php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65965 *.php.net uses revoked SSL certificate
Submitted: 2013-10-25 09:43 UTC Modified: 2013-10-27 02:01 UTC
From: thoger at redhat dot com Assigned: bjori (profile)
Status: Closed Package: Website problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
 [2013-10-25 09:43 UTC] thoger at redhat dot com
Description:
------------
SSL certificates used by php.net sites that use https (e.g. bugs or wiki) has been revoked by issuing CA.

Test script:
---------------
Connect to https://bugs.php.net or https://wiki.php.net with a browser with OCSP checks enabled (e.g. in Firefox, see Preferences -> Advanced -> Certificates -> Validation).  Firefox reports:

  Peer's Certificate has been revoked.
  (Error code: sec_error_revoked_certificate)


Alternatively:

$ openssl x509 -in php.net.crt -subject -issuer -serial -dates -noout
subject= /OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.php.net
issuer= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
serial=8F7A08C3AACA243CE107AC4842C1E89F
notBefore=Jun  3 00:00:00 2013 GMT
notAfter=Jun  2 23:59:59 2016 GMT

$ wget http://crl.comodoca.com/PositiveSSLCA2.crl

$ openssl crl -in PositiveSSLCA2.crl -inform DER -text | grep -A1 8F7A08C3AACA243CE107AC4842C1E89F
    Serial Number: 8F7A08C3AACA243CE107AC4842C1E89F
        Revocation Date: Oct 25 01:11:59 2013 GMT

$ openssl ocsp -issuer PositiveSSLCA2.pem.crt -cert php.net.crt -url http://ocsp.usertrust.com 
php.net.crt: revoked
	This Update: Oct 25 01:13:02 2013 GMT
	Next Update: Oct 29 01:13:02 2013 GMT
	Revocation Time: Oct 25 01:11:59 2013 GMT



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-10-25 10:12 UTC] thoger at redhat dot com
Sorry, I missed this:
http://php.net/archive/2013.php#id2013-10-24-2
 [2013-10-26 11:33 UTC] dyctator at hotmail dot com
From http://php.net/archive/2013.php#id2013-10-24-2

"We are in the process of getting a new certificate, and expect to restore access to php.net sites that require SSL (including bugs.php.net and wiki.php.net)"

https://edit.php.net/ is also affected (Only Firefox).
 [2013-10-27 02:01 UTC] bjori@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: bjori
 [2013-10-27 02:01 UTC] bjori@php.net
Yes, the certificate was revoked by our request.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 02 18:01:31 2024 UTC