Could somebody please post the {full, exact, searchable} name of the certificate that needs to be removed?

Once you have that, it's an easy job to make the change. The certificate bundle is just a plain text file - make a copy, work in a safe space - and change the extension to .txt. Even notepad can handle the job. Just make sure you add or remove complete sections.

I think I may have modified mine last time - I can't find any of the ones that are being mentioned here.

It is the DST X3 portion of the certificate.

Since the developers put what certificate is what, it would be nice if they added the expiration date as well. It would help them since they could also see what certificates are going to be invalid in the future.

You mean this one?



Searching for 'DST X3' didn't find anything.

You mean this one?



Searching for 'DST X3' didn't find anything.

That's the one that is expired.

OK, that worked. I removed the one I showed you, between these two scheduler requests:

30/09/2021 18:52:19 | GPUGRID | Scheduler request failed: Peer certificate cannot be authenticated with given CA certificates
30/09/2021 20:38:59 | GPUGRID | Scheduler request completed: got 1 new tasks

Unless they've done something to their server, too ;-)

AT YOUR OWN RISK

Google drive

Make a safe copy of your old one, just in case.

AT YOUR OWN RISK

Google drive

Make a safe copy of your old one, just in case.

Works for me.. Downloaded and copied to BOINC program folder replacing old certificate.

In addition to the workaround of removing the expired certificate from ca-bundle, it seems projects can also work around this by using certbot --preferred-chain "ISRG Root X1" when getting their letsencrypt certificate, this gives compatibility with old OpenSSL (while breaking compatibility with old Android).

The real fix is still to upgrade OpenSSL, but devs told me it won't be quick :)

---

Another Project effected .... WUprop

Bill F

Another Project effected .... WUprop

I mentioned Two projects WuProp & iTherna in my original post that started this topic.

Others projects affected:
Amicable Numbers
SiDock@home

(which were fixed using the updated certificate :)

Checking that ca-bundle.crt is still serviceable is on the Release Manager's checklist for new versions (I put it there), and there's supposed to be a new version to coincide with the release of Windows 11 on October 5.

Do you plan to release a new windows client next week?

Do you plan to release a new windows client next week?

I no longer have that responsibility - they took it away from me after one trial run with v7.10 in 2018.

So far as I can see, the current Release Manager (who is based in California, in the PDT time zone) has not yet responded to the emergence of this problem, on any of the channels I can monitor.

I don't see any movement or sense of urgency at the development stage.

AT YOUR OWN RISK

Google drive

Make a safe copy of your old one, just in case.

Done the replacement on my WINE installation but didn't actually confirm it was affected as not currently running.

Done the replacement on my WINE installation but didn't actually confirm it was affected as not currently running.

You can do a simple 'project update', from either BOINC Manager or boinccmd, to verify that. The Event Log will show either 'failed' with the expired certificate in the bundle, or 'completed' with it removed.

The bad certificate blocks all https communication between client and server, not just uploads.

Jord:

I don't see any movement or sense of urgency at the development stage.

Richard:

The bad certificate blocks all https communication between client and server, not just uploads.

I see a very high urgency at the development stage is needed

---

I see a very high urgency at the development stage is needed

So do we, but unfortunately it's the middle of the night in California. Fixing this one requires tools only available to authorised users - probably employees only - of the University of California in Berkeley.

I hope someone with the appropriate contacts can kick the relevant people out of bed when the sun rises.

@Richard Haselgrove your updated certificate work like a charm, except for WCG it worked for a short while and now......
(Time zone GMT+3)

10/1/2021 3:39:47 PM | World Community Grid | update requested by user
10/1/2021 3:39:48 PM | World Community Grid | Sending scheduler request: Requested by user.
10/1/2021 3:39:48 PM | World Community Grid | Not requesting tasks: don't need (CPU: not highest priority project; AMD/ATI GPU: not highest priority project)
10/1/2021 3:39:50 PM | World Community Grid | Scheduler request failed: HTTP service unavailable

seems like they changed something shortly after we made changes

---

Yes, they had an unplanned outage:

Greetings,

We are experiencing an outage that has caused us to stop issuing new work or receiving completed work back from the volunteers.

We apologize for the issue and are working to restoring normal service as soon as possible.

https://www.worldcommunitygrid.org/forums/wcg/viewthread_thread,43772