Received: from mail-lf1-f51.google.com (mail-lf1-f51.google.com [209.85.167.51])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id B05567818A8
	for <~alpine/users@lists.alpinelinux.org>; Mon, 25 Nov 2019 18:33:27 +0000 (UTC)
Received: by mail-lf1-f51.google.com with SMTP id v201so10785008lfa.11
        for <~alpine/users@lists.alpinelinux.org>; Mon, 25 Nov 2019 10:33:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=waveapps-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:from:date:message-id:subject:to;
        bh=wkOfFxetVQI2XiGsWD2kzrJS7RmvOSTh/N4ineF/tbA=;
        b=SkKL0eirRhNAWwsVq1eudgtpinBFn7RVdFcUrfM6dzMM9EDVaKLg2Xx/4XGL6LC9uj
         wNlsZ6MpjwVMKfeK73/HV/RCFnetQFB7mUwdfLsaMmjntn7m9jLwQVM6bAxgtOjWmOxl
         GPva0NcAsUt1Hpx5uGguihBEpjpydm50AbKBI3M1GFy5eYtNjhMIRYruopIM+TVmmv3m
         pUOZehLCjBW+CnXFMMOCiK+VTCVREcZ7h0Xh7MVdiFmmgSeNi3v0+eSHe4i8SD4EXlyL
         s/eTo3WT9YWddkIaliJ+wHr7egQJfccI1bGgWQBtPy1Gbes3n8Y9xXMmArCGLM5NM4Pu
         boBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=wkOfFxetVQI2XiGsWD2kzrJS7RmvOSTh/N4ineF/tbA=;
        b=SrGtWOgr3N+Kj1XMcjDzxMia3INJBh45AcqqMzKApqZl3Q9EBELE1C3lAJ2znGAcxb
         FGgDIkobhBGwmjsNcjS3eo+TxFfnB/ZiDAdE8RhzGkbeVPvsgyUjvIJOcP/puWGCEEcN
         agwXYxHKuUxCfCPEvgKYfXtQdykMtWzLvMEsF3O6gDHJaVldwaS0vS0A5dgH6GAfNc9l
         eN9LVtNXhVm7CUU6lgVC2hD0uiXumq2sBBVLe/RP9MLQDsMeYfE1pUqMLQ0C3IQLQdat
         zyon/vcvMCe8CcsQAB9PgZmIuwPpywK130dPIGOzKyHqz8ktrAEtYu5OOFSTkmEX6Li8
         bMSg==
X-Gm-Message-State: APjAAAXoLiHYkM5LM0MOBSP4X4xgcw4CdnXp36WsORJdblEwnXlYVHF6
	GUAZpbrPb1LNLS/DJJVLyw/AmCbKBaja5odzXOmyQWRaGw/14QDQ
X-Google-Smtp-Source: APXvYqzaPsdzllJwSKztdLKneQz/SW7FJSb9wwtZVfBsDCwoMjaVwKW/bCfiKGHXuQ1a2ozKM+g04yPFKpqhyPf6Y4Q=
X-Received: by 2002:a19:751a:: with SMTP id y26mr22460735lfe.78.1574706805997;
 Mon, 25 Nov 2019 10:33:25 -0800 (PST)
MIME-Version: 1.0
From: Michael Warkentin <michael@waveapps.com>
Date: Mon, 25 Nov 2019 13:33:15 -0500
Message-ID: <CAHrfsumA9UKp_oaZHw6GGYuKhowZW-ksVekv2G6PQ_iEz5fbrQ@mail.gmail.com>
Subject: alpine.gliderlabs.com redirect to HTTPS w/ invalid certificate
To: ~alpine/users@lists.alpinelinux.org
Content-Type: multipart/alternative; boundary="000000000000cc208a05982fff31"

--000000000000cc208a05982fff31
Content-Type: text/plain; charset="UTF-8"

Our apk configuration points to http://alpine.gliderlabs.com

# cat /etc/apk/repositories
http://alpine.gliderlabs.com/alpine/v3.9/main
http://alpine.gliderlabs.com/alpine/v3.9/community

