Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

link-check: exclude funyours.co.jp (#7104) #7107

Merged

Conversation

ti-chi-bot
Copy link
Member

This is an automated cherry-pick of #7104

What is changed, added or deleted? (Required)

http://company.funyours.co.jp/ redirects to https://www.funyours.co.jp
and that host doesn't present a correct/complete certificate chain. In
addition to that it looks like the certificate and hostname don't match.

https://www.ssllabs.com/ssltest/analyze.html?d=www.funyours.co.jp

Previous discussion: #6837 (comment)

$ curl -v -L http://company.funyours.co.jp/
*   Trying 210.152.118.91:80...
* Connected to company.funyours.co.jp (210.152.118.91) port 80 (#0)
> GET / HTTP/1.1
> Host: company.funyours.co.jp
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Server: nginx
< Date: Fri, 03 Dec 2021 06:37:29 GMT
< Content-Type: text/html
< Content-Length: 178
< Connection: keep-alive
< Location: https://www.funyours.co.jp
<
* Ignoring the response-body
* Connection #0 to host company.funyours.co.jp left intact
* Issue another request to this URL: 'https://www.funyours.co.jp/'
*   Trying 47.245.16.139:443...
* Connected to www.funyours.co.jp (47.245.16.139) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 1
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Which TiDB version(s) do your changes apply to? (Required)

  • master (the latest development version)
  • v5.3 (TiDB 5.3 versions)
  • v5.2 (TiDB 5.2 versions)
  • v5.1 (TiDB 5.1 versions)
  • v5.0 (TiDB 5.0 versions)
  • v4.0 (TiDB 4.0 versions)
  • v3.1 (TiDB 3.1 versions)
  • v3.0 (TiDB 3.0 versions)
  • v2.1 (TiDB 2.1 versions)

What is the related PR or file link(s)?

  • This PR is translated from:
  • Other reference link(s):

Do your changes match any of the following descriptions?

  • Delete files
  • Change aliases
  • Need modification after applied to another branch
  • Might cause conflicts after applied to another branch

http://company.funyours.co.jp/ redirects to https://www.funyours.co.jp
and that host doesn't present a correct/complete certificate chain. In
addition to that it looks like the certificate and hostname don't match.

https://www.ssllabs.com/ssltest/analyze.html?d=www.funyours.co.jp

Previous discussion: pingcap#6837 (comment)

```
$ curl -v -L http://company.funyours.co.jp/
*   Trying 210.152.118.91:80...
* Connected to company.funyours.co.jp (210.152.118.91) port 80 (#0)
> GET / HTTP/1.1
> Host: company.funyours.co.jp
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Server: nginx
< Date: Fri, 03 Dec 2021 06:37:29 GMT
< Content-Type: text/html
< Content-Length: 178
< Connection: keep-alive
< Location: https://www.funyours.co.jp
<
* Ignoring the response-body
* Connection #0 to host company.funyours.co.jp left intact
* Issue another request to this URL: 'https://www.funyours.co.jp/'
*   Trying 47.245.16.139:443...
* Connected to www.funyours.co.jp (47.245.16.139) port 443 (pingcap#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 1
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
```
@ti-chi-bot
Copy link
Member Author

ti-chi-bot commented Dec 3, 2021

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • TomShawn

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added require-LGT1 Indicates that the PR requires an LGTM. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. type/cherry-pick-for-release-5.1 This PR is cherry-picked to release-5.1 from a source PR. labels Dec 3, 2021
@ti-chi-bot ti-chi-bot mentioned this pull request Dec 3, 2021
13 tasks
@ti-chi-bot ti-chi-bot added the status/LGT1 Indicates that a PR has LGTM 1. label Dec 3, 2021
@TomShawn
Copy link
Contributor

TomShawn commented Dec 3, 2021

/merge

@ti-chi-bot
Copy link
Member Author

This pull request has been accepted and is ready to merge.

Commit hash: 823c522

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Dec 3, 2021
@ti-chi-bot ti-chi-bot merged commit 4640a80 into pingcap:release-5.1 Dec 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
require-LGT1 Indicates that the PR requires an LGTM. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT1 Indicates that a PR has LGTM 1. type/cherry-pick-for-release-5.1 This PR is cherry-picked to release-5.1 from a source PR.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants