Services
24×7×365 Technical Support
Migration to PostgreSQL
High Availability Deployment
Database Audit
Remote DBA for PostgreSQL
Products
Postgres Pro Enterprise
Postgres Pro Standard
Cloud Solutions
Postgres Extensions
Resources
Blog
Documentation
Webinars
Videos
Presentations
Community
Events
Training Courses
Books
Demo Database
Mailing List Archives
About
Leadership team
Partners
Customers
In the News
Press Releases
Press Info
Services
24×7×365 Technical Support
Migration to PostgreSQL
High Availability Deployment
Database Audit
Remote DBA for PostgreSQL
Products
Postgres Pro Enterprise
Postgres Pro Standard
Cloud Solutions
Postgres Extensions
Resources
Blog
Documentation
Webinars
Videos
Presentations
Community
Events
Training Courses
Books
Demo Database
Mailing List Archives
About
Leadership team
Partners
Customers
In the News
Press Releases
Press Info
Facebook
Downloads
Home
>
mailing lists
Missing Subject Alternative Names in ftp mirrors site certificate - Mailing list pgsql-www
From
Ben Buley
Subject
Missing Subject Alternative Names in ftp mirrors site certificate
Date
January 21, 2021
00:11:29
Msg-id
CAHV-pqwkxqUBaXac-9on7r9LZozKXaOF-3eyn3mfDXnFwFYEdQ@mail.gmail.com
Whole thread
Raw
Responses
Re: Missing Subject Alternative Names in ftp mirrors site certificate
List
pgsql-www
Tree view
All, not sure if this is the correct mailing list, so please direct me if necessary.
The
download.postgresql.org
has an incomplete TLS certificate that is missing some Subject Alt Names currently included in the DNS for
ftp.mirrors.postgresql.org
.
The round-robin DNS occasionally hits a valid name that is listed in the certificate, but many of them fail. Certificate shows SANs for:
SN =
ftp.postgresql.org
SAN DNS Name =
apt.postgresql.org
SAN DNS Name =
download.postgresql.org
SAN DNS Name =
fendaus.postgresql.org
SAN DNS Name =
ftp.postgresql.org
The IPs listed for
download.postgresql.org
and
ftp.postgresql.org
show the following IPs (listing IPv4 only):
Non-authoritative answer:
ftp.postgresql.org
canonical name =
ftp.mirrors.postgresql.org
.
Name:
ftp.mirrors.postgresql.org
Address: 147.75.85.69
Name:
ftp.mirrors.postgresql.org
Address: 217.196.149.55
Name:
ftp.mirrors.postgresql.org
Address: 72.32.157.246
Name:
ftp.mirrors.postgresql.org
Address: 87.238.57.227
And the reverse DNS shows the following alternative names being used:
55.48-63.149.196.217.in-addr.arpa name =
fabrina.postgresql.org
.
246.157.32.72.in-addr.arpa name =
faynos.postgresql.org
.
69.85.75.147.in-addr.arpa name =
fendaus.postgresql.org
.
227.226-238.57.238.87.in-addr.arpa name =
feris.postgresql.org
.
I only see one server that matches (
fendaus.postgresql.org
) which aligns to me failure rate of TLS certificate errors (edited). Additionally,
ftp.mirrors.postgresql.org
isn't listed in the SAN either and throws an certificate error.
For background, I pulled a RHEL 7 repo RPM from here and that's where I first noticed the issues (by failed YUM/curl connections).
https://download.postgresql.org/pub/repos/yum/9.5/redhat/rhel-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
Thanks,
Ben Buley
buleyb@gmail.com
pgsql-www
by date:
Previous
From:
Tom Lane
Date:
20 January 2021, 07:25:55
Subject:
Re: "502 Bad Gateway" on gitweb?
Next
From:
Magnus Hagander
Date:
21 January 2021, 01:49:57
Subject:
Re: Missing Subject Alternative Names in ftp mirrors site certificate
Есть вопросы? Напишите нам!
Соглашаюсь с условиями обработки персональных данных
I confirm that I have read and accepted PostgresPro’s
Privacy Policy
.
I agree to get Postgres Pro discount offers and other marketing communications.
✖
×
×
Everywhere
Documentation
Mailing list
List:
all lists
pgsql-general
pgsql-hackers
buildfarm-members
pgadmin-hackers
pgadmin-support
pgsql-admin
pgsql-advocacy
pgsql-announce
pgsql-benchmarks
pgsql-bugs
pgsql-chat
pgsql-cluster-hackers
pgsql-committers
pgsql-cygwin
pgsql-docs
pgsql-hackers-pitr
pgsql-hackers-win32
pgsql-interfaces
pgsql-jdbc
pgsql-jobs
pgsql-novice
pgsql-odbc
pgsql-patches
pgsql-performance
pgsql-php
pgsql-pkg-debian
pgsql-pkg-yum
pgsql-ports
pgsql-rrreviewers
pgsql-ru-general
pgsql-sql
pgsql-students
pgsql-testers
pgsql-translators
pgsql-www
psycopg
Period
anytime
within last day
within last week
within last month
within last 6 months
within last year
Sort by
date
reverse date
rank
Services
24×7×365 Technical Support
Migration to PostgreSQL
High Availability Deployment
Database Audit
Remote DBA for PostgreSQL
Products
Postgres Pro Enterprise
Postgres Pro Standard
Cloud Solutions
Postgres Extensions
Resources
Blog
Documentation
Webinars
Videos
Presentations
Community
Events
Training Courses
Books
Demo Database
Mailing List Archives
About
Leadership team
Partners
Customers
In the News
Press Releases
Press Info
By continuing to browse this website, you agree to the use of cookies. Go to
Privacy Policy
.
I accept cookies