On Mon, Jan 06, 2020 at 05:01:39PM +0000, Stuart Henderson wrote: > On 2020/01/06 17:51, Theo Buehler wrote: > > Apparently, this moved from www.math... to faculty..., but the www.math > > page still serves some (completely unrelated) stuff. > > > > Generally, people seem to want to move to https if possible, but I'm > > unsure if this also holds if the server only supports TLSv1.0 with a > > legacy cipher: > > > > $ nc -v -c -Tnoverify -Tprotocols="tlsv1" -Tciphers=legacy > > faculty.missouri.edu 443 > > Connection to faculty.missouri.edu (128.206.9.90) 443 port [tcp/https] > > succeeded! > > TLS handshake negotiated TLSv1/ECDHE-RSA-AES256-SHA with host > > faculty.missouri.edu > > Peer name: faculty.missouri.edu > > Subject: /C=US/postalCode=65211/ST=Missouri/L=Columbia/street=1100 Carrie > > Francke Dr/O=University of Missouri/OU=MU/CN=faculty.missouri.edu > > Issuer: /C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA > > Server CA > > Valid From: Fri Aug 11 02:00:00 2017 > > Valid Until: Tue Aug 11 01:59:59 2020 > > Cert Hash: > > SHA256:a26eb946d44ee29fee50e494965e73bb188e9e435964694865f95fd0465c81b8 > > OCSP URL: http://ocsp.usertrust.com > > > > Index: Makefile > > =================================================================== > > RCS file: /var/cvs/ports/x11/xkbset/Makefile,v > > retrieving revision 1.18 > > diff -u -p -r1.18 Makefile > > --- Makefile 12 Jul 2019 20:51:29 -0000 1.18 > > +++ Makefile 6 Jan 2020 12:34:44 -0000 > > @@ -5,15 +5,15 @@ COMMENT-gui= GUI for xkbset > > > > DISTNAME= xkbset-0.5 > > PKGNAME-main= xkbset-0.5 > > -REVISION-main= 3 > > +REVISION-main= 4 > > PKGNAME-gui= xkbset-gui-0.5 > > -REVISION-gui= 2 > > +REVISION-gui= 3 > > CATEGORIES= x11 > > # BSD > > PERMIT_PACKAGE= Yes > > > > -HOMEPAGE= http://www.math.missouri.edu/~stephen/software/\#xkbset > > -MASTER_SITES= http://www.math.missouri.edu/~stephen/software/xkbset/ > > +HOMEPAGE= https://faculty.missouri.edu/~stephen/software/\#xkbset > > +MASTER_SITES= https://faculty.missouri.edu/~stephen/software/xkbset/ > > > > MAKE_FLAGS= X11BASE="${X11BASE}" > > FAKE_FLAGS= X11PREFIX="${PREFIX}" \ > > > > MASTER_SITES needs http, their certificate chain is broken in webserver > config. GUI browsers can find it anyway (via AIA in the cert) but ftp(1) > can't.
Ah I shouldn't have edited the patch after only testing http thoroughly. I'll leave both at that. Thanks! > > $ ftp -o- https://faculty.missouri.edu/~stephen/software/xkbset/ > Trying 128.206.9.90... > SSL failure: certificate verification failed: unable to get local issuer > certificate > > I don't mind either http or https for HOMEPAGE. > > All nice and up-to-date... > > Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 > mod_wsgi/3.4 Python/2.7.5 > :)
