demiobenour@gmail.com wrote:
Full_Name: Demi Obenour Version: N/A OS: N/A URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2601:840:8100:6720:2ae3:47ff:fe02:d99e)
OpenLDAP.org has an expired self-signed TLS certificate,
This is intentional.
which makes it impossible to securely access the Git repositories over HTTPS.
The repos are only intended to be used via git: and http: anyway.
This needs to be
fixed to avoid man-in-the-middle attacks, which would allow arbitrary code execution on the developer's machine.
When I discussed this with Kurt, we decided to leave things as-is. Replacing an expired self-signed cert with a non-expired self-signed cert wouldn't change anything, you still need to set an explicit exception in your client to trust the cert.