MasterKenway
commented
3 years ago 已修复
Closed wangqr closed 3 years ago
MasterKenway
commented
3 years ago 已修复
wangqr
commented
3 years ago 我这里看并没有修复:
$ openssl s_client -showcerts -servername mirrors.dgut.edu.cn -connect mirrors.dgut.edu.cn:443 </dev/null
CONNECTED(00000003)
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = mirrors.dgut.edu.cn
verify error:num=10:certificate has expired
notAfter=Dec 5 11:29:56 2020 GMT
verify return:1
depth=0 CN = mirrors.dgut.edu.cn
notAfter=Dec 5 11:29:56 2020 GMT
verify return:1
---
Certificate chain
0 s:CN = mirrors.dgut.edu.cn
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISA3033n1dYorRK/8cc5G9wEqJMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA5MDYxMTI5NTZaFw0y
MDEyMDUxMTI5NTZaMB4xHDAaBgNVBAMTE21pcnJvcnMuZGd1dC5lZHUuY24wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuXxkY+WoHsQ3XSbok5vfAORLT
/YtT4ddY88QMl2vFmSlau5Hym7cmI7JiRNh7JxzPMCQq4y/46hWwX1PjtfXKP6Ax
7/9raGMBDNk4Yd0wa81ywaOl9JmEwkzgnADZJu3wdYGygjMbJjqQA517l6zeBMqY
TcuDaxkn9Jxfcjxlk7R6kuRsAXZhbFOZYXvNnnSdo1H39DiyIBKJizeRxtaJCbn4
Qzv1764435wTqSgpJIYKT+V00AGkeBXI//nPH5uSBi50iVbFH/rCx17Si871bFIq
R7wbQYEiGZN68L13zMzAvwJvbDfyDP8Qq7lOtQfUayJnNaA2GH0uSAxek+EbAgMB
AAGjggJqMIICZjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHmJvBr1Mxo/gxJyl6Mp
W/CBZiQHMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUF
BwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNy
eXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNy
eXB0Lm9yZy8wHgYDVR0RBBcwFYITbWlycm9ycy5kZ3V0LmVkdS5jbjBMBgNVHSAE
RTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRw
Oi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3
APCVpFnyANGCQBAtL5OIjq1L/h1H45nh0DSmsKiqjrJzAAABdGNk/UYAAAQDAEgw
RgIhAOD2I0oUNxt1ctY9G+f3n/6VqgLItc1lEI+oye3HYkwbAiEAos9wsWioxGW/
L3yTGfjBm0HXx16abls28yQFuJblDN0AdwAHt1wb5X1o//Gwxh0jFce65ld8V5S3
au68YToaadOiHAAAAXRjZP2eAAAEAwBIMEYCIQC929gHvjVdobVCykUq+I2b4SAt
rQMwHXvhCC6fvpGvoAIhAMDwM5nPK2giLCEgtsEHcRvb2s45YIS433OGrDuYfC0f
MA0GCSqGSIb3DQEBCwUAA4IBAQCXxtO6ol/bUfSCF7JahPZ77c7FaAgWmduJeGHg
PX0KiTZ6z7/GWQqKcrLCyDRssTCn5PE3lkqgcFq8xgFLQgTQBcPLP2yXlosmAWlh
RBdJA36sVlq1ksah47/PlghKUBJW2FG0h3+lfcw9Ps07DGfSt1vS0nXRiG9z73CJ
dsaXHQHbyL1es9ppIjDoOY/1ADB3WC+hNQef8y5Pc6me/vqJQAzBjEAhYJXfXe0l
wWEXmo+noU+CHEGsr3CkTM9fAZGJ5K+9bgHU9niBeSIzD7KjAfL9GI1MPrfnU0lA
jRkGrDmPKECcEg4rRDvqqb6yr/PKEdqBFB9tgBkGnKFqkxP5
-----END CERTIFICATE-----
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----
---
Server certificate
subject=CN = mirrors.dgut.edu.cn
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3068 bytes and written 447 bytes
Verification error: certificate has expired
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 2BA8AEDF9C2C0228F366CBF5EA75837F848A271606DCD92DA89AE75AC136FBB2
Session-ID-ctx:
Master-Key: FE39B100FD86245E23AAB7B7952C2D2643EF3780CF631160955C5E4B52B7B68017373F0560F9465E941056AF25B7FD92
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1607218892
Timeout : 7200 (sec)
Verify return code: 10 (certificate has expired)
Extended master secret: no
---
DONE
$ date
Sun Dec 6 09:41:46 AM CST 2020
lyekumchew
commented
3 years ago 我这里看并没有修复:
