[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: problem while trying to fetch 0.2.1.8-alpha

To: "Scott Bennett" <bennett@xxxxxxxxxx>
Subject: Re: problem while trying to fetch 0.2.1.8-alpha
From: coderman <coderman@xxxxxxxxx>
Date: Sun, 21 Dec 2008 22:59:09 -0800
Cc: or-talk@xxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 22 Dec 2008 01:59:14 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=N0GLZYQTMonUgNXAkZT7+ouPfbBhO6rT1Kc5V6YsXrg=; b=iJ/8lhKZM7fmMBLZ2x5y4+cTC4P+vV7YjFk1GJDIu0qsS6UhelxLavR9iv010sZHMt ovBY/uGTtjoghoa8Pod+VtHgk4ZPdHWunp1vQNypWzoZSPIlcAfRfF2ye7BkvSseQJAI PDrNHIJgiEsOPa/AN90LtAXBMTTlRt+ButmKE=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=aksefJGIKze6US45cMmixM4gvwYyFB8XdgmX3FCe8bqS3palLkcYMGNldT2X+f1p1H PReOWJ3e9iH4tWo00flnWC58L/8f/UWLIhj/W1xiFwpUQyvH1TFBdfYeOfryVR8LzToz fXrqF/YdiOIv37AQreoG5CFsafZy9dfTxQ0m8=
In-reply-to: <200812220631.mBM6VwJx017072@xxxxxxxxxxxxx>
References: <200812220631.mBM6VwJx017072@xxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On Sun, Dec 21, 2008 at 10:31 PM, Scott Bennett <bennett@xxxxxxxxxx> wrote:
> ...
>>is it possible you have an old openssl cacerts package without the
>>newer ev signing and root ca's?
>
>     Beats me.

yup, that appears to be it.  (looking at the certs you got).

nothing nefarious, aside from another random root added to your circle
of trust :)

you can download via:
https://www.geotrust.com/resources/root-certificates/

you want:
https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Global_eBusiness_CA-1.cer

verify things look good:
openssl s_client -CAfile Equifax_Secure_Global_eBusiness_CA-1.cer
-connect www.torproject.org:443 -showcerts
...
    Verify return code: 0 (ok)

and to use this with wget:
 wget --ca-certificate=Equifax_Secure_Global_eBusiness_CA-1.cer
https://www.torproject.org/...


best regards,

References:
- Re: problem while trying to fetch 0.2.1.8-alpha
  - From: Scott Bennett

Prev by Author: Re: Windows buffer problems
Next by Author: Re: Perfect MITM attack with valid SSL Certs
Previous by thread: Re: problem while trying to fetch 0.2.1.8-alpha
Next by thread: Re: problem while trying to fetch 0.2.1.8-alpha
Index(es):
- Author
- Thread