FreeBSD Handbook A.3.6 has incorrect (old?) cert-fingerprint info for svn.freebsd.org
Benjamin Kaduk
kaduk at mit.edu
Thu Dec 29 04:33:14 UTC 2016
On Tue, Dec 27, 2016 at 08:34:00AM -0500, Michael C Voorhis wrote:
> The FreeBSD handbook section A.3.6, under
>
> https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/svn.html
>
> lists certificate fingerprints which appear to be outdated. It
> appears that the SHA1 fingerprint, listed in the handbook as
>
> E9:37:73:80:B5:32:1B:93:92:94:98:17:59:F0:FA:A2:5F:1E:DE:B9
>
> Should be
>
> 86:5C:C5:84:F5:2D:40:FA:C6:F9:F0:D9:F5:40:D0:D5:6B:90:CB:CE .
>
> Similarly, the SHA256 fingerprint listed on the handbook-page is
>
> D5:27:1C:B6:55:E6:A8:7D:48:D5:0C:F0:DA:9D:51:60:D7:42:6A:F2:05:F1:8A:47:BE:78:A1:3A:72:06:92:60
>
> where it should be
>
> 3D:68:44:40:22:B1:96:B2:D3:0B:DD:1A:C9:AA:FF:CB:EC:89:FE:A2:4B:AF:11:F9:7C:AD:D9:F2:67:B7:35:18 .
>
> According to my web-browser, the cert has been in place since 14 June
> 2016, and will expire on 29 June 2017.
The fingerprints you quote are preceded by a note:
% Note: The FreeBSD Subversion mirrors previously used self-signed SSL certificates
% documented in this chapter. As of July 14, 2015, all mirrors now use an official
% SSL certificate that will be recognized by Subversion if the security/ca_root_nss
% port is installed. The legacy self-signed certificates and server names are still
% available but are deprecated and no longer supported.
-Ben
More information about the freebsd-doc
mailing list