Hi,
When i try to login from git.centos.org i'm redirected to a blank page with message "discoveryfailure" instead of a login screen.
Regards,
Alfredo
It's now working, but here is the explanation : LetsEncrypt X3 CA is expiring end of this month. The TLS cert for id.centos.org (ipsilon, providing openid authentication for git.centos.org) was signed by R3, itself signed by X1, but because X1 was cross-signed by X3, it's still presented to client during handshake, and that behaviour happens on openssl 1.0.2, which is the version on el7 (so on centos 7 for git.centos.org) Last week a newer ca-certificates pkg was pushed and applied as update, removing X3 completely, but for unknown reason (to be investigated), the renewed TLS cert deployed on the haproxy setup in front of id.centos.org had not be reloaded on tls change, still presenting the previous chain, and so refused for the openid discovery.
ca-certificates
All back to normal
Metadata Update from @arrfab: - Issue assigned to arrfab
Metadata Update from @arrfab: - Issue tagged with: authentication, centos-common-infra, high-gain, medium-trouble
Metadata Update from @arrfab: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.