrpms.net
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

On Sat, Aug 23, 2008 at 3:28 AM, Michael Schwendt <mschwendt@gmail.com> wrote:
> plague-client is broken. My guess in the other reply was good.
> Apply this:
>
> --- plague-client~ 2008-01-31 15:08:22.000000000 +0100
> +++ plague-client 2008-08-23 12:24:53.000000000 +0200
> @@ -133,7 +133,7 @@
> print "%s does not exist or is not readable." % certfile
> sys.exit(1)
> f = open(certfile, "r")
> - buf = f.read(8192)
> + buf = f.read()
> f.close()
> cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FIL ETYPE_PEM, buf)
> cert_email = cert.get_subject().emailAddress
> [
>

Filed against plague as BZ#459894.

--
Chris Weyl
Ex astris, scientia

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

Dennis Gilmore wrote:
login to https://admin.fedoraproject.org/accounts/ and click on the "Download
a client-side certificate" link at the bottom of the home page. save the
output to ~/.fedora.cert


rm ~/.fedora-server-ca.cert ~/.fedora-upload-ca.cert
fedora-packager-setup



Would be fine if anybody port "fedora-packager" for Fedora 8 as well...


~buc

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

On Mon, 25 Aug 2008 15:46:35 +0400, Dmitry Butskoy wrote:

> Dennis Gilmore wrote:
> > login to https://admin.fedoraproject.org/accounts/ and click on the "Download
> > a client-side certificate" link at the bottom of the home page. save the
> > output to ~/.fedora.cert
> >
> > rm ~/.fedora-server-ca.cert ~/.fedora-upload-ca.cert
> > fedora-packager-setup
> >
>
> Would be fine if anybody port "fedora-packager" for Fedora 8 as well...

It exists already. I installed it with yum.

$ rpm -q fedora-packager
fedora-packager-0.3.0-1.fc8

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

Dennis Gilmore wrote:
Effective immediately we have replaced the CA that is in use for
cvs.fedoraproject.org and koji.fedoraproject.org This effects uploading to
lookaside cache and building packages.


There are some manual steps that everyone needs to do to be able to use the
systems again.


they are
login to https://admin.fedoraproject.org/accounts/ and click on the "Download
a client-side certificate" link at the bottom of the home page. save the
output to ~/.fedora.cert


rm ~/.fedora-server-ca.cert ~/.fedora-upload-ca.cert
fedora-packager-setup



According to the "fedora-packager-setup" script, the sources for these
two certificates are:

https://admin.fedoraproject.org/accounts/fedora-server-ca.cert
and
https://admin.fedoraproject.org/accounts/fedora-upload-ca.cert
respectively.

Does anybody else see the horizontal scrollbar when opening these
certificates' links in a browser? IOW, several first lines in both
certificates are too long, because of extra spaces at the end-of-line.
Try, fe.:


sed 's/$/<NL>/' .fedora-server-ca.cert

My result is:

