TLS gmplib.org
Vincent Lefevre
vincent at vinc17.net
Mon Jun 8 08:12:31 UTC 2020
On 2020-06-08 06:35:23 +0000, hello at seby.io wrote:
> I tried to download gmp from you server but the TLS configuration
> sends an expired cert as an intermediate. wget sometimes errors:
>
> $ wget https://gmplib.org/download/gmp/gmp-6.1.2.tar.lz
> --2020-06-08 06:31:34-- https://gmplib.org/download/gmp/gmp-6.1.2.tar.lz
> Resolving gmplib.org (gmplib.org)… 130.242.124.102
> Connecting to gmplib.org (gmplib.org)|130.242.124.102|:443... connected.
> ERROR: The certificate of ‘gmplib.org’ is not trusted.
> ERROR: The certificate of ‘gmplib.org’ has expired.
>
> https://www.ssllabs.com/ssltest/analyze.html?d=gmplib.org
>
> > USERTrust RSA Certification Authority
> > Fingerprint SHA256: 1a5174980a294a528a110726d5855650266c48d9883bea692b67b6d726da98c5
> > Pin SHA256: x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=
> > Valid until Sat, 30 May 2020 10:48:38 UTC (expired 8 days, 13 hours ago) EXPIRED
This is mentioned here (in French):
https://news.gandi.net/fr/2020/06/un-certificat-root-a-expire-le-30-mai-2020/
I can see that gmplib.org does not have the right certificate chain.
It uses the old one:
Certificate chain
0 s:OU = Domain Control Validated, OU = Gandi Standard SSL, CN = gmplib.org
i:C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2
1 s:C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2
i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the gmp-discuss
mailing list