[FFmpeg-devel] SSL certificate for ffmpeg.org website is not valid anymore

Michael Niedermayer michael at niedermayer.cc
Tue Jul 18 03:28:35 EEST 2017


On Tue, Jul 18, 2017 at 01:52:53AM +0200, Reimar Döffinger wrote:
> On 18.07.2017, at 00:59, James Almer <jamrial at gmail.com> wrote:
> 
> > On 7/17/2017 7:49 PM, Moritz Barsnick wrote:
> >> On Mon, Jul 10, 2017 at 13:53:02 +0300, Boris Pek wrote:
> >>> Latest news about this topic:
> >>> https://groups.google.com/a/chromium.org/forum/#!topic/net-dev/FKXe-76GO8Y
> >> 
> >> Ah, thanks, I neglected to report this, because I thought it was an
> >> issue with my Opera Developer (48), which uses the Chrome engine. Opera
> >> (like Chrome) recently reports ffmpeg.org's certificate as revoked, but
> >> I found no tool which could verify this...
> > 
> > The cert is by StartCom. Afaik everyone blacklisted certs issued by them
> > after a certain date, and now some, like Google, are also blacklisting
> > certs issued before that date as well.
> > Mozilla hasn't done the latter yet, so Firefox doesn't complain about
> > it, but i guess a new cert is overdue.
> 
> New certs are already being generated, but nobody had the time to do the transition, there is a risk of the automation failing (I think the web server needs to be made to reload the certificate, which is problematic as an ordinary user and there is no way I'd ever run any of that letsencrypt stuff as root), it is also a step backwards as the letsencrypt one is a domain-only certificate, and due to TLS's idiotic design decisions it's not possible to just deliver both certificates...
> Thus the current situation.
> Lack of time for proper testing being the biggest issue though...

maybe a non free certificate would be a solution ?

a few minutes with google found this:
https://www.ssl2buy.com/comodo-multi-domain-wildcard-ssl.php
IIUC this is 128 USD per year

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

In a rich man's house there is no place to spit but his face.
-- Diogenes of Sinope
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20170718/829611e8/attachment.sig>


More information about the ffmpeg-devel mailing list