For people having ssl issues with arcanist, the easiest solution is 1) grab the latest cacert.pem from https://curl.se/docs/caextract.html 2) copy it to [arcanist_installation_folder]/resources/ssl/custom.pem
Pay attention to the slightly different filename it *NEEDS* to be custom.pem the original filename cacert.pem will not work. This should do the trick on all platforms (but it's only been tested on Linux and Windows). --Ray On 2021-09-30 1:06 p.m., Sergey Sharybin via Bf-committers wrote: > Hi, > > Just a quick memo about the issue of expired Let's Encrypt certificates. It > might be useful for developers who experience issues with HTTPS connection > to our servers. > > One of the root Let's Encrypt certificates did expire today which affected > parts of our development infrastructure. In all cases it doesn't seem to be > an issue with the server configuration but is caused by quirks on the > client side. We are only aware of issues on Windows. > > The Subversion clients did not trust the SSL certificate of > https://svn.blender.org/. The work-around we did for the builder.blender.org > was to install the Let’s Encrypt R3 intermediate certificate [1]. This > "worked (tm)", although ideally intermediate certificates shouldn't need to > be installed and the system should go by the root CA certificates from the > Windows Certificates Store. > > The Arcanist uses the CURL extension of PHP, and it does not use the > Windows Certificates Store. The way it was fixed on the buildbot workers > was by creating a cacert.pem with the "ISRG Root X1" certificate which was > exported from the Store (and matched the one from Let's Encrypt information > page [1]). > > Our server administrator Danny McGrath also took the liberty of disabling > TLSv1.0 and TLSv1.1 on some of the sites during tests. Provided that this > doesn't make matters worse, the changes are likely to be kept. > > [1] https://letsencrypt.org/certificates/ > > Best regards, > - Your Engineering Team Danny and Sergey - > -------------------------------------------------------------------- > Sergey Sharybin - ser...@blender.org - www.blender.org > Principal Software Engineer, Blender > Buikslotermeerplein 161, 1025 ET Amsterdam, the Netherlands > _______________________________________________ > Bf-committers mailing list > Bf-committers@blender.org > List details, subscription details or unsubscribe: > https://lists.blender.org/mailman/listinfo/bf-committers _______________________________________________ Bf-committers mailing list Bf-committers@blender.org List details, subscription details or unsubscribe: https://lists.blender.org/mailman/listinfo/bf-committers
