Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL issue on www.lightbend.com affecting the Dotty CLA check #855

Closed
smarter opened this issue Oct 7, 2023 · 8 comments
Closed

SSL issue on www.lightbend.com affecting the Dotty CLA check #855

smarter opened this issue Oct 7, 2023 · 8 comments

Comments

@smarter
Copy link
Member

smarter commented Oct 7, 2023
edited
Loading

(Reporting here as requested by @SethTisue)
The CLA check is failing in https://github.com/lampepfl/dotty/actions/runs/6442154587/job/17493043000?pr=18663 for example.

Running curl locally I see:

% curl https://www.lightbend.com/contribute/cla/scala/check/johnduffell
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

According to https://www.ssllabs.com/ssltest/analyze.html?d=www.lightbend.com :

This server's certificate chain is incomplete.

This can also be checked with openssl:

% openssl s_client -connect www.lightbend.com:443
...
Verification error: unable to verify the first certificate
...
@smarter smarter mentioned this issue Oct 7, 2023
Merged
@sjrd sjrd mentioned this issue Oct 7, 2023
Merged
@gzm0
Copy link

gzm0 commented Oct 7, 2023

I strongly suspect that the problem is that the Sectigo Intermediate certificate is not delivered by the server (server chain reply see here: scala-js/scala-js#4909 (comment)). When looking at how Chrome validates the full chain, the top level certificate is valid. Probably Chrome just has the intermediate in its own store.

@SethTisue
Copy link
Member

I've asked Lightbend IT to take a look.

@eed3si9n eed3si9n mentioned this issue Oct 8, 2023
Merged
@JustinPihony
Copy link

Hi @smarter - could you please try again. We had some hiccups in our servers and I believe this may have been related to that. Otherwise we can dig a bit deeper as I cannot reproduce it currently.

@sjrd
Copy link
Member

sjrd commented Oct 9, 2023

Hi. Thanks for looking into it. It appears to still be broken at least in this job, which I just reran:
https://github.com/scala-js/scala-js/actions/runs/6446814222/job/17517368491

@JustinPihony
Copy link

Yes, thanks - I realized now that the CA chain is messed up. We are looking into that and will update once this is resolved.

@JustinPihony
Copy link

OK, please try now

@sjrd
Copy link
Member

sjrd commented Oct 9, 2023

Thank you. It's working now. ✔️

@smarter
Copy link
Member Author

smarter commented Oct 9, 2023

Working in dotty too!

@smarter smarter closed this as completed Oct 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@smarter @SethTisue @sjrd @gzm0 @JustinPihony