This morning we noticed docker build failing with certificate errors:

SSL certificate subject doesn't match host alpine.gliderlabs.com
ERROR: http://alpine.gliderlabs.com/alpine/v3.10/main: Permission denied

In Firefox if I visit the repository URL, I get the following warning:

Firefox does not trust this site because it uses a certificate that is not
valid for alpine.gliderlabs.com. The certificate is only valid for the
following names: default.ssl.fastly.net, fastly.com, *.a.ssl.fastly.net, *.
hosts.fastly.net, *.global.ssl.fastly.net, *.fastly.com, a.ssl.fastly.net,
purge.fastly.net, mirrors.fastly.net, control.fastly.net, tools.fastly.net

Error code: SSL_ERROR_BAD_CERT_DOMAIN

I'm seeing a 301 permanent redirect (as well as HSTS headers) in curl when
I hit the repository:

mwarkentin@Michaels-iMac ~ % curl -I
http://alpine.gliderlabs.com/alpine/v3.9/community
HTTP/1.1 301 Moved Permanently
Server: nginx
Content-Type: text/html
Location: https://alpine.gliderlabs.com/alpine/v3.9/community
Strict-Transport-Security: max-age=31536000
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Via: 1.1 varnish
Content-Length: 178
Accept-Ranges: bytes
Date: Mon, 25 Nov 2019 16:53:57 GMT
Via: 1.1 varnish
Age: 7
Connection: keep-alive
X-Served-By: cache-jfk8126-JFK, cache-mdw17368-MDW
X-Cache: MISS, HIT
X-Cache-Hits: 0, 1
X-Timer: S1574700837.202582,VS0,VE0

I'm doing some work to switch over to https://alpine.global.ssl.fastly.net
instead, but I haven't seen any discussion on these issues anywhere else so
wondering if we've done something strange in our setup.

Thanks!

*MICHAEL **WARKENTIN* | Operations Engineer
<https://s3.amazonaws.com/wave-buoyant/public/Wave_logo_RGB-109x30.svg>
<https://www.waveapps.com/> <https://www.waveapps.com/>
<https://www.waveapps.com/> <https://www.waveapps.com/>
<https://www.waveapps.com/>

Join our community on Facebook <http://www.facebook.com/waveHQ>, LinkedIn
<http://www.linkedin.com/company/1196866>, or Twitter
<http://twitter.com/wavehq>

This message and any attachments are intended only for the use of the
addressee and should be considered confidential. If you are not an intended
recipient, you may not review, copy or distribute this message. If you have
received this communication in error or would like to stop receiving these
emails, please notify the sender by replying to this email. Wave is located
at 235 Carlaw Ave., Ste. 501, Toronto ON, M4M 2S1.

