Skip to content
This repository has been archived by the owner on Apr 14, 2021. It is now read-only.

Update HTTPS certificates #4380

Merged
merged 6 commits into from
Mar 22, 2016
Merged

Update HTTPS certificates #4380

merged 6 commits into from
Mar 22, 2016

Conversation

indirect
Copy link
Member

Remove the certs we don't need, add the new cert for index.rubygems.org, and stop checking for equality with RubyGems certs because they're out of date now.

@indirect indirect mentioned this pull request Mar 18, 2016
Closed
This was referenced Mar 18, 2016
Closed
Merged
@RochesterinNYC
Copy link
Contributor

Added a commit to this that should fix the broken specs via changing them to expect the new subdirectory structure for ssl certs.

@indirect
Copy link
Member Author

@RochesterinNYC aha! thank you. :)

@homu r+

@homu
Copy link
Contributor

homu commented Mar 22, 2016

📌 Commit 3ad737d has been approved by indirect

@homu
Copy link
Contributor

homu commented Mar 22, 2016

⚡ Test exempted - status

@homu homu merged commit 3ad737d into master Mar 22, 2016
homu added a commit that referenced this pull request Mar 22, 2016
@homu
Auto merge of #4380 - bundler:simplify-certs, r=indirect
919a940 
Update HTTPS certificates

Remove the certs we don't need, add the new cert for index.rubygems.org, and stop checking for equality with RubyGems certs because they're out of date now.
homu added a commit that referenced this pull request Mar 28, 2016
@homu
Auto merge of #4407 - RochesterinNYC:1-12-backports-ssl-certs, r=indi…
70e6c31 
…rect

Backport #4380 (Updated certificates) to `1-12-stable`

- Needs to be merged in before #4404 so ssl cert specs will pass
homu added a commit to rubygems/rubygems that referenced this pull request Mar 28, 2016
@homu
Auto merge of #1555 - RochesterinNYC:organize-ssl-certs, r=indirect
df6620b 
Organize and cleanup SSL certs

/cc @indirect

- Related to rubygems/bundler#4380
homu added a commit that referenced this pull request Mar 29, 2016
@homu
Auto merge of #4407 - RochesterinNYC:1-12-backports-ssl-certs, r=indi…
8186ef0 
…rect

Backport #4380 (Updated certificates) to `1-12-stable`

- Needs to be merged in before #4404 so ssl cert specs will pass
@RochesterinNYC
Copy link
Contributor

@indirect what is the mapping basis between the directories and certs? As in, what decides which cert goes into which directory (i.e DigiCertHighAssuranceEVRootCA.pem in the rubygems.global.ssl.fastly.net directory)?

Asking this because I need to create a PR to update this util/update_bundled_ca_certificates.rb script in Rubygems after rubygems/rubygems#1555 and I don't see any kind of logical mapping in the code.

@segiddins segiddins deleted the simplify-certs branch April 5, 2016 17:20
@indirect
Copy link
Member Author

indirect commented Apr 5, 2016

@RochesterinNYC I used each cert to validate an HTTPS session to each domain, and put the cert that actually worked into the directory named after that domain. 😅

@indirect
Copy link
Member Author

indirect commented Apr 5, 2016

It seems like the RubyGems script is certs that aren't needed—we don't need to save the certs that are returned by the server, we need to save the root cert that makes it possible to trust all the certs that are returned by the server.

This was referenced Apr 18, 2016
Merged
Merged
homu added a commit to rubygems/rubygems that referenced this pull request May 3, 2016
@homu
Auto merge of #1583 - RochesterinNYC:update-bundled-ca-certificates-s…
6ba3489 
…cript, r=segiddins

Update `update_bundled_ca_certificates` utility script for directory nesting

- Also updates the ssl certs with the minimum certs needed and nests them in directories named for the hosts they can authenticate against. The arrangement of the certs changed/occurred because the ssl certs in Rubygems were modeled after the ssl cert arrangement in Bundler. However, this arrangement was produced through manual testing and configured/arranged in rubygems/bundler#4380 instead of programmatically. I'm unsure how I would go about writing or updating the `update_bundled_ca_certificates` script in a way that could reproduce this current manual arrangement. Hence, this PR includes a commit for rearranging of the ssl certs based off the programmatic utility script (instead of a manual process).
- Related to discussion at #1555

cc: @segiddins @indirect
homu added a commit that referenced this pull request May 3, 2016
@homu
Auto merge of #4448 - RochesterinNYC:update-ssl-certs--to-parallel-ru…
d4679f7 
…bygems, r=segiddins

Update Bundler ssl certs to match updated Rubygems ssl certs/structure

This PR should only be merged if and after rubygems/rubygems#1583 is merged. Reasoning behind the PR is originally stated there but is as follows:

The current arrangement of the ssl certs for Bundler (and Rubygems) was produced through manual testing and configured/arranged in #4380 instead of programmatically. rubygems/rubygems#1583 updates the Rubygems util script for updating the ssl certs to programmatically write the certs to the appropriate nested directories. This PR ensures Bundler's certs match Rubygems' after they are programmatically generated/arranged instead of manually.
@coilysiren coilysiren modified the milestone: Release Archive Sep 22, 2016
@voxik voxik mentioned this pull request Mar 15, 2019
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Release Archive
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@indirect @RochesterinNYC @homu @coilysiren