-----BEGIN
CERTIFICATE-----
<NL>
MIIK6zCCBt+gAwIBAgIJAMXcvWMyB9ZeMA0GCSqGSIb3DQEBBQ UAMIGxMQswCQYD
<NL>
VQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBg NVBAcTB1JhbGVp
<NL>
Z2gxFzAVBgNVBAoTDkZlZG9yYSBQcm9qZWN0MRowGAYDVQQLEx FGZWRvcmEgUHJv
<NL>
amVjdCBDQTEaMBgGA1UEAxMRRmVkb3JhIFByb2plY3QgQ0ExJj AkBgkqhkiG9w0B
<NL>
CQEWF2FkbWluQGZlZG9yYXByb2plY3Qub3JnMB4XDTA4MDgyMD E0NDkxNloXDTE4
<NL>
MDgxODE0NDkxNlowgbExCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw 5Ob3J0aCBDYXJv
<NL>
bGluYTEQMA4GA1UEBxMHUmFsZWlnaDEXMBUGA1UEChMORmVkb3 JhIFByb2plY3Qx
<NL>
GjAYBgNVBAsTEUZlZG9yYSBQcm9qZWN0IENBMRowGAYDVQQDEx FGZWRvcmEgUHJv
<NL>
amVjdCBDQTEmMCQGCSqGSIb3DQEJARYXYWRtaW5AZmVkb3JhcH JvamVjdC5vcmcw
<NL>
ggQWMA0GCSqGSIb3DQEBAQUAA4IEAwAwggP+AoID9QDIH2F1s0 y5V7xBc2tHlXOA
<NL>
H7999QZ76BU1qtDg4g4k2KyYTG7Gk5eNnJntbpYtRNPL0bQymJ IhcfkMCER+UOfv
<NL>
mum6hrwYSrb0ehsIP1mY9QXdJnlvA1ViXMpZy74byaue9Rn+9G OaOtRWv9dZ5/j4
<NL>
Wf9JDOt7TzgFfTPZrtasqlSaOicWJuAKyp2SkQup3I0fTtM4/LpR6BY+dDr7ud9d
<NL>
LTukkGuOPnNx1pxKkuN0jKYwZjwUcQHlRUNF5xrARU5youYSD7 ReWdJsZkirJ0W2
<NL>
dZkUQaIUm55v3p4soMYnbPeJFoAbSJkqSCPI4c/ex/Xr1xp3dXvd0vi9K+w8tvw1
<NL>
Q3XUvQxum97dbcM7Sw3gRfpFy6K3Up+xXaEnMDGhX31zQAHFTP/P7N+CWNwLg57r
<NL>
EmuYVfP31b6qsyvuLnpMqe0fYRNWOiJYMALPyRT15RSFGaLyKe vqqzR5DFmHQI2C
<NL>
wl5UFsmBK4LJWqaxE/shuNWEx70BzRYOnPgPr3ohXKBLLxZZtVSlEh+N5FW07Y7T
<NL>
LkzFGxc0uArsi6EsA9AS0rGJ7FOqMNctvQoR3UFPh5bkXMHgz7 aunrB1n5x5rmHk
<NL>
g/ni5RoxUZgKDuRu1injapnSDC+C3npyk/18g9L7KI810mI/mGFxAtqUcfzG8LP6
<NL>
kk7F4ZvwZJaB/rXBhpYqD6nVvybGP1SEiuSUmj9g6iqkL8dtdrLa8arJHJLvuSE 3
<NL>
VciBR+QNAUE3vyvuifXK4il4QNuvUEqFJOqehkejKbPDkAkQoy IUdr09XBNK1G9O
<NL>
NbnfJIh+ufiOLpLHr5ya+IM/2DOQTz9WboT74I1dPaI3nxs2iTRrL5Di2xRQlscq
<NL>

