[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: problem while trying to fetch 0.2.1.8-alpha

To: coderman <coderman@xxxxxxxxx>, or-talk@xxxxxxxxxxxxx
Subject: Re: problem while trying to fetch 0.2.1.8-alpha
From: Scott Bennett <bennett@xxxxxxxxxx>
Date: Wed, 21 Jan 2009 03:43:01 -0600 (CST)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Wed, 21 Jan 2009 04:43:09 -0500
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

     I'm finally getting back to this.  Sorry about the delay again.
     On Wed, 31 Dec 2008 10:55:36 -0800 coderman <coderman@xxxxxxxxx>
wrote:
>On Wed, Dec 31, 2008 at 12:21 AM, Scott Bennett <bennett@xxxxxxxxxx> wrote:
>>...
>>     Nope.  Instead I get:
>
>ah the joys of PKI.  Tor has been changing certs.  new roots are
>http://www.entrust.net/developer/index.cfm and "Entrust Secure Server
>CA" is the one you want.
>
     Okay.  I downloaded entrust_ssl_ca.der (the man page for wget(1) says
it wants DER or PEM format for certificates) and put it into
/usr/local/openssl/certs with 644 permissions.  When trying for the new tor
development branch version, I get:

Script started on Wed Jan 21 03:33:15 2009
[hellas] 101 % wget --ca-directory=/usr/local/openssl/certs --ca-certificate=entrust_ssl_ca.der https://www.torproject.org/dist/tor-0.2.1.11-alpha.tar.gz.asc ht https://www.torproject.org/dist/tor-0.2.1.11-alpha.tar.gz.sha1 https://www.torproject.org/dist/tor-0.2.1.11-alpha.tar.gz
--03:33:53--  https://www.torproject.org/dist/tor-0.2.1.11-alpha.tar.gz.asc
           => `tor-0.2.1.11-alpha.tar.gz.asc'
Resolving www.torproject.org... 86.59.21.36
Connecting to www.torproject.org|86.59.21.36|:443... connected.
ERROR: Certificate verification error for www.torproject.org: unable to get local issuer certificate
To connect to www.torproject.org insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
--03:33:59--  https://www.torproject.org/dist/tor-0.2.1.11-alpha.tar.gz.sha1
           => `tor-0.2.1.11-alpha.tar.gz.sha1'
Connecting to www.torproject.org|86.59.21.36|:443... connected.
ERROR: Certificate verification error for www.torproject.org: unable to get local issuer certificate
To connect to www.torproject.org insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
--03:34:00--  https://www.torproject.org/dist/tor-0.2.1.11-alpha.tar.gz
           => `tor-0.2.1.11-alpha.tar.gz'
Connecting to www.torproject.org|86.59.21.36|:443... connected.
ERROR: Certificate verification error for www.torproject.org: unable to get local issuer certificate
To connect to www.torproject.org insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.

FINISHED --03:34:04--
Downloaded: 0 bytes in 0 files
[hellas] 102 % exit
exit

Script done on Wed Jan 21 03:34:09 2009

     I guess the only thing to do is to use the --no-check-certificate option
and then hope there's no MITM.  :-(


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************

Follow-Ups:
- Re: problem while trying to fetch 0.2.1.8-alpha
  - From: coderman

Prev by Author: Re: Am I really