Posts by walli

1) Message boards : Questions and problems : Peer certificate cannot be authenticated with given CA certificates (Message 98906)
Posted 30 May 2020 by walli
Post:
The news is already spreading...

Linux isn't or shouldn't be affected by this issue in most cases because the client looks for system-wide shared certificates (e.g. "/etc/ssl/certs/ca-certificates.crt" on Debian based distributions). I don't know how this works on macOS or Android.
2) Message boards : Questions and problems : Peer certificate cannot be authenticated with given CA certificates (Message 98900)
Posted 30 May 2020 by walli
Post:
Hi Richard,

there is an expired certificate:

# openssl crl2pkcs7 -nocrl -certfile ca-bundle.crt | openssl pkcs7 -print_certs -text -noout | grep -i after | grep 2020
            Not After : May 30 10:48:38 2020 GMT
            Not After : Mar 25 11:03:10 2020 GMT

# openssl crl2pkcs7 -nocrl -certfile ca-bundle.crt | openssl pkcs7 -print_certs -text -noout | less
...
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
        Validity
            Not Before: May 30 10:48:38 2000 GMT
            Not After : May 30 10:48:38 2020 GMT
        Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
...


"AddTrust External CA Root" is an old Comodo cert, now Sectigo, which expired today.

For more information, see:
- https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000rgSZ
- https://crt.sh/?id=1720081

We just need to replace the old Intermediate cert with the new Root CA cert: https://crt.sh/?d=1720081

Could you please file a bug report on GitHub? Otherwise I'll try to do this later/tomorrow...

Best wishes,

walli
3) Message boards : Documentation : Mailinglists -> Google Groups? (Message 85130)
Posted 13 Mar 2018 by walli
Post:
Hi,

I tried to subscribe to one of the Boinc mailinglists found at https://lists.ssl.berkeley.edu/mailman/listinfo but all I got was a http error "500 - Internal Server Error". A friend told me that you moved to Google Groups some time ago and so I found this link: https://boinc.berkeley.edu/trac/wiki/EmailLists.

At least, it explains a bit, but I couldn't find any info/announcement regarding the migration in the news section of the homepage or the forum. Maybe you could mention it somewhere and close the subscriptions in the old mailman "archive"? It was very confusing!

Btw., the mailman admin address also does not exist anymore:
>> 550 5.1.1 <ssl_mailman@ssl.berkeley.edu>: Recipient address rejected: User unknown in local recipient table <<

Best regards

walli




Copyright © 2024 University of California. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.