fsebugoutzone.org:9999

       Post AcGbc46T3n7vrOBco4 by bortzmeyer@mastodon.gougere.fr
 (DIR) More posts by bortzmeyer@mastodon.gougere.fr
 (DIR) Post #AcGSZkr4kqVbzooJKi by geb@mamot.fr
       2023-11-28T11:56:27Z
       
       0 likes, 0 repeats
       
       #DNS #DANE #TLSA: can somebody confirm debian.org TLSA is broken (www.debian.org seems ok) before I try to report it ? cc @bortzmeyer
       
 (DIR) Post #AcGSZlhBd6C0bRBvYe by bortzmeyer@mastodon.gougere.fr
       2023-11-28T11:58:06Z
       
       0 likes, 0 repeats
       
       @geb Vrai, hélas:% tlsa --verify debian.orgFAIL (Usage 3 [DANE-EE]): Certificate offered by the server does not match the TLSA record (151.101.130.132)
       
 (DIR) Post #AcGSfmm2X8hlgVKZPM by lanodan@queer.hacktivis.me
       2023-11-28T11:58:48.317431Z
       
       0 likes, 0 repeats
       
       @geb @bortzmeyer $ gnutls-cli --dane debian.org[…]- DANE: Verification failed. The certificate differs. 
       
 (DIR) Post #AcGUihpJaDwl7ONnVI by geb@mamot.fr
       2023-11-28T12:09:19Z
       
       0 likes, 0 repeats
       
       @lanodan @bortzmeyer Thank you both. I&#39;ll try to report it to see how long it takes to being solved 🙂
       
 (DIR) Post #AcGUiieMWQmPfiGZ4S by geb@mamot.fr
       2023-11-28T12:10:45Z
       
       0 likes, 0 repeats
       
       @lanodan @bortzmeyer (C&#39;est pas pratique le 3 *1* 1, je comprends l&#39;interet, mais j&#39;ai pas trouvé de joli oneliner pour pouvoir extraire la fp avec openssl :/)
       
 (DIR) Post #AcGUijRHaXua7R9dK4 by lanodan@queer.hacktivis.me
       2023-11-28T12:21:42.368014Z
       
       0 likes, 0 repeats
       
       @geb @bortzmeyer Avec la commande tlsa de https://github.com/letoams/hash-slinger y&#39;a pas moyen?Mais en regardant un peu, debian.org est hébergé par fastly donc TLSA 3 1 1 ça me semble foireux.
       
 (DIR) Post #AcGbc46T3n7vrOBco4 by bortzmeyer@mastodon.gougere.fr
       2023-11-28T13:39:23Z
       
       0 likes, 0 repeats
       
       @geb @lanodan tlsa --create --usage 3 --selector 1 --mtype 1 debian.org
       
 (DIR) Post #AcVjXljN8lo2j0FFce by geb@mamot.fr
       2023-12-05T20:48:49Z
       
       0 likes, 0 repeats
       
       @bortzmeyer @lanodan Finalement, je me suis fait violence:`$ echo Q | openssl s_client -connect www.debian.org:443 2&gt; /dev/null | \  openssl x509 -pubkey -noout | openssl pkey -pubin -outform DER | sha256sum`
       
 (DIR) Post #Aca41onXyBb3EystyC by geb@mamot.fr
       2023-12-07T22:25:31Z
       
       1 likes, 0 repeats
       
       @bortzmeyer @lanodan &gt; Et je viens de prévenir hostmaster@, on verra combien de temps ça prend :)Corrigé en une douzaine d&#39;heures. Merci à hostmaster@ si il lit.