Peer certificate cannot be authenticated with given CA certificates

Message boards : Questions and problems : Peer certificate cannot be authenticated with given CA certificates
Message board moderation

To post messages, you must log in.

Previous · 1 . . . 3 · 4 · 5 · 6 · 7 · Next

AuthorMessage
Raistmer

Send message
Joined: 9 Apr 06
Posts: 242
Message 99113 - Posted: 5 Jun 2020, 11:06:35 UTC - in response to Message 99111.  

a few people have reported problems on Einstein as well.

yep, seems Einstein is affected on this host too :(
Well, I't try to extract new file from latest package then report.
ID: 99113 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 4239
United Kingdom
Message 99114 - Posted: 5 Jun 2020, 11:10:43 UTC - in response to Message 99109.  

Or maybe properly updated ca-bundle.crt is available somewhere?
The file already released in the hotfix v7.16.7 of BOINC is at

https://raw.githubusercontent.com/computezrmle/boinc/patch-1/curl/ca-bundle.crt

It's plaintext, so the easiest way of making it is to 'select all' on that RAW page, and paste it into an empty ca_bundle.crt (text) file.

But watch out for outdated OpenSSL library files, too. Ask separately if you fall foul of those.
ID: 99114 · Report as offensive
Keith T
Avatar

Send message
Joined: 26 Feb 07
Posts: 71
United Kingdom
Message 99115 - Posted: 5 Jun 2020, 11:11:07 UTC - in response to Message 99113.  
Last modified: 5 Jun 2020, 11:44:03 UTC

a few people have reported problems on Einstein as well.

yep, seems Einstein is affected on this host too :(
Well, I't try to extract new file from latest package then report.


Try here https://github.com/BOINC/boinc/blob/master/curl/
ID: 99115 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 4239
United Kingdom
Message 99116 - Posted: 5 Jun 2020, 11:14:32 UTC - in response to Message 99115.  

NO

Try here [url]https://github.com/BOINC/boinc/blob/master/curl/ca-bundle.crt[/url]
That's the two-year-old one that caused all the trouble in the first place.
ID: 99116 · Report as offensive
Raistmer

Send message
Joined: 9 Apr 06
Posts: 242
Message 99117 - Posted: 5 Jun 2020, 11:30:56 UTC - in response to Message 99113.  

a few people have reported problems on Einstein as well.

yep, seems Einstein is affected on this host too :(
Well, I't try to extract new file from latest package then report.



Well, I'm not "expert helper", but dare to provide this link ;) :

https://github.com/BOINC/boinc/blob/master/curl/ca-bundle.crt

to updated certificate's bundle.

Replace old with new, and connection will be restored.

Thanks Keith for initial hint.
ID: 99117 · Report as offensive
Raistmer

Send message
Joined: 9 Apr 06
Posts: 242
Message 99118 - Posted: 5 Jun 2020, 11:32:06 UTC - in response to Message 99115.  

a few people have reported problems on Einstein as well.

yep, seems Einstein is affected on this host too :(
Well, I't try to extract new file from latest package then report.


Try here https://github.com/BOINC/boinc/blob/master/curl/ca-bundle.crt

Thanks! I was busy with extraction from exe but realised that taking from sources will be much easier (so came to same link :) )
ID: 99118 · Report as offensive
Raistmer

Send message
Joined: 9 Apr 06
Posts: 242
Message 99119 - Posted: 5 Jun 2020, 11:33:33 UTC - in response to Message 99116.  
Last modified: 5 Jun 2020, 11:35:56 UTC

NO

Try here [url]https://github.com/BOINC/boinc/blob/master/curl/ca-bundle.crt[/url]
That's the two-year-old one that caused all the trouble in the first place.


Richard, maybe it's updated already?
At least I experimentally confirmed - connection restored....

EDIT: though, actually I did it in little different way:
1) downloaded zipped source tree
2) extracted
3) found required file
4) came back to web-sources and found link to the same place as in ZIP.
ID: 99119 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 4239
United Kingdom
Message 99120 - Posted: 5 Jun 2020, 11:35:55 UTC - in response to Message 99113.  

