[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows
From: Pascal <Pascal666@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 04 Jan 2012 14:30:14 -0600
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 04 Jan 2012 15:30:32 -0500
In-reply-to: <4F04B4CD.2070805@xxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAM8WWJCvDein=YuVLa71u8dcLmPtpv6AFm7GxiXmex9LRudLjQ@xxxxxxxxxxxxxx> <4F04B22A.9040205@xxxxxxxxx> <4F04B4CD.2070805@xxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.25) Gecko/20111213 Thunderbird/3.1.17

Running www.digicert.com through that tool shows the 2nd intermediatecertificate that needs to be included.


-Pascal


On 1/4/2012 2:21 PM, Pascal wrote:

The tool at http://www.digicert.com/help/ does a good job of showing
what is going on with a web site's certs. Traditionally a website is
expected to send its own server cert and all intermediate certs, but not
the root cert. You can run www.google.com through that tool to see how
this looks. Running freenet.us.to through that tool shows how a site
including the root cert looks. Running www.torproject.org through there
shows that there are actually 2 intermediate certs required for the
server cert used, but only 1 of them is being included.

-Pascal


On 1/4/2012 2:10 PM, Ondrej Mikle wrote:

2. Since www.torproject.org does not send DigiCert root CA cert in
handshake, each browser builds yet another chain to root.

Though it might be helpful if www.torproject.org sent whole chain (up to
Digicert root).

Ondrej

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows
  - From: Ondrej Mikle

References:
- [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows
  - From: Greg
- Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows
  - From: Ondrej Mikle
- Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows
  - From: Pascal

Prev by Author: Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows
Next by Author: Re: [tor-talk] Deterministic builds?
Previous by thread: Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows
Next by thread: Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows
Index(es):
- Author
- Thread