$ openssl s_client -showcerts -servername mirrors.dgut.edu.cn -connect mirrors.dgut.edu.cn:443 </dev/null CONNECTED(00000003) depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = mirrors.dgut.edu.cn verify error:num=10:certificate has expired notAfter=Dec 5 11:29:56 2020 GMT verify return:1 depth=0 CN = mirrors.dgut.edu.cn notAfter=Dec 5 11:29:56 2020 GMT verify return:1 --- Certificate chain 0 s:CN = mirrors.dgut.edu.cn i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 -----BEGIN CERTIFICATE----- MIIFYDCCBEigAwIBAgISA3033n1dYorRK/8cc5G9wEqJMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA5MDYxMTI5NTZaFw0y MDEyMDUxMTI5NTZaMB4xHDAaBgNVBAMTE21pcnJvcnMuZGd1dC5lZHUuY24wggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuXxkY+WoHsQ3XSbok5vfAORLT /YtT4ddY88QMl2vFmSlau5Hym7cmI7JiRNh7JxzPMCQq4y/46hWwX1PjtfXKP6Ax 7/9raGMBDNk4Yd0wa81ywaOl9JmEwkzgnADZJu3wdYGygjMbJjqQA517l6zeBMqY TcuDaxkn9Jxfcjxlk7R6kuRsAXZhbFOZYXvNnnSdo1H39DiyIBKJizeRxtaJCbn4 Qzv1764435wTqSgpJIYKT+V00AGkeBXI//nPH5uSBi50iVbFH/rCx17Si871bFIq R7wbQYEiGZN68L13zMzAvwJvbDfyDP8Qq7lOtQfUayJnNaA2GH0uSAxek+EbAgMB AAGjggJqMIICZjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHmJvBr1Mxo/gxJyl6Mp W/CBZiQHMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUF BwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNy eXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNy eXB0Lm9yZy8wHgYDVR0RBBcwFYITbWlycm9ycy5kZ3V0LmVkdS5jbjBMBgNVHSAE RTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRw Oi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3 APCVpFnyANGCQBAtL5OIjq1L/h1H45nh0DSmsKiqjrJzAAABdGNk/UYAAAQDAEgw RgIhAOD2I0oUNxt1ctY9G+f3n/6VqgLItc1lEI+oye3HYkwbAiEAos9wsWioxGW/ L3yTGfjBm0HXx16abls28yQFuJblDN0AdwAHt1wb5X1o//Gwxh0jFce65ld8V5S3 au68YToaadOiHAAAAXRjZP2eAAAEAwBIMEYCIQC929gHvjVdobVCykUq+I2b4SAt rQMwHXvhCC6fvpGvoAIhAMDwM5nPK2giLCEgtsEHcRvb2s45YIS433OGrDuYfC0f MA0GCSqGSIb3DQEBCwUAA4IBAQCXxtO6ol/bUfSCF7JahPZ77c7FaAgWmduJeGHg PX0KiTZ6z7/GWQqKcrLCyDRssTCn5PE3lkqgcFq8xgFLQgTQBcPLP2yXlosmAWlh RBdJA36sVlq1ksah47/PlghKUBJW2FG0h3+lfcw9Ps07DGfSt1vS0nXRiG9z73CJ dsaXHQHbyL1es9ppIjDoOY/1ADB3WC+hNQef8y5Pc6me/vqJQAzBjEAhYJXfXe0l wWEXmo+noU+CHEGsr3CkTM9fAZGJ5K+9bgHU9niBeSIzD7KjAfL9GI1MPrfnU0lA jRkGrDmPKECcEg4rRDvqqb6yr/PKEdqBFB9tgBkGnKFqkxP5 -----END CERTIFICATE----- 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 i:O = Digital Signature Trust Co., CN = DST Root CA X3 -----BEGIN CERTIFICATE----- MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj /PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== -----END CERTIFICATE----- --- Server certificate subject=CN = mirrors.dgut.edu.cn issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 --- No client certificate CA names sent Peer signing digest: SHA512 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 3068 bytes and written 447 bytes Verification error: certificate has expired --- New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 2BA8AEDF9C2C0228F366CBF5EA75837F848A271606DCD92DA89AE75AC136FBB2 Session-ID-ctx: Master-Key: FE39B100FD86245E23AAB7B7952C2D2643EF3780CF631160955C5E4B52B7B68017373F0560F9465E941056AF25B7FD92 PSK identity: None PSK identity hint: None SRP username: None Start Time: 1607218892 Timeout : 7200 (sec) Verify return code: 10 (certificate has expired) Extended master secret: no --- DONE $ date Sun Dec 6 09:41:46 AM CST 2020现在好了
https://mirrors.dgut.edu.cn 所使用的TLS证书已于2020-12-05过期