e3RrLlvZF8O5a4VwHy59TY86YLOnRa4+DbcFv+hBdduOMFfTu3 kTxJVSJ8UNRPCL<NL>
MMh+jpwBrPLcezA/2S2fRsjn0xrVNkZhfVTkKX3IJif6AwRvAKauSzEMj5rFRxaa<N L>
9sJwGV6kDwlmsmVaqXHS1mloJ5eOw07ch7iQQAsHxojneXU6cl AKII2lM7AWwoW6<NL>
WZIiGb/BCpRL23YbXcq89Aq/Rb6TCekAhBybbodlkYThZmSrUfVbntzj7489vP0k<NL>
ClSfVk6j4DNbSdwC89xfnKaOV2d4oVNWUvnQeXy+XZNfgVEpQr aJlsN4Nf/hVrUI<NL>
aog7qBaZDYxjiiXg2TFcxNrONQruGngCgDBC9kpdaph+irt5Dd b6j8cgsquRG9/j<NL>
+CM+gzw3fjKGkijMMyBDsyvlOuNgy+VAahSJvI95P8LLsw4WLu b3H3lI4/o+gp0s<NL>
VLPMo+j/SypJw/IxDeCV2UvspqhWRDqUj6CUKWHu3jveW327AgMBAAGjggEaMIIB <NL>
FjAdBgNVHQ4EFgQUwNk/0QSeuc4HfmzLbSSZrErtu3owgeYGA1UdIwSB3jCB24AU<NL>
wNk/0QSeuc4HfmzLbSSZrErtu3qhgbekgbQwgbExCzAJBgNVBAYTAl VTMRcwFQYD<NL>
VQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UEBxMHUmFsZWlnaD EXMBUGA1UEChMO<NL>
RmVkb3JhIFByb2plY3QxGjAYBgNVBAsTEUZlZG9yYSBQcm9qZW N0IENBMRowGAYD<NL>
VQQDExFGZWRvcmEgUHJvamVjdCBDQTEmMCQGCSqGSIb3DQEJAR YXYWRtaW5AZmVk<NL>
b3JhcHJvamVjdC5vcmeCCQDF3L1jMgfWXjAMBgNVHRMEBTADAQ H/MA0GCSqGSIb3<NL>
DQEBBQUAA4ID9QClrBcpX7Ml41iNEKr/b+Dwa0963DQOBl0mgCyNrm2Wvh1WJ2NJ<NL>
HCP24A1jRe/AGR3/ORlvynZWfj7toJYpp0Ao21oXkHr4/8yYJfZ+eD+5R/ZmqbMS<NL>
fhsmxsHpFFLfMa3iQsyM/ys/A61Y0f16w77TM0IwaVA3+f23V4xvfirKIMkP+8My<NL>
r7TSX9mN7VZd3X4zHBgRBefufOic24SWNKD7zBooh9r+yV63Hb mlWRoa6xoJlS/M<NL>
OYGO80/AdqQ1iVe+F2zgDHQrQWWARHn3p3oE5JSI4m7UBaLpf1ei2HjeG 0tUntVW<NL>
32RGHalofN++bvVBqppKo1ijNQbTBMX9WcCMd3nE80X9LW7Zfq NDGJigl8WBPVNN<NL>
278fMWj/XsCYS4XwojJLzzeBmilEnD6SYwkmgEtcLnY91hsJzvbbglFeSA VUvfyA<NL>
iCbnHmZbNugH6HiiTrXlXDI85XUEB3kn3orKhNaeerPfo/GnBXoNFw3tSs3QrWSm<NL>
b8KQbPDgErvNP9thug/4xg+rPxo3oh5lbqQJ5HvDne+V/6tvW7TeHqzJ4k+OJguZ<NL>
x4GAD87I+cLfPICRGwUFQ4EuA5vhQ4FVAfjKgXSyzqpNuCt8JT otyjIh3t6vk7YQ<NL>
udtkBCixVxtM5U7i78SME+h+QhrNj5DsxB4K3BLpqWnqOigLVk xRxeBVXjDL2+hn<NL>
izx4eJvkNiIVKtB9tgKjSy7led3Wc/k1Ut0NjZ/iFB8WCo7me0jnVHSebxD9olA7<NL>
n606/L5gfAN+Ln4hjbVJL+tEgdWezP5pJHwEDBWyQLtQmsxEKQPeDVg i5BTQNRNi<NL>
X0xnfgTShhDKN4mEq+Y1C8IMqbi0vb01P4CA9IU2cHcrH26Apq/xKBSnnfDAh1yy<NL>
LHBF738arlYVBeaqoUrKhroXxr4wQprIGu/AdPKEXz2c29TE5H7yjRSvIy7ui7EN<NL>
NujCosP/IO7YBFhkpDYPq2fByQO5jiZAF58eVX2TlbjM4N+SDG/bpP0WeWlq0JHK<NL>
FmxcI5N+s7mR0uK3h0WF5fl1vK/d53YzFO6dI/I5Kh8LVtq0diyYmw6LHXPlTJiJ<NL>
nk7ILFds81Ii6EvMmOPD+MX/BQ/YJRaCclixFLk/KaTap8/fZLBotG/5SjBdwFOd<NL>
UwVntskUTnai3Vjw0XuBUuKhotenjH/aPbewm/VN9TDjGq9pxaCI8rHX02CIU64U<NL>
QuJak6mhyUyB/km02afEYBDDh+lPljKOnmfQhVJXvtBUSbtY/cWP4gJZ901u27fG<NL>
Xs6hMQbMUn3fYy43Z3VX/BCS+P2UhorNQB6p17xTs0kTM9pI8aDy/uCwk3F+K/uW<NL>
YPF6KxAYMs2ema7PGl2D<NL>
-----END CERTIFICATE-----<NL>


Perhaps the binary data (incapsulated in the base64 form) is OK, but the
fact that there are such strange "in general" and strange "invisible"
garbage in the security-sensitive data causes people at least to ask
about it...



