This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] Wrong TLSA for stat.ripe.net
- Previous message (by thread): [atlas] DNS measurement using the Probe's resolvers
- Next message (by thread): [atlas] Transfer Anchor ownership
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alarig Le Lay
alarig at grifon.fr
Tue Jul 10 00:34:23 CEST 2018
Hi, Since one week or so, I have a TLSA validation error for stat.ripe.net on TCP/443 at each time I visit https://atlas.ripe.net/ and I have the same result from the RIPE nlnog node: alarig at airmure ~ % echo '' | openssl s_client -connect atlas.ripe.net:443 2>/dev/null | openssl x509 -in /dev/stdin -fingerprint -sha256 | grep SHA256 | sed 's/://g' | cut -d '=' -f 2 8248E13AB5CA3BACAC63F15B831DA32F2CD54973EDF74E69B6A614B7295C02B4 alarig at airmure ~ % dig +short -t TLSA _443._tcp.atlas.ripe.net | awk '{ print $4 $5 }' 8248E13AB5CA3BACAC63F15B831DA32F2CD54973EDF74E69B6A614B7295C02B4 alarig at airmure ~ % echo '' | openssl s_client -connect stat.ripe.net:443 2>/dev/null | openssl x509 -in /dev/stdin -fingerprint -sha256 | grep SHA256 | sed 's/://g' | cut -d '=' -f 2 2A2B939449E847374121D4846E3117F23A0283C7B2818ED96C91D2808ABE4C0E alarig at airmure ~ % dig +short -t TLSA _443._tcp.stat.ripe.net | awk '{ print $4 $5 }' E3DC43427AA9F62D1E07BBE108AF62BEE84A454DB579FD57A4FFDFFD5A23E576 grifon at ripe01:~$ echo '' | openssl s_client -connect stat.ripe.net:443 2>/dev/null | openssl x509 -in /dev/stdin -fingerprint -sha256 | grep SHA256 | sed 's/://g' | cut -d '=' -f 2 2A2B939449E847374121D4846E3117F23A0283C7B2818ED96C91D2808ABE4C0E grifon at ripe01:~$ dig +short -t TLSA _443._tcp.stat.ripe.net | awk '{ print $4 $5 }' E3DC43427AA9F62D1E07BBE108AF62BEE84A454DB579FD57A4FFDFFD5A23E576 The commands are ugly but work on atlas.ripe.net. Could you please update it? Regards, -- Alarig Le Lay
- Previous message (by thread): [atlas] DNS measurement using the Probe's resolvers
- Next message (by thread): [atlas] Transfer Anchor ownership
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]