[arch-general] PKGBUILD - clamav 0.103.4 - source .tar.gz downloads fine, .tar.gz.sig is 403? (same with Arch package)
Andreas Bosch
admin at progandy.de
Sun Nov 21 10:16:43 UTC 2021
Am 21.11.21 um 09:17 schrieb Ralf Mardorf via arch-general:
>
> done:
>
> [rocketmouse at archlinux curl_search_cpan_01]$ curl -sSvg -L https://search.cpan.org/CPAN/authors/id/Y/YE/YEWENBIN/Goo-Canvas-0.06.tar.gz >foo.tar.gz
> * Trying 46.43.35.68:443...
Hi Ralf,
Somehow you seem get an endpoint that has only an internal certificate. I can duplicate your error with this comand:
$ curl --resolve search.cpan.org:443:46.43.35.68 -sSvg -L https://search.cpan.org/CPAN/authors/id/Y/YE/YEWENBIN/Goo-Canvas-0.06.tar.gz >foo.tar.gz
I get the same IPs as Ralph and those do work and have Let's Encrypt certificates:
curl -4 -sSvg -L https://search.cpan.org/CPAN/authors/id/Y/YE/YEWENBIN/Goo-Canvas-0.06.tar.gz >foo.tar.gz
* Trying 151.101.114.132:443...
* Connected to search.cpan.org (151.101.114.132) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [4019 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.cpan.org
* start date: Sep 30 05:43:29 2021 GMT
* expire date: Dec 29 05:43:28 2021 GMT
* subjectAltName: host "search.cpan.org" matched cert's "*.cpan.org"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
Here is the wrong internal certificate:
$ openssl s_client --servername search.cpan.org 46.43.35.68:443
CONNECTED(00000003)
depth=0 C = PL, ST = Perl Lane, L = Perl City, O = MetaCPAN, OU = NOC, CN = api.metacpan.org, emailAddress = noc at metacpan.org
verify error:num=18:self signed certificate
verify return:1
depth=0 C = PL, ST = Perl Lane, L = Perl City, O = MetaCPAN, OU = NOC, CN = api.metacpan.org, emailAddress = noc at metacpan.org
verify return:1
---
Certificate chain
0 s:C = PL, ST = Perl Lane, L = Perl City, O = MetaCPAN, OU = NOC, CN = api.metacpan.org, emailAddress = noc at metacpan.org
i:C = PL, ST = Perl Lane, L = Perl City, O = MetaCPAN, OU = NOC, CN = api.metacpan.org, emailAddress = noc at metacpan.org
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEpDCCA4ygAwIBAgIJAKx9b4awQ9JxMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYD
VQQGEwJQTDESMBAGA1UECBMJUGVybCBMYW5lMRIwEAYDVQQHEwlQZXJsIENpdHkx
ETAPBgNVBAoTCE1ldGFDUEFOMQwwCgYDVQQLEwNOT0MxGTAXBgNVBAMTEGFwaS5t
ZXRhY3Bhbi5vcmcxHzAdBgkqhkiG9w0BCQEWEG5vY0BtZXRhY3Bhbi5vcmcwHhcN
MTYxMTE5MTgyODU4WhcNMzMwNDI0MTgyODU4WjCBkjELMAkGA1UEBhMCUEwxEjAQ
BgNVBAgTCVBlcmwgTGFuZTESMBAGA1UEBxMJUGVybCBDaXR5MREwDwYDVQQKEwhN
ZXRhQ1BBTjEMMAoGA1UECxMDTk9DMRkwFwYDVQQDExBhcGkubWV0YWNwYW4ub3Jn
MR8wHQYJKoZIhvcNAQkBFhBub2NAbWV0YWNwYW4ub3JnMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA900TvKRxw8jLouxOGSXksFs1LqOy+kws79dmzUPS
4O6pD1Aj/iY3Sy37IaIR55TAKzGzeaB/r4V0eVgfGq6s8uuRfqsDPVFbtON5JA1V
bV9ZkNUlOa74TPuDex5NRbmnom3Nwff/4R8uvT7Z13fcG85OESo3eAtJnGmMeg40
sTgJilqTPPeb9aXEgBZDP1a8WRX+Tp7/0XLZbSkLO4jCdhVyH7ZHpjIX4RbsrGao
yTGkR6w/w4SU2E2WcRuXDI1KU3O/uyNW67gDZPkPaW55oqkAAfMgSfF6I8qZpb0W
wYu7eSbNBAJbfPJM8wf3uYUtws1gdJzUEsOlDavbcSdVJwIDAQABo4H6MIH3MB0G
A1UdDgQWBBS9iUaroj5Ag/Z8EqfHEE8tQD9qPzCBxwYDVR0jBIG/MIG8gBS9iUar
oj5Ag/Z8EqfHEE8tQD9qP6GBmKSBlTCBkjELMAkGA1UEBhMCUEwxEjAQBgNVBAgT
CVBlcmwgTGFuZTESMBAGA1UEBxMJUGVybCBDaXR5MREwDwYDVQQKEwhNZXRhQ1BB
TjEMMAoGA1UECxMDTk9DMRkwFwYDVQQDExBhcGkubWV0YWNwYW4ub3JnMR8wHQYJ
KoZIhvcNAQkBFhBub2NAbWV0YWNwYW4ub3JnggkArH1vhrBD0nEwDAYDVR0TBAUw
AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAlVmTatV61RdmrM7Uoj8OcPg7w9qbfCJy
gAg9OQfj8qA3dloSKSIl+3q7Bkgr1IsmpR5uKQu8HLLbyZMs2G6t40etHaI1o+AJ
Q0uY63FksbVwmEIp/4pdrt6VMqASG6OfzO2SJbd6wb7GGoFZmvPA5CQ50Jv8wEkn
T6+IT8VynV+ZR2kWBUXANexuIrThwBTGihyej9rvZgYTJ3aKGgCT9Teov1T6A7Ed
dUbpdIJG9QdFliBmPO049ej7h3N79EarmUyuN5Z0tQDwrXZLJ1gxrAsSXw/InEao
TO2m3xZXEDGRfQSHf1YJt/sgpoYwGPQ1KOWuPIBmp1mD5h7CcMGpIg==
-----END CERTIFICATE-----
subject=C = PL, ST = Perl Lane, L = Perl City, O = MetaCPAN, OU = NOC, CN = api.metacpan.org, emailAddress = noc at metacpan.org
issuer=C = PL, ST = Perl Lane, L = Perl City, O = MetaCPAN, OU = NOC, CN = api.metacpan.org, emailAddress = noc at metacpan.org
---
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1670 bytes and written 410 bytes
Verification error: self signed certificate
^C
--
Andreas
More information about the arch-general
mailing list