~buc

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

Dmitry Butskoy wrote:

Dennis Gilmore wrote:
Effective immediately we have replaced the CA that is in use for
cvs.fedoraproject.org and koji.fedoraproject.org This effects
uploading to lookaside cache and building packages.


There are some manual steps that everyone needs to do to be able to
use the systems again.


they are login to https://admin.fedoraproject.org/accounts/ and
click on the "Download a client-side certificate" link at the bottom
of the home page. save the output to ~/.fedora.cert


rm ~/.fedora-server-ca.cert ~/.fedora-upload-ca.cert
fedora-packager-setup



According to the "fedora-packager-setup" script, the sources for these
two certificates are:

https://admin.fedoraproject.org/accounts/fedora-server-ca.cert
and
https://admin.fedoraproject.org/accounts/fedora-upload-ca.cert
respectively.

Does anybody else see the horizontal scrollbar when opening these
certificates' links in a browser? IOW, several first lines in both
certificates are too long, because of extra spaces at the end-of-line.
Try, fe.:


sed 's/$/<NL>/' .fedora-server-ca.cert

My result is:

-----BEGIN
CERTIFICATE-----
<NL>
MIIK6zCCBt+gAwIBAgIJAMXcvWMyB9ZeMA0GCSqGSIb3DQEBBQ UAMIGxMQswCQYD
<NL>
VQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBg NVBAcTB1JhbGVp
<NL>
Z2gxFzAVBgNVBAoTDkZlZG9yYSBQcm9qZWN0MRowGAYDVQQLEx FGZWRvcmEgUHJv
<NL>
amVjdCBDQTEaMBgGA1UEAxMRRmVkb3JhIFByb2plY3QgQ0ExJj AkBgkqhkiG9w0B
<NL>
CQEWF2FkbWluQGZlZG9yYXByb2plY3Qub3JnMB4XDTA4MDgyMD E0NDkxNloXDTE4
<NL>
MDgxODE0NDkxNlowgbExCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw 5Ob3J0aCBDYXJv
<NL>
bGluYTEQMA4GA1UEBxMHUmFsZWlnaDEXMBUGA1UEChMORmVkb3 JhIFByb2plY3Qx
<NL>
GjAYBgNVBAsTEUZlZG9yYSBQcm9qZWN0IENBMRowGAYDVQQDEx FGZWRvcmEgUHJv
<NL>
amVjdCBDQTEmMCQGCSqGSIb3DQEJARYXYWRtaW5AZmVkb3JhcH JvamVjdC5vcmcw
<NL>
ggQWMA0GCSqGSIb3DQEBAQUAA4IEAwAwggP+AoID9QDIH2F1s0 y5V7xBc2tHlXOA
<NL>
H7999QZ76BU1qtDg4g4k2KyYTG7Gk5eNnJntbpYtRNPL0bQymJ IhcfkMCER+UOfv
<NL>
mum6hrwYSrb0ehsIP1mY9QXdJnlvA1ViXMpZy74byaue9Rn+9G OaOtRWv9dZ5/j4
<NL>
Wf9JDOt7TzgFfTPZrtasqlSaOicWJuAKyp2SkQup3I0fTtM4/LpR6BY+dDr7ud9d
<NL>
LTukkGuOPnNx1pxKkuN0jKYwZjwUcQHlRUNF5xrARU5youYSD7 ReWdJsZkirJ0W2
<NL>
dZkUQaIUm55v3p4soMYnbPeJFoAbSJkqSCPI4c/ex/Xr1xp3dXvd0vi9K+w8tvw1
<NL>
Q3XUvQxum97dbcM7Sw3gRfpFy6K3Up+xXaEnMDGhX31zQAHFTP/P7N+CWNwLg57r
<NL>
EmuYVfP31b6qsyvuLnpMqe0fYRNWOiJYMALPyRT15RSFGaLyKe vqqzR5DFmHQI2C
<NL>
wl5UFsmBK4LJWqaxE/shuNWEx70BzRYOnPgPr3ohXKBLLxZZtVSlEh+N5FW07Y7T
<NL>
LkzFGxc0uArsi6EsA9AS0rGJ7FOqMNctvQoR3UFPh5bkXMHgz7 aunrB1n5x5rmHk
<NL>
g/ni5RoxUZgKDuRu1injapnSDC+C3npyk/18g9L7KI810mI/mGFxAtqUcfzG8LP6
<NL>
kk7F4ZvwZJaB/rXBhpYqD6nVvybGP1SEiuSUmj9g6iqkL8dtdrLa8arJHJLvuSE 3
<NL>
VciBR+QNAUE3vyvuifXK4il4QNuvUEqFJOqehkejKbPDkAkQoy IUdr09XBNK1G9O
<NL>
NbnfJIh+ufiOLpLHr5ya+IM/2DOQTz9WboT74I1dPaI3nxs2iTRrL5Di2xRQlscq
<NL>