Well, I't try to extract new file from latest package then report.
I'll save you the trouble: it'll fail.

Master has not yet been updated. There are two contenders for the honour:

https://github.com/BOINC/boinc/pull/3791 (good)
https://github.com/BOINC/boinc/pull/3802 (bad)
ID: 99120 · Report as offensive
Raistmer

Send message
Joined: 9 Apr 06
Posts: 242
Message 99121 - Posted: 5 Jun 2020, 11:37:17 UTC - in response to Message 99120.  
Last modified: 5 Jun 2020, 11:38:12 UTC

Well, I't try to extract new file from latest package then report.
I'll save you the trouble: it'll fail.

Master has not yet been updated. There are two contenders for the honour:

https://github.com/BOINC/boinc/pull/3791 (good)
https://github.com/BOINC/boinc/pull/3802 (bad)


Hm... at least Rosetta uploaded, downloaded and running again on this host.
I'm happy and can go back to my ignorance will feelings of completed job, LoL :)

(EDIT E@h project is happy too)
ID: 99121 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 4239
United Kingdom
Message 99122 - Posted: 5 Jun 2020, 11:38:10 UTC - in response to Message 99119.  

Richard, maybe it's updated already?


Check the dates, and read the comments I've put on #3802 this morning.
ID: 99122 · Report as offensive
Keith T
Avatar

Send message
Joined: 26 Feb 07
Posts: 71
United Kingdom
Message 99123 - Posted: 5 Jun 2020, 11:39:36 UTC - in response to Message 99116.  

NO

Try here [url]https://github.com/BOINC/boinc/blob/master/curl/ca-bundle.crt[/url]
That's the two-year-old one that caused all the trouble in the first place.


Sorry, if that one is a problem, can it be removed as a download ? Or replaced with the latest correct version ?
ID: 99123 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 4239
United Kingdom
Message 99124 - Posted: 5 Jun 2020, 11:41:28 UTC - in response to Message 99121.  

Hm... at least Rosetta uploaded, downloaded and running again on this host.
Rosetta and LHC have done server-side updates. NumberFields, I suspect, is still broken and has lost a lot of computing power because of this foul-up. I seem to be doing mostly other people's cast-offs at the moment.
ID: 99124 · Report as offensive
Raistmer

Send message
Joined: 9 Apr 06
Posts: 242
Message 99125 - Posted: 5 Jun 2020, 11:43:30 UTC - in response to Message 99114.  



But watch out for outdated OpenSSL library files, too. Ask separately if you fall foul of those.


This issue stopped few my old Android hosts with NativeBOINC and w/o root rights :/
Still no progress there (and BOINC from Google Play doesn't support those devices either).
ID: 99125 · Report as offensive
Raistmer

Send message
Joined: 9 Apr 06
Posts: 242
Message 99126 - Posted: 5 Jun 2020, 11:45:59 UTC - in response to Message 99124.  
Last modified: 5 Jun 2020, 11:46:48 UTC

Hm... at least Rosetta uploaded, downloaded and running again on this host.
Rosetta and LHC have done server-side updates. NumberFields, I suspect, is still broken and has lost a lot of computing power because of this foul-up. I seem to be doing mostly other people's cast-offs at the moment.

I don't understand then... Before local file change host didn't able to connect to (updated?) Rosetta server. After I put 2years-old file in place - it can....

The single explanation I have - 2-years-old-files missed some junk that was added later...
ID: 99126 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 4239
United Kingdom
Message 99127 - Posted: 5 Jun 2020, 11:49:20 UTC - in response to Message 99123.  

Sorry, if that one is a problem, can it be removed as a download ? Or replaced with the latest correct version ?
To explain how GitHub works:

Normally, 'master' has the latest and greatest version. Access to master is controlled, peer-reviewed, and automatically tested - so usually, it's good.