--000000000000cc208a05982fff31
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Our apk configuration points to <a href=3D"http://alp=
ine.gliderlabs.com">http://alpine.gliderlabs.com</a><br></div><div><pre cla=
ss=3D"gmail-c-mrkdwn__pre" style=3D"box-sizing:inherit;margin:4px 0px;paddi=
ng:8px;font-size:12px;line-height:1.50001;font-variant-ligatures:none;white=
-space:pre-wrap;word-break:normal;font-family:Monaco,Menlo,Consolas,&quot;C=
ourier New&quot;,monospace;border-radius:4px;color:rgb(209,210,211);font-st=
yle:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;t=
ext-align:left;text-indent:0px;text-transform:none;word-spacing:0px;text-de=
coration-style:initial;text-decoration-color:initial"># cat /etc/apk/reposi=
tories<br style=3D"box-sizing:inherit"><a target=3D"_blank" class=3D"gmail-=
c-link" href=3D"http://alpine.gliderlabs.com/alpine/v3.9/main" rel=3D"noope=
ner noreferrer" style=3D"box-sizing:inherit;color:inherit;text-decoration:n=
one">http://alpine.gliderlabs.com/alpine/v3.9/main</a><br style=3D"box-sizi=
ng:inherit"><a target=3D"_blank" class=3D"gmail-c-link" href=3D"http://alpi=
ne.gliderlabs.com/alpine/v3.9/community" rel=3D"noopener noreferrer" style=
=3D"box-sizing:inherit;color:inherit;text-decoration:none">http://alpine.gl=
iderlabs.com/alpine/v3.9/community</a></pre></div><div>This morning we noti=
ced docker build failing with certificate errors:</div><div><br></div><div>=
SSL certificate subject doesn&#39;t match host <a href=3D"http://alpine.gli=
derlabs.com">alpine.gliderlabs.com</a><br>ERROR: <a href=3D"http://alpine.g=
liderlabs.com/alpine/v3.10/main">http://alpine.gliderlabs.com/alpine/v3.10/=
main</a>: Permission denied</div><div><br></div><div>In Firefox if I visit =
the repository URL, I get the following warning:</div><div><br></div><div>F=
irefox does not trust this site because it uses a certificate that is not v=
alid for <a href=3D"http://alpine.gliderlabs.com">alpine.gliderlabs.com</a>=
. The certificate is only valid for the following names: <a href=3D"http://=
default.ssl.fastly.net">default.ssl.fastly.net</a>, <a href=3D"http://fastl=
y.com">fastly.com</a>, *.<a href=3D"http://a.ssl.fastly.net">a.ssl.fastly.n=
et</a>, *.<a href=3D"http://hosts.fastly.net">hosts.fastly.net</a>, *.<a hr=
ef=3D"http://global.ssl.fastly.net">global.ssl.fastly.net</a>, *.<a href=3D=
"http://fastly.com">fastly.com</a>, <a href=3D"http://a.ssl.fastly.net">a.s=
sl.fastly.net</a>, <a href=3D"http://purge.fastly.net">purge.fastly.net</a>=
, <a href=3D"http://mirrors.fastly.net">mirrors.fastly.net</a>, <a href=3D"=
http://control.fastly.net">control.fastly.net</a>, <a href=3D"http://tools.=
fastly.net">tools.fastly.net</a><br>=C2=A0<br>Error code: SSL_ERROR_BAD_CER=
T_DOMAIN</div><div><br></div><div>I&#39;m seeing a 301 permanent redirect (=
as well as HSTS headers) in curl when I hit the repository:</div><div><br><=
/div><div>mwarkentin@Michaels-iMac ~ % curl -I <a href=3D"http://alpine.gli=
derlabs.com/alpine/v3.9/community">http://alpine.gliderlabs.com/alpine/v3.9=
/community</a><br>HTTP/1.1 301 Moved Permanently<br>Server: nginx<br>Conten=
t-Type: text/html<br>Location: <a href=3D"https://alpine.gliderlabs.com/alp=
ine/v3.9/community">https://alpine.gliderlabs.com/alpine/v3.9/community</a>=
<br>Strict-Transport-Security: max-age=3D31536000<br>X-Frame-Options: DENY<=
br>X-Content-Type-Options: nosniff<br>Via: 1.1 varnish<br>Content-Length: 1=
78<br>Accept-Ranges: bytes<br>Date: Mon, 25 Nov 2019 16:53:57 GMT<br>Via: 1=
.1 varnish<br>Age: 7<br>Connection: keep-alive<br>X-Served-By: cache-jfk812=
6-JFK, cache-mdw17368-MDW<br>X-Cache: MISS, HIT<br>X-Cache-Hits: 0, 1<br>X-=
Timer: S1574700837.202582,VS0,VE0</div><div><br></div><div>I&#39;m doing so=
me work to switch over to <a href=3D"https://alpine.global.ssl.fastly.net">=
https://alpine.global.ssl.fastly.net</a> instead, but I haven&#39;t seen an=
y discussion on these issues anywhere else so wondering if we&#39;ve done s=
omething strange in our setup.<br></div><div><br></div><div>Thanks!<br></di=
v><div><br></div><div><div><div dir=3D"ltr" class=3D"gmail_signature" data-=
smartmail=3D"gmail_signature"><div style=3D"font-size:12.8px;background-col=
or:rgb(255,255,255)"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><di=
v dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=
=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr=
"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div =
dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div style=
=3D"font-size:12.8px"><div dir=3D"ltr" style=3D"font-family:arial,sans-seri=
f"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div=
 dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D=
"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><=
div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=
=3D"ltr"><div dir=3D"ltr"><div><span style=3D"font-size:12.8px"><b><font co=
lor=3D"#4c8ff0">MICHAEL </font></b></span><span style=3D"FONT-SIZE:12.8px">=
<font color=3D"#4C8FF0"><b>WARKENTIN</b></font><font color=3D"#01959e">=C2=
=A0</font></span><font style=3D"font-size:small" color=3D"#606060">|=C2=A0<=
/font><span style=3D"font-size:12.8px"><font color=3D"#8a8a8b">Operations E=
ngineer</font></span></div><div style=3D"color:rgb(80,0,80)"><a href=3D"htt=
ps://s3.amazonaws.com/wave-buoyant/public/Wave_logo_RGB-109x30.svg" target=
=3D"_blank"><img></a></div><div style=3D"color:rgb(80,0,80);font-size:12.8p=
x"><a href=3D"https://www.waveapps.com/" target=3D"_blank"></a><a href=3D"h=
ttps://www.waveapps.com/" target=3D"_blank"></a><a href=3D"https://www.wave=
apps.com/" target=3D"_blank"></a><a href=3D"https://www.waveapps.com/" targ=
et=3D"_blank"></a><a href=3D"https://www.waveapps.com/" target=3D"_blank"><=
img src=3D"https://s3.amazonaws.com/wave-prod-email-assets/miscellaneous/wa=
ve-gmail-signature-DO-NOT-DELETE.png" style=3D"width:150px;height:41px"></a=
><br><br></div><div style=3D"font-size:12.8px"><font style=3D"font-size:12p=
x">Join our community on</font><span style=3D"color:rgb(80,0,80);font-size:=
12px">=C2=A0</span><a href=3D"http://www.facebook.com/waveHQ" style=3D"font=
-size:12px" target=3D"_blank"><font color=3D"#4c8ff0">Facebook</font></a><f=
ont style=3D"color:rgb(80,0,80);font-size:12px" color=3D"#919191">,</font><=
span style=3D"color:rgb(80,0,80);font-size:12px">=C2=A0</span><a href=3D"ht=
tp://www.linkedin.com/company/1196866" style=3D"font-size:12px" target=3D"_=
blank"><font color=3D"#4c8ff0">LinkedIn</font></a><font style=3D"font-size:=
12px">,=C2=A0</font><font style=3D"font-size:12px">or</font><span style=3D"=
font-size:12px">=C2=A0</span><a href=3D"http://twitter.com/wavehq" style=3D=
"font-size:12px" target=3D"_blank"><font color=3D"#4c8ff0">Twitter</font></=
a><br></div></div></div></div></div></div></div></div></div></div></div></d=
iv></div></div></div></div></div></div></div></div></div><div style=3D"font=
-family:arial,sans-serif;color:rgb(80,0,80);font-size:12.8px"><span><br></s=
pan></div><div style=3D"font-size:12.8px"><span><font face=3D"Trebuchet" co=
lor=3D"#bebebe">This message and any attachments are intended only for the =
use of the addressee and should be considered confidential. If you are not =
an intended recipient, you may not review, copy or distribute this message.=
 If you have received this communication in error or would like to stop rec=
eiving these emails, please notify the sender by replying to this email. Wa=
ve is located at 235 Carlaw Ave., Ste. 501, Toronto ON, M4M 2S1.=C2=A0</fon=
t></span></div></div></div></div></div></div></div></div></div></div></div>=
</div></div></div></div></div></div></div></div></div></div></div></div></d=
iv></div></div></div>

--000000000000cc208a05982fff31--