wpackagist: Certificate Problems
We’ve got 2 computers on the same local network, and we’re getting different certificates from wpackagist.org
$ curl https://wpackagist.org/packages.json -vvv
* About to connect() to wpackagist.org port 443
* Trying 212.13.212.86... connected
* Connected to wpackagist.org (212.13.212.86) port 443
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server key exchange (12):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: /C=GB/OU=Domain Control Validated/CN=www.audiencefinder.org
* start date: 2016-08-25 11:41:55 GMT
* expire date: 2019-08-26 11:41:55 GMT
* SSL: certificate subject name 'www.audiencefinder.org' does not match target host name 'wpackagist.org'
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
curl: (51) SSL: certificate subject name 'www.audiencefinder.org' does not match target host name 'wpackagist.org'
??? certificate subject name ‘www.audiencefinder.org’ does not match target host name ‘wpackagist.org’??? wrong certificate red flag here.
AND the second one (works fine):
$ curl https://wpackagist.org/packages.json -vvv
* STATE: INIT => CONNECT handle 0x600057820; line 1396 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* Trying 212.13.212.86...
* STATE: CONNECT => WAITCONNECT handle 0x600057820; line 1449 (connection #0)
* Connected to wpackagist.org (212.13.212.86) port 443 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x600057820; line 1556 (connecti on #0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x600057820; line 1570 (connect ion #0)
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP1.1
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Unknown (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: OU=Domain Control Validated; OU=Gandi Standard SSL; CN=wpackagist.or g
* start date: Feb 29 00:00:00 2016 GMT
* expire date: Feb 28 23:59:59 2017 GMT
* subjectAltName: host "wpackagist.org" matched cert's "wpackagist.org"
* issuer: C=FR; ST=Paris; L=Paris; O=Gandi; CN=Gandi Standard SSL CA 2
* SSL certificate verify ok.
* STATE: PROTOCONNECT => DO handle 0x600057820; line 1591 (connection #0)
> GET /packages.json HTTP/1.1
> Host: wpackagist.org
> User-Agent: curl/7.50.0
> Accept: */*
>
* STATE: DO => DO_DONE handle 0x600057820; line 1653 (connection #0)
* STATE: DO_DONE => WAITPERFORM handle 0x600057820; line 1780 (connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x600057820; line 1790 (connection #0)
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 200 OK
* Server nginx/1.8.0 is not blacklisted
< Server: nginx/1.8.0
< Date: Wed, 28 Dec 2016 01:47:35 GMT
< Content-Type: application/json
< Content-Length: 1308
< Last-Modified: Wed, 28 Dec 2016 01:01:26 GMT
< Connection: keep-alive
< ETag: "58630ee6-51c"
< Accept-Ranges: bytes
<
* STATE: PERFORM => DONE handle 0x600057820; line 1949 (connection #0)
* multi_done
* Connection #0 to host wpackagist.org left intact
{"packages":[],"providers-url":"\/p\/%package%$%hash%.json","provider-includes": {"p\/providers-2015$%hash%.json":{"sha256":"c32495fe44c00aa14784e7eceb5c1e813634 368825716da2f3c727b715624e66"},"p\/providers-2016-06$%hash%.json":{"sha256":"36a de3e9eed0c84f5fdca426561c7902aba0890fff9a80c871f7387c2c5d2928"},"p\/providers-20 13$%hash%.json":{"sha256":"a2f83cdffb77766968b4ee0348685de2e754d41ec89298229d919 be630f5835f"},"p\/providers-2012$%hash%.json":{"sha256":"ea6848af9699e03ac45df7d 54feaafe05ecd0cde593d2a397e5f3540108b93ff"},"p\/providers-old$%hash%.json":{"sha 256":"60c0dec8b0323fd20bd958db0e2cb2ed1e058cab6b5db2beec334da903494d08"},"p\/pro viders-2011$%hash%.json":{"sha256":"096046060f8d42ca4dde3564573607d1cebe28dc627b f385fd0d01a0eb409db0"},"p\/providers-2016-09$%hash%.json":{"sha256":"81ef25c4280 14365a0683db103ce38e940009a57cbb4a171f78737690ad5f331"},"p\/providers-2016-03$%h ash%.json":{"sha256":"b4609d28bbde2bd3af1e1789faa673f2b34ea630cc3d8d851ee93066d4 a18eef"},"p\/providers-2014$%hash%.json":{"sha256":"3bd0ca21a6f2f40c5b92f136b797 4cd9d1a5ceeb2b04caf4a1a67deb32b02af5"},"p\/providers-this-week$%hash%.json":{"sh a256":"429d89fcc3031e998fb6bc581523bc48a2cdb9a50885431ca14ef569ee9ae08f"},"p\/pr oviders-2016-12$%hash%.json":{"sha256":"d7a59f7a8a475a9d6cc008f1eeee4a9412034e6d f057fc6fdcd0beb152c75b33"}}}
We’re having a look on our end to see if there’s been anything nasty in our networking, Can you confirm there isn’t something else at play here on your end?
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Comments: 15 (5 by maintainers)
@josephfusco Seems to be a new issue with the certificate. @joaquimds will have to chime in as he runs the infrastructure for WPackagist.