e3RrLlvZF8O5a4VwHy59TY86YLOnRa4+DbcFv+hBdduOMFfTu3 kTxJVSJ8UNRPCL<NL>
MMh+jpwBrPLcezA/2S2fRsjn0xrVNkZhfVTkKX3IJif6AwRvAKauSzEMj5rFRxaa<N L>
9sJwGV6kDwlmsmVaqXHS1mloJ5eOw07ch7iQQAsHxojneXU6cl AKII2lM7AWwoW6<NL>
WZIiGb/BCpRL23YbXcq89Aq/Rb6TCekAhBybbodlkYThZmSrUfVbntzj7489vP0k<NL>
ClSfVk6j4DNbSdwC89xfnKaOV2d4oVNWUvnQeXy+XZNfgVEpQr aJlsN4Nf/hVrUI<NL>
aog7qBaZDYxjiiXg2TFcxNrONQruGngCgDBC9kpdaph+irt5Dd b6j8cgsquRG9/j<NL>
+CM+gzw3fjKGkijMMyBDsyvlOuNgy+VAahSJvI95P8LLsw4WLu b3H3lI4/o+gp0s<NL>
VLPMo+j/SypJw/IxDeCV2UvspqhWRDqUj6CUKWHu3jveW327AgMBAAGjggEaMIIB <NL>
FjAdBgNVHQ4EFgQUwNk/0QSeuc4HfmzLbSSZrErtu3owgeYGA1UdIwSB3jCB24AU<NL>
wNk/0QSeuc4HfmzLbSSZrErtu3qhgbekgbQwgbExCzAJBgNVBAYTAl VTMRcwFQYD<NL>
VQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UEBxMHUmFsZWlnaD EXMBUGA1UEChMO<NL>
RmVkb3JhIFByb2plY3QxGjAYBgNVBAsTEUZlZG9yYSBQcm9qZW N0IENBMRowGAYD<NL>
VQQDExFGZWRvcmEgUHJvamVjdCBDQTEmMCQGCSqGSIb3DQEJAR YXYWRtaW5AZmVk<NL>
b3JhcHJvamVjdC5vcmeCCQDF3L1jMgfWXjAMBgNVHRMEBTADAQ H/MA0GCSqGSIb3<NL>
DQEBBQUAA4ID9QClrBcpX7Ml41iNEKr/b+Dwa0963DQOBl0mgCyNrm2Wvh1WJ2NJ<NL>
HCP24A1jRe/AGR3/ORlvynZWfj7toJYpp0Ao21oXkHr4/8yYJfZ+eD+5R/ZmqbMS<NL>
fhsmxsHpFFLfMa3iQsyM/ys/A61Y0f16w77TM0IwaVA3+f23V4xvfirKIMkP+8My<NL>
r7TSX9mN7VZd3X4zHBgRBefufOic24SWNKD7zBooh9r+yV63Hb mlWRoa6xoJlS/M<NL>
OYGO80/AdqQ1iVe+F2zgDHQrQWWARHn3p3oE5JSI4m7UBaLpf1ei2HjeG 0tUntVW<NL>
32RGHalofN++bvVBqppKo1ijNQbTBMX9WcCMd3nE80X9LW7Zfq NDGJigl8WBPVNN<NL>
278fMWj/XsCYS4XwojJLzzeBmilEnD6SYwkmgEtcLnY91hsJzvbbglFeSA VUvfyA<NL>
iCbnHmZbNugH6HiiTrXlXDI85XUEB3kn3orKhNaeerPfo/GnBXoNFw3tSs3QrWSm<NL>
b8KQbPDgErvNP9thug/4xg+rPxo3oh5lbqQJ5HvDne+V/6tvW7TeHqzJ4k+OJguZ<NL>
x4GAD87I+cLfPICRGwUFQ4EuA5vhQ4FVAfjKgXSyzqpNuCt8JT otyjIh3t6vk7YQ<NL>
udtkBCixVxtM5U7i78SME+h+QhrNj5DsxB4K3BLpqWnqOigLVk xRxeBVXjDL2+hn<NL>
izx4eJvkNiIVKtB9tgKjSy7led3Wc/k1Ut0NjZ/iFB8WCo7me0jnVHSebxD9olA7<NL>
n606/L5gfAN+Ln4hjbVJL+tEgdWezP5pJHwEDBWyQLtQmsxEKQPeDVg i5BTQNRNi<NL>
X0xnfgTShhDKN4mEq+Y1C8IMqbi0vb01P4CA9IU2cHcrH26Apq/xKBSnnfDAh1yy<NL>
LHBF738arlYVBeaqoUrKhroXxr4wQprIGu/AdPKEXz2c29TE5H7yjRSvIy7ui7EN<NL>
NujCosP/IO7YBFhkpDYPq2fByQO5jiZAF58eVX2TlbjM4N+SDG/bpP0WeWlq0JHK<NL>
FmxcI5N+s7mR0uK3h0WF5fl1vK/d53YzFO6dI/I5Kh8LVtq0diyYmw6LHXPlTJiJ<NL>
nk7ILFds81Ii6EvMmOPD+MX/BQ/YJRaCclixFLk/KaTap8/fZLBotG/5SjBdwFOd<NL>
UwVntskUTnai3Vjw0XuBUuKhotenjH/aPbewm/VN9TDjGq9pxaCI8rHX02CIU64U<NL>
QuJak6mhyUyB/km02afEYBDDh+lPljKOnmfQhVJXvtBUSbtY/cWP4gJZ901u27fG<NL>
Xs6hMQbMUn3fYy43Z3VX/BCS+P2UhorNQB6p17xTs0kTM9pI8aDy/uCwk3F+K/uW<NL>
YPF6KxAYMs2ema7PGl2D<NL>
-----END CERTIFICATE-----<NL>


Perhaps the binary data (incapsulated in the base64 form) is OK, but
the fact that there are such strange "in general" and strange
"invisible" garbage in the security-sensitive data causes people at
least to ask about it...


...and both of the certificate are identical (previously were different)?


~buc

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

On Monday 25 August 2008 09:56:10 am Dmitry Butskoy wrote:
> Dmitry Butskoy wrote:
> > Dennis Gilmore wrote:
> >> Effective immediately we have replaced the CA that is in use for
> >> cvs.fedoraproject.org and koji.fedoraproject.org This effects
> >> uploading to lookaside cache and building packages.
> >>
> >> There are some manual steps that everyone needs to do to be able to
> >> use the systems again.
> >>
> >> they are login to https://admin.fedoraproject.org/accounts/ and
> >> click on the "Download a client-side certificate" link at the bottom
> >> of the home page. save the output to ~/.fedora.cert
> >>
> >> rm ~/.fedora-server-ca.cert ~/.fedora-upload-ca.cert
> >> fedora-packager-setup
> >
> > According to the "fedora-packager-setup" script, the sources for these
> > two certificates are:
> > https://admin.fedoraproject.org/accounts/fedora-server-ca.cert
> > and
> > https://admin.fedoraproject.org/accounts/fedora-upload-ca.cert
> > respectively.
> >
<snip>
> >
> > Perhaps the binary data (incapsulated in the base64 form) is OK, but
> > the fact that there are such strange "in general" and strange
> > "invisible" garbage in the security-sensitive data causes people at
> > least to ask about it...
ive had one other report of the certs being weird looking. and i was unable to
reproduce the issue. they look fine to me in all sources. from the original
all the way through what ive downloaded in the three exposed places. what did
you use to open them?

> ...and both of the certificate are identical (previously were different)?

yes we were using 2 CA's previously. now we only use one.

the ca cert is also linked https://admin.fedoraproject.org/fingerprints

Dennis
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list