PHP :: Bug #65965 :: *.php.net uses revoked SSL certificate

Bug #65965	*.php.net uses revoked SSL certificate
Submitted:	2013-10-25 09:43 UTC	Modified:	2013-10-27 02:01 UTC
From:	thoger at redhat dot com	Assigned:	bjori (profile)
Status:	Closed	Package:	Website problem
PHP Version:	Irrelevant	OS:
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	thoger at redhat dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2013-10-25 09:43 UTC] thoger at redhat dot com

Description:
------------
SSL certificates used by php.net sites that use https (e.g. bugs or wiki) has been revoked by issuing CA.

Test script:
---------------
Connect to https://bugs.php.net or https://wiki.php.net with a browser with OCSP checks enabled (e.g. in Firefox, see Preferences -> Advanced -> Certificates -> Validation).  Firefox reports:

  Peer's Certificate has been revoked.
  (Error code: sec_error_revoked_certificate)


Alternatively:

$ openssl x509 -in php.net.crt -subject -issuer -serial -dates -noout
subject= /OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.php.net
issuer= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
serial=8F7A08C3AACA243CE107AC4842C1E89F
notBefore=Jun  3 00:00:00 2013 GMT
notAfter=Jun  2 23:59:59 2016 GMT

$ wget http://crl.comodoca.com/PositiveSSLCA2.crl

$ openssl crl -in PositiveSSLCA2.crl -inform DER -text | grep -A1 8F7A08C3AACA243CE107AC4842C1E89F
    Serial Number: 8F7A08C3AACA243CE107AC4842C1E89F
        Revocation Date: Oct 25 01:11:59 2013 GMT

$ openssl ocsp -issuer PositiveSSLCA2.pem.crt -cert php.net.crt -url http://ocsp.usertrust.com 
php.net.crt: revoked
	This Update: Oct 25 01:13:02 2013 GMT
	Next Update: Oct 29 01:13:02 2013 GMT
	Revocation Time: Oct 25 01:11:59 2013 GMT

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-10-25 10:12 UTC] thoger at redhat dot com

Sorry, I missed this:
http://php.net/archive/2013.php#id2013-10-24-2

[2013-10-26 11:33 UTC] dyctator at hotmail dot com

From http://php.net/archive/2013.php#id2013-10-24-2

"We are in the process of getting a new certificate, and expect to restore access to php.net sites that require SSL (including bugs.php.net and wiki.php.net)"

https://edit.php.net/ is also affected (Only Firefox).

[2013-10-27 02:01 UTC] bjori@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: bjori

[2013-10-27 02:01 UTC] bjori@php.net

Yes, the certificate was revoked by our request.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 00:01:29 2024 UTC