svn.boost.org SSL cert errro - Boost - lists.stage.boost.cppalliance.org

newer
Fwd: Binary Region Differentials

svn.boost.org SSL cert errro

older
[branch master] add library to...

Olaf van der Spek

7 Apr 2015 7 Apr '15

2:12 p.m.

Hi, The certificatie of svn.boost.org has expired (two weeks ago).. -- Olaf

Reply

Sign in to reply online Use email software

Show replies by date

Beman Dawes

7 Apr 7 Apr

3:08 p.m.

On Tue, Apr 7, 2015 at 10:12 AM, Olaf van der Spek wrote:

Hi,

The certificatie of svn.boost.org has expired (two weeks ago)..

We are working on getting a new certificate, and setting up a procedure to avoid the expired certificate problem in the future. It is taking a bit of time, however. --Beman

Reply

Sign in to reply online Use email software

Olaf van der Spek

4:24 p.m.

On Tue, Apr 7, 2015 at 5:08 PM, Beman Dawes wrote:

On Tue, Apr 7, 2015 at 10:12 AM, Olaf van der Spek wrote:

...
Hi,

The certificatie of svn.boost.org has expired (two weeks ago)..

We are working on getting a new certificate, and setting up a procedure to avoid the expired certificate problem in the future. It is taking a bit of time, however.

Boost is at arstechnica. :p http://arstechnica.com/security/2015/04/firefox-disables-opportunistic-encry... -- Olaf

Reply

Sign in to reply online Use email software

Olaf van der Spek

4:49 p.m.

One more: The Calender @ http://www.boost.org/development/index.html doesn't work in Chrome. On Tue, Apr 7, 2015 at 6:24 PM, Olaf van der Spek wrote:

On Tue, Apr 7, 2015 at 5:08 PM, Beman Dawes wrote:

...
On Tue, Apr 7, 2015 at 10:12 AM, Olaf van der Spek wrote:

...
Hi,

The certificatie of svn.boost.org has expired (two weeks ago)..

We are working on getting a new certificate, and setting up a procedure to avoid the expired certificate problem in the future. It is taking a bit of time, however.

Boost is at arstechnica. :p

http://arstechnica.com/security/2015/04/firefox-disables-opportunistic-encry...

-- Olaf

-- Olaf

Reply

Sign in to reply online Use email software

Rene Rivera

4:59 p.m.

On Tue, Apr 7, 2015 at 11:49 AM, Olaf van der Spek wrote:

One more: The Calender @ http://www.boost.org/development/index.html doesn't work in Chrome.

Works fine for me. -- -- Rene Rivera -- Grafik - Don't Assume Anything -- Robot Dreams - http://robot-dreams.net -- rrivera/acm.org (msn) - grafikrobot/aim,yahoo,skype,efnet,gmail

Reply

Sign in to reply online Use email software

Marshall Clow

6:05 p.m.

On Tue, Apr 7, 2015 at 9:49 AM, Olaf van der Spek wrote:

One more: The Calender @ http://www.boost.org/development/index.html doesn't work in Chrome.

Works here in Chrome for Mac OS X. -- Marshall

Reply

Sign in to reply online Use email software

Marshall Clow

6:07 p.m.

On Tue, Apr 7, 2015 at 9:24 AM, Olaf van der Spek wrote:

Boost is at arstechnica. :p

http://arstechnica.com/security/2015/04/firefox-disables-opportunistic-encry...

Can anyone tell me *why* boost is part of that article? it's not mentioned in the text, and the article is about something else entirely. -- Marshall

Reply

Sign in to reply online Use email software

Jason Roehm

6:27 p.m.

On 04/07/2015 02:07 PM, Marshall Clow wrote:

On Tue, Apr 7, 2015 at 9:24 AM, Olaf van der Spek wrote:

...
Boost is at arstechnica. :p

http://arstechnica.com/security/2015/04/firefox-disables-opportunistic-encry...

Can anyone tell me *why* boost is part of that article? it's not mentioned in the text, and the article is about something else entirely.

-- Marshall

_______________________________________________ Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost

The image shown at the top of the article illustrates the certificate error given by Firefox when visiting svn.boost.org. Jason

Reply

Sign in to reply online Use email software

Niall Douglas

10:33 p.m.

On 7 Apr 2015 at 11:08, Beman Dawes wrote:

...
The certificatie of svn.boost.org has expired (two weeks ago)..

We are working on getting a new certificate, and setting up a procedure to avoid the expired certificate problem in the future. It is taking a bit of time, however.

In case people aren't aware, to renew the kind of cert which expired you need to prove your identity which includes a proof of address which usually means a snail mail card in the post with a verification code plus lots of mailing identity documents to people. This is why it takes weeks. I have several alarms in my phone to remind me in the weeks leading up to cert expiry so I don't forget. I will admit some surprise the Boost certs weren't all renewed immediately after Heartbleed. It might be a good idea to renew the whole lot. Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

Reply

Sign in to reply online Use email software

Michael Caisse

10:40 p.m.

On 04/07/2015 03:33 PM, Niall Douglas wrote:

On 7 Apr 2015 at 11:08, Beman Dawes wrote:

...
...
The certificatie of svn.boost.org has expired (two weeks ago)..

We are working on getting a new certificate, and setting up a procedure to avoid the expired certificate problem in the future. It is taking a bit of time, however.

In case people aren't aware, to renew the kind of cert which expired you need to prove your identity which includes a proof of address which usually means a snail mail card in the post with a verification code plus lots of mailing identity documents to people. This is why

I have no idea what you are talking about. There are a lot of reasons that certs can take some time to renew, snail mail isn't one of them. We renew about 2-3 certs a month ranging from standard vanilla to wild-card and crazy merchant certs. In January we dealt with 2 certs that had expired. Snail mail has never been a requirement. Can you please expound? michael -- Michael Caisse ciere consulting ciere.com

Reply

Sign in to reply online Use email software

Niall Douglas

11:07 p.m.

On 7 Apr 2015 at 15:40, Michael Caisse wrote:

...
...
We are working on getting a new certificate, and setting up a procedure to avoid the expired certificate problem in the future. It is taking a bit of time, however.

In case people aren't aware, to renew the kind of cert which expired you need to prove your identity which includes a proof of address which usually means a snail mail card in the post with a verification code plus lots of mailing identity documents to people. This is why

I have no idea what you are talking about. There are a lot of reasons that certs can take some time to renew, snail mail isn't one of them.

We renew about 2-3 certs a month ranging from standard vanilla to wild-card and crazy merchant certs. In January we dealt with 2 certs that had expired. Snail mail has never been a requirement.

Can you please expound?

Sure. In the case of the SSL cert for *.nedprod.com, the issuer needed to prove my address and sent a code on a card to my physical address. That took two weeks, seeing as the card comes from Israel (it actually takes eight weeks in total to renew SSL certs for me, but that is for other reasons). I entirely accept that if your issuer lived in the same city in the US as you do, address verification would be rather quicker. They could also accept other evidence only possible to a US issuer verifying a US org. What I was trying to do was explain why getting new SSL certs isn't always as easy as a few clicks on a web page, if I was wrong then I'm sure we'd all love to hear why svn.boost.org's cert is taking so long. Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

Reply

Sign in to reply online Use email software

Olaf van der Spek

8 Apr 8 Apr

7:07 a.m.

On Wed, Apr 8, 2015 at 1:07 AM, Niall Douglas wrote:

On 7 Apr 2015 at 15:40, Michael Caisse wrote:

...
...
...
We are working on getting a new certificate, and setting up a procedure to avoid the expired certificate problem in the future. It is taking a bit of time, however.

In case people aren't aware, to renew the kind of cert which expired you need to prove your identity which includes a proof of address which usually means a snail mail card in the post with a verification code plus lots of mailing identity documents to people. This is why

I have no idea what you are talking about. There are a lot of reasons that certs can take some time to renew, snail mail isn't one of them.

We renew about 2-3 certs a month ranging from standard vanilla to wild-card and crazy merchant certs. In January we dealt with 2 certs that had expired. Snail mail has never been a requirement.

Can you please expound?

Sure.

In the case of the SSL cert for *.nedprod.com, the issuer needed to prove my address and sent a code on a card to my physical address. That took two weeks, seeing as the card comes from Israel (it actually takes eight weeks in total to renew SSL certs for me, but that is for other reasons).

I entirely accept that if your issuer lived in the same city in the US as you do, address verification would be rather quicker. They could also accept other evidence only possible to a US issuer verifying a US org. What I was trying to do was explain why getting new SSL certs isn't always as easy as a few clicks on a web page, if I was wrong then I'm sure we'd all love to hear why svn.boost.org's cert is taking so long.

At startssl.com one can get a basic SSL cert for free.. Certainly no snail mail required. -- Olaf

Reply

Sign in to reply online Use email software

Josh Juran

7:37 a.m.

On Apr 8, 2015, at 12:07 AM, Olaf van der Spek wrote:

At startssl.com one can get a basic SSL cert for free..

How much does it cost to revoke it? Josh

Reply

Sign in to reply online Use email software

Olaf van der Spek

7:40 a.m.

On Wed, Apr 8, 2015 at 9:37 AM, Josh Juran wrote:

On Apr 8, 2015, at 12:07 AM, Olaf van der Spek wrote:

...
At startssl.com one can get a basic SSL cert for free..

How much does it cost to revoke it?

ENOTIMPLEMENTED? Actually it is implemented and costs $25 :( -- Olaf

Reply

Sign in to reply online Use email software

Thijs van den Berg

7:45 a.m.

On 08 Apr 2015, at 09:40, Olaf van der Spek wrote:

On Wed, Apr 8, 2015 at 9:37 AM, Josh Juran wrote:

...
On Apr 8, 2015, at 12:07 AM, Olaf van der Spek wrote:

...
At startssl.com one can get a basic SSL cert for free..

How much does it cost to revoke it?

ENOTIMPLEMENTED?

Actually it is implemented and costs $25 :(

Somewhere soon https://letsencrypt.org/ will go live, free and backed by the EFF

Reply

Sign in to reply online Use email software

Beman Dawes

12:27 p.m.

On Tue, Apr 7, 2015 at 7:07 PM, Niall Douglas wrote: ... I'm sure we'd all love to hear why svn.boost.org's

cert is taking so long.

Procrastination on my part. Dave Abrahams used to handle it, so it ended up in my lap. A couple of days ago I realized the Software Freedom Conservancy folks were who should be handling the cert. They already have a close relationship with a registrar, so everything is being handled electronically and quickly. --Beman

Reply

Sign in to reply online Use email software

Niall Douglas

12 Apr 12 Apr

7:29 p.m.

On 8 Apr 2015 at 8:27, Beman Dawes wrote:

... I'm sure we'd all love to hear why svn.boost.org's

...
cert is taking so long.

Procrastination on my part. Dave Abrahams used to handle it, so it ended up in my lap.

A couple of days ago I realized the Software Freedom Conservancy folks were who should be handling the cert. They already have a close relationship with a registrar, so everything is being handled electronically and quickly.

Thanks for explaining Beman. Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

Reply

Sign in to reply online Use email software

Olaf van der Spek

23 Apr 23 Apr

9:24 p.m.

On Wed, Apr 8, 2015 at 2:27 PM, Beman Dawes wrote:

On Tue, Apr 7, 2015 at 7:07 PM, Niall Douglas wrote:

... I'm sure we'd all love to hear why svn.boost.org's

...
cert is taking so long.

Procrastination on my part. Dave Abrahams used to handle it, so it ended up in my lap.

A couple of days ago I realized the Software Freedom Conservancy folks were who should be handling the cert. They already have a close relationship with a registrar, so everything is being handled electronically and quickly.

How quickly? ;) -- Olaf

Reply

Sign in to reply online Use email software

Olaf van der Spek

13 May 13 May

10:08 a.m.

On Thu, Apr 23, 2015 at 11:24 PM, Olaf van der Spek wrote:

On Wed, Apr 8, 2015 at 2:27 PM, Beman Dawes wrote:

...
On Tue, Apr 7, 2015 at 7:07 PM, Niall Douglas wrote:

... I'm sure we'd all love to hear why svn.boost.org's

...
cert is taking so long.

Procrastination on my part. Dave Abrahams used to handle it, so it ended up in my lap.

A couple of days ago I realized the Software Freedom Conservancy folks were who should be handling the cert. They already have a close relationship with a registrar, so everything is being handled electronically and quickly.

How quickly? ;)

Beman? It has been over a month and there's still no valid cert.. -- Olaf

Reply

Sign in to reply online Use email software

William Gallafent

26 May 26 May

1:48 p.m.

On 13 May 2015 at 11:08, Olaf van der Spek wrote:

It has been over a month and there's still no valid cert..

And now almost another fortnight … -- Bill Gallafent.

Reply

Sign in to reply online Use email software

3472

Age (days ago)

3521

Last active (days ago)

Download

19 comments

10 participants

tags

participants (10)

Beman Dawes
Jason Roehm
Josh Juran
Marshall Clow
Michael Caisse
Niall Douglas
Olaf van der Spek
Rene Rivera
Thijs van den Berg
William Gallafent