But in this case, because of the urgency of the situation, the priority was to get out a quick'n'dirty fix. So, the best copy (currently) is actually in

https://github.com/BOINC/boinc/tree/client_release/7/7.16/curl (note the date and comment)

But it's slightly difficult to download a single file, so it's easier to make your own file from

https://raw.githubusercontent.com/BOINC/boinc/client_release/7/7.16/curl/ca-bundle.crt
ID: 99127 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 4239
United Kingdom
Message 99128 - Posted: 5 Jun 2020, 11:50:36 UTC - in response to Message 99126.  

The single explanation I have - 2-years-old-files missed some junk that was added later...
Yes, you were probably using a 6-years-old file... ;-)
ID: 99128 · Report as offensive
Raistmer

Send message
Joined: 9 Apr 06
Posts: 242
Message 99129 - Posted: 5 Jun 2020, 11:52:40 UTC - in response to Message 99128.  

The single explanation I have - 2-years-old-files missed some junk that was added later...
Yes, you were probably using a 6-years-old file... ;-)


:D :D :D
very probably :)
ID: 99129 · Report as offensive
Keith T
Avatar

Send message
Joined: 26 Feb 07
Posts: 71
United Kingdom
Message 99130 - Posted: 5 Jun 2020, 12:11:12 UTC - in response to Message 99127.  

Sorry, if that one is a problem, can it be removed as a download ? Or replaced with the latest correct version ?
To explain how GitHub works:

Normally, 'master' has the latest and greatest version. Access to master is controlled, peer-reviewed, and automatically tested - so usually, it's good.

But in this case, because of the urgency of the situation, the priority was to get out a quick'n'dirty fix. So, the best copy (currently) is actually in

https://github.com/BOINC/boinc/tree/client_release/7/7.16/curl (note the date and comment)

But it's slightly difficult to download a single file, so it's easier to make your own file from

https://raw.githubusercontent.com/BOINC/boinc/client_release/7/7.16/curl/ca-bundle.crt


Thanks again Richard !

You are correct that I am a complete newbie at GitHub. I think my mistake was in assuming that something called Master would be the authoritative version !
ID: 99130 · Report as offensive
BOINC Moderator
Volunteer moderator
Project administrator
Avatar

Send message
Joined: 10 Mar 20
Posts: 21
Message 99131 - Posted: 5 Jun 2020, 13:24:34 UTC

I see it solved itself in the end, but can we please post with a certain level of respect to each other? The attacks, if you feel you need to do them, do so in private message, not in these threads.
Thank you.
ID: 99131 · Report as offensive
Peter Hucker
Avatar

Send message
Joined: 6 Oct 06
Posts: 740
United Kingdom
Message 99134 - Posted: 5 Jun 2020, 18:21:46 UTC - in response to Message 99105.  

And yet didn't sort it before that date. Utter incompetance. Somebody should have written the expiry date on a calendar for goodness sake. If Boinc was a private company, somebody would now be fired.


Did I hear you volunteering to contribute? Thought not.

When a program is written and maintained by volunteers, accusations of incompetence etc are unlikely to produce any change.

LoL, volunteer just mean "no pay", it doesn't change competence/incompetence status. At all.
Shit happens, but better not in SUCH degree.

EDIT: And I would appreciate concise instructions what to do on my end to solve incompetence (yes, lets call things by their names) on server-end.
And preferably no-BOINC-version-update fix, cause I'm fully aware how many issues I potentially would have changing from checked-to-be-stable to "recommended" one...


Might I suggest that with your attitude your best fix is to turn your computers off.

Why should the volunteers give up their time to give you concise instructions to do a job that no longer needs doing for those who’ve accepted the updated software that you so insultingly refuse to run.


You forget that each and every one of us is also a volunteer, spending a lot of time and money on computers and electricity. This problem, which could have been avoided by someone remembering to update the certificate before it expired, would have saved 100s of 1000s of people a wasted afternoon, and saved the stopping of many important science projects. Perhaps the programmers could pay more attention in future.
.
ID: 99134 · Report as offensive
Previous · 1 . . . 3 · 4 · 5 · 6 · 7 · Next

Message boards : Questions and problems : Peer certificate cannot be authenticated with given CA certificates

Copyright © 2020 University of California. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.