Update the svn mirror list to reflect that svn.freebsd.org is
now GeoDNS-backed, and a single, official SSL certificate is now used. In collaboration with: peter Sponsored by: The FreeBSD Foundation
This commit is contained in:
Glen Barber
parent
ef904adea3
commit
f73f9684c4
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=46982
1 changed files with 22 additions and 102 deletions
|
|
@ -617,101 +617,47 @@ Comment out for now until these can be verified.
|
|||
<para>The master &os; <application>Subversion</application>
|
||||
server, <systemitem
|
||||
class="fqdomainname">svn.FreeBSD.org</systemitem>, is
|
||||
publicly accessible, read-only. That may change in the
|
||||
future, so users are encouraged to use one of the official
|
||||
mirrors. To view the &os;
|
||||
publicly accessible, and redirects to the closest official
|
||||
mirror using GeoDNS. To view the &os;
|
||||
<application>Subversion</application> repositories through a
|
||||
browser, use <link
|
||||
xlink:href="http://svnweb.FreeBSD.org/">http://svnweb.FreeBSD.org/</link>.</para>
|
||||
|
||||
<note>
|
||||
<para>The &os; <application>Subversion</application> mirror
|
||||
network is still in its early days, and will likely change.
|
||||
Do not count on this list of mirrors being static. In
|
||||
particular, the <acronym>SSL</acronym> certificates of the
|
||||
servers will likely change at some point.</para>
|
||||
<para>The &os; <application>Subversion</application> mirrors
|
||||
previously used self-signed SSL certificates documented in
|
||||
this chapter. As of July 14, 2015, all mirrors now use an
|
||||
official SSL certificate that will be recognized by
|
||||
<application>Subversion</application> if the <filename
|
||||
role="package">security/ca_root_nss</filename> port is
|
||||
installed. The legacy self-signed certificates are still
|
||||
available, but are now considered deprecated.</para>
|
||||
</note>
|
||||
|
||||
<para>For those without the <filename
|
||||
role="package">security/ca_root_nss</filename> port
|
||||
installed, the SHA1 and SHA256 fingerprints are:</para>
|
||||
|
||||
<informaltable>
|
||||
<tgroup cols="4">
|
||||
<colspec colwidth="3*"/>
|
||||
<tgroup cols="2">
|
||||
<colspec colwidth="1*"/>
|
||||
<colspec colwidth="1*"/>
|
||||
<colspec colwidth="2*"/>
|
||||
<colspec colwidth="10*"/>
|
||||
<thead>
|
||||
<row>
|
||||
<entry>Name</entry>
|
||||
|
||||
<entry>Protocols</entry>
|
||||
|
||||
<entry>Location</entry>
|
||||
|
||||
<entry><acronym>SSL</acronym> Fingerprint</entry>
|
||||
<entry>Hash</entry>
|
||||
<entry>Fingerprint</entry>
|
||||
</row>
|
||||
</thead>
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><systemitem
|
||||
class="fqdomainname">svn0.us-west.FreeBSD.org</systemitem></entry>
|
||||
|
||||
<entry><literal>svn</literal>, <link
|
||||
xlink:href="http://svn0.us-west.FreeBSD.org/"><literal>http</literal></link>,
|
||||
<link
|
||||
xlink:href="https://svn0.us-west.FreeBSD.org/"><literal>https</literal></link></entry>
|
||||
|
||||
<entry>USA, California</entry>
|
||||
|
||||
<entry>SHA1
|
||||
<literal>1C:BD:85:95:11:9F:EB:75:A5:4B:C8:A3:FE:08:E4:02:73:06:1E:61</literal></entry>
|
||||
<entry>SHA1</entry>
|
||||
<entry><literal>E9:37:73:80:B5:32:1B:93:92:94:98:17:59:F0:FA:A2:5F:1E:DE:B9</literal></entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><systemitem
|
||||
class="fqdomainname">svn0.us-east.FreeBSD.org</systemitem></entry>
|
||||
|
||||
<entry><literal>svn</literal>, <link
|
||||
xlink:href="http://svn0.us-east.FreeBSD.org/"><literal>http</literal></link>,
|
||||
<link
|
||||
xlink:href="https://svn0.us-east.FreeBSD.org/"><literal>https</literal></link>,
|
||||
<literal>rsync</literal></entry>
|
||||
|
||||
<entry>USA, New Jersey</entry>
|
||||
|
||||
<entry>SHA1
|
||||
<literal>1C:BD:85:95:11:9F:EB:75:A5:4B:C8:A3:FE:08:E4:02:73:06:1E:61</literal></entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><systemitem
|
||||
class="fqdomainname">svn0.eu.FreeBSD.org</systemitem></entry>
|
||||
|
||||
<entry><literal>svn</literal>, <link
|
||||
xlink:href="http://svn0.eu.FreeBSD.org/"><literal>http</literal></link>,
|
||||
<link
|
||||
xlink:href="https://svn0.eu.FreeBSD.org/"><literal>https</literal></link>,
|
||||
<literal>rsync</literal></entry>
|
||||
|
||||
<entry>Europe, UK</entry>
|
||||
|
||||
<entry>SHA1
|
||||
<literal>1C:BD:85:95:11:9F:EB:75:A5:4B:C8:A3:FE:08:E4:02:73:06:1E:61</literal></entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><systemitem
|
||||
class="fqdomainname">svn0.ru.FreeBSD.org</systemitem></entry>
|
||||
|
||||
<entry><literal>svn</literal>, <link
|
||||
xlink:href="http://svn0.ru.FreeBSD.org/"><literal>http</literal></link>,
|
||||
<link
|
||||
xlink:href="https://svn0.ru.FreeBSD.org/"><literal>https</literal></link>,
|
||||
<literal>rsync</literal></entry>
|
||||
|
||||
<entry>Russia, Moscow</entry>
|
||||
|
||||
<entry>SHA1
|
||||
<literal>F6:44:AA:B9:03:89:0E:3E:8C:4D:4D:14:F0:27:E6:C7:C1:8B:17:C5</literal></entry>
|
||||
<entry>SHA256</entry>
|
||||
<entry><literal>D5:27:1C:B6:55:E6:A8:7D:48:D5:0C:F0:DA:9D:51:60:D7:42:6A:F2:05:F1:8A:47:BE:78:A1:3A:72:06:92:60</literal></entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
|
|
@ -723,32 +669,6 @@ Comment out for now until these can be verified.
|
|||
middle</quote> attack) or otherwise trying to send bad
|
||||
content to the end user.</para>
|
||||
|
||||
<para xml:id="svn-mirrors-fingerprint">On the first connection
|
||||
to an <acronym>HTTPS</acronym> mirror, the user will be asked
|
||||
to verify the server <emphasis>fingerprint</emphasis>:</para>
|
||||
|
||||
<screen>Error validating server certificate for 'https://svn0.us-west.freebsd.org:443':
|
||||
- The certificate is not issued by a trusted authority. Use the
|
||||
fingerprint to validate the certificate manually!
|
||||
- The certificate hostname does not match.
|
||||
Certificate information:
|
||||
- Hostname: svnmir.ysv.FreeBSD.org
|
||||
- Valid: from Jul 29 22:01:21 2013 GMT until Dec 13 22:01:21 2040 GMT
|
||||
- Issuer: clusteradm, FreeBSD.org, (null), CA, US (clusteradm@FreeBSD.org)
|
||||
- Fingerprint: 1C:BD:85:95:11:9F:EB:75:A5:4B:C8:A3:FE:08:E4:02:73:06:1E:61
|
||||
(R)eject, accept (t)emporarily or accept (p)ermanently?</screen>
|
||||
|
||||
<para>Compare the fingerprint shown to those listed in the table
|
||||
above. If the fingerprint matches, the server security
|
||||
certificate can be accepted temporarily or permanently. A
|
||||
temporary certificate will expire after a single session with
|
||||
the server, and the verification step will be repeated on the
|
||||
next connection. Accepting the certificate permanently will
|
||||
store the authentication credentials in
|
||||
<filename>~/.subversion/auth/</filename> and the user will not
|
||||
be asked to verify the fingerprint again until the certificate
|
||||
expires.</para>
|
||||
|
||||
<para>If <literal>https</literal> cannot be used due to firewall
|
||||
or other problems, <literal>svn</literal> is the next choice,
|
||||
with slightly faster transfers. When neither can be used, use
|
||||
|
|
|
|||
Loading…
Reference in a new issue