Merge lp:~hloeung/pollinate/missing-ca-certificate into lp:~pollinate/pollinate/trunk
Status: | Merged |
---|---|
Merged at revision: | 277 |
Proposed branch: | lp:~hloeung/pollinate/missing-ca-certificate |
Merge into: | lp:~pollinate/pollinate/trunk |
Diff against target: |
31 lines (+24/-0) 1 file modified
entropy.ubuntu.com.pem (+24/-0) |
To merge this branch: | bzr merge lp:~hloeung/pollinate/missing-ca-certificate |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
pollinate | Pending | ||
Review via email: mp+239160@code.launchpad.net |
Description of the change
curl is invoked with --capath /dev/null so we need to include the CA certificate in the chain.
| Certificate chain
| 0 s:/OU=Domain Control Validated/
| i:/C=US/
| 1 s:/C=US/
| i:/C=US/
| 2 s:/C=US/
| i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
| 3 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
| i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
Tested as follows:
$ curl -A 'pollinate/
| 09:16:55.592055 * Hostname was NOT found in DNS cache
| 09:16:55.596308 * Trying 91.189.94.50...
| 09:16:55.925350 * Connected to entropy.ubuntu.com (91.189.94.50) port 443 (#0)
| 09:16:55.925950 * successfully set certificate verify locations:
| 09:16:55.926012 * CAfile: missing-
| CApath: /dev/null
| 09:16:55.926126 * SSLv3, TLS handshake, Client hello (1):
| 09:16:56.261897 * SSLv3, TLS handshake, Server hello (2):
| 09:16:56.273468 * SSLv3, TLS handshake, CERT (11):
| 09:16:56.274152 * SSLv3, TLS handshake, Server key exchange (12):
| 09:16:56.274321 * SSLv3, TLS handshake, Server finished (14):
| 09:16:56.284401 * SSLv3, TLS handshake, Client key exchange (16):
| 09:16:56.284483 * SSLv3, TLS change cipher, Client hello (1):
| 09:16:56.284605 * SSLv3, TLS handshake, Finished (20):
| 09:16:56.628377 * SSLv3, TLS change cipher, Client hello (1):
| 09:16:56.628494 * SSLv3, TLS handshake, Finished (20):
| 09:16:56.628555 * SSL connection using TLSv1.2 / DHE-RSA-
| 09:16:56.628606 * Server certificate:
| 09:16:56.628656 * subject: OU=Domain Control Validated; CN=entropy.
| 09:16:56.628702 * start date: 2014-10-14 23:21:25 GMT
| 09:16:56.628748 * expire date: 2015-10-15 16:10:53 GMT
| 09:16:56.628807 * subjectAltName: entropy.ubuntu.com matched
| 09:16:56.628863 * issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://
| 09:16:56.628909 * SSL certificate verify ok.
| 09:16:56.628981 > GET / HTTP/1.1
| 09:16:56.628981 > User-Agent: pollinate/
| 09:16:56.628981 > Host: entropy.ubuntu.com
| 09:16:56.628981 > Accept: */*
| 09:16:56.628981 >
| 09:16:56.968210 * HTTP 1.0, assume close after body
| 09:16:56.968290 < HTTP/1.0 400 Bad Request
| 09:16:56.968334 < Content-Type: text/plain; charset=utf-8
| 09:16:56.968375 < Content-Length: 162
| 09:16:56.968417 < Date: Tue, 21 Oct 2014 22:16:57 GMT
| 09:16:56.968459 < X-Cache: MISS from localhost
| 09:16:56.968501 < X-Cache-Lookup: MISS from localhost:3128
| 09:16:56.968544 < Via: 1.0 localhost (squid/3.1.19)
| 09:16:56.968587 * HTTP/1.0 connection set to keep alive!
| 09:16:56.968628 < Connection: keep-alive
| 09:16:56.968670 < Please use the pollinate client. 'sudo apt-get install pollinate' or download from: https:/
| 09:16:56.968739 * Connection #0 to host entropy.ubuntu.com left intact
Dustin, sorry for providing you with a bundle without the original CA certificate.