[KORG] Availability of SSL on kernel.org
in [Kernel]
|
Prev: [PATCH 2.6.23..2.6.24] Backport r and q constraints fixes
Next: [PATCH v3 5/9] net/wireless/wext-core.c: Use IW_EVENT_IDX macro
From: J.H. on 18 Mar 2010 21:20 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Afternoon Everyone, I would like to go ahead and announce the general availability of SSL support for a number of the services on kernel.org! This should help provide an additional level of security, in particular for our dynamic content like the wiki's, patchwork and bugzilla. The certificates have been very graciously donated and signed by Thawte, and we at kernel.org greatly appreciate their support of Open Source! These signed certificates make it trivial for our users to make use of this additional layer of security, and alleviates a large amount of support effort that self-signed certificates would have incurred. "Thawte is proud of its open source lineage. Providing free certificates to community projects is just a small way of not only supporting the community but returning the favor. Please spread the word." Services that are now by default using SSL: * Bugzilla * Wikis * Account Requests * Patchwork These are using an HTTP redirect so you should need to do anything for these to just work. Services that have can optionally use SSL: * www.kernel.org * boot.kernel.org * git.kernel.org * android.git.kernel.org Just use https vs. http, there is no automatic redirection for these Services that DO NOT offer SSL: * mirrors.kernel.org These machines move a large amount of data to a large number of users and it would be difficult, and memory intensive, to provide SSL for this service. I don't foresee enabling SSL for mirrors.kernel.org. * *.[us | [nl.|se.]eu | geo | all].kernel.org dns entries These would require too many distinct certificates to adequately cover, and are generally not user facing. These still have the SSL certificates available to them, but the address will not match the CN in the certificate. As always if you encounter problems, e-mail ftpadmin or catch us on IRC. I've done a fair amount of testing of this on my own - but due to the large number of possible clients it's impossible for me to have tested this from every possible angle. - - John 'Warthog9' Hawley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkuiz7cACgkQ/E3kyWU9dicIAwCfQlTlSDEMn1GP++Cy7IFV9Oqi MP4Aniu0hVPdXMopnAG/W/PtWd0aEDus =pg6c -----END PGP SIGNATURE----- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Paul Mundt on 19 Mar 2010 00:00 On Thu, Mar 18, 2010 at 06:13:27PM -0700, J.H. wrote: > Services that are now by default using SSL: > > * Bugzilla > * Wikis > * Account Requests > * Patchwork > > These are using an HTTP redirect so you should need to do anything > for these to just work. > This seems to have at least broken pwclient for me, although perhaps I'm doing something wrong. Any of the pwclient operations as of this morning bail out with: xmlrpclib.ProtocolError: <ProtocolError for patchwork.kernel.org/xmlrpc/: 302 Found> If I change the pwclientrc url to https:// instead then at least pwclient list and get work, but update bombs out in the same way. I checked the pwclientrc from the project info pages incase there was an update, but those don't seem to have changed in format at all. The web interface continues to work fine. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Jeremy Kerr on 19 Mar 2010 02:10 Hi Paul, > If I change the pwclientrc url to https:// instead then at least pwclient > list and get work, but update bombs out in the same way. I checked the > pwclientrc from the project info pages incase there was an update, but > those don't seem to have changed in format at all. Could you send me the backtrace you get when the 'update' fails? Cheers, Jeremy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Jeremy Kerr on 19 Mar 2010 04:10 Hi Paul, Thanks for the report and testing - I've just committed a fix, plus a change to reflect the https URL in the sample .pwclientrc file. J.H.: If you update to the current git HEAD, the pwclient and .pwclientrc files served by patchwork.kernel.org will now be more suitable for use with https. Cheers, Jeremy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Mauro Carvalho Chehab on 19 Mar 2010 07:40
Hi Jeremy, Jeremy Kerr wrote: > Hi Paul, > > Thanks for the report and testing - I've just committed a fix, plus a change > to reflect the https URL in the sample .pwclientrc file. > > J.H.: If you update to the current git HEAD, the pwclient and .pwclientrc > files served by patchwork.kernel.org will now be more suitable for use with > https. It worked after commenting this line: # xmlrpclib.SafeTransport.__init__(self) Without commenting, I get this bug: Traceback (most recent call last): File "/usr/local/bin/pwclient", line 463, in ? main() File "/usr/local/bin/pwclient", line 381, in main use_https) File "/usr/local/bin/pwclient", line 88, in __init__ xmlrpclib.SafeTransport.__init__(self) AttributeError: class SafeTransport has no attribute '__init__' Btw, I had to do the same with the older pwclient. I'm using here the python/python libraries provided on RHEL5. Cheers, Mauro -- Cheers, Mauro -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ |