[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-users] Savannah's x.509 certificate fingerprints

From: Taylor R Campbell
Subject: Re: [Savannah-users] Savannah's x.509 certificate fingerprints
Date: Wed, 20 Jun 2007 03:30:04 +0000
User-agent: IMAIL/1.21; Edwin/3.116; MIT-Scheme/7.7.90.+

   Date: Wed, 20 Jun 2007 00:36:19 +0200
   From: Sylvain Beucler <address@hidden>

   Yes, the page had links to download outdated certificates from last
   year (the fingerprints are up-to-date).

Thanks!  I forgot to check the expiration dates on the certificates
while I was examining them; that would have been a rather obvious

   I fixed the page and added instructions on how to display/check the
   certificates using GnuTLS, and also how to extract the certificate out
   of the running server.

Excellent, this is very helpful.

There are a few HTML errors in that page now (or were there before):

. mismatched <h2>Certificates</h1> at the top;
. superfluous </a> in the list of certificates, in the entry for
. doubled, unclosed heading: <h2>Check for yourself!<h2>;
. non-escaped angled-brackets in the GnuPG output surrounding email
  addresses -- `<address@hidden>' instead of `&lt;address@hidden&gt;' --
  and in shell examples -- `certool -i <' instead
  of `certool -i &lt;'; and
. doubled, unclosed anchor: <a href="...certtool.html">doc<a>.

I can fix all this and send a corrected page if you'd like.

Also, I wonder whether it might be worth mentioning that if the pages
are downloaded with `curl', the authenticity of the server can be
implicitly checked simply by specifying `ca.crt' with the `--cacert'
option; that is, after fetching `ca.crt', one can run `curl --cacert
ca.crt -O'.  There may be a
similar option for `wget', but I don't know.

Finally, it's a little confusing to have a file named
`cvs.*', even though it works on Unix.  I suspect that it
may not work on Windows, but I don't know for certain -- haven't
touched a Windows machine in over a decade! --, and I don't know
whether you folks care about that.  It can be mildly flummoxing to
have to deal with escaping the asterisk in Unix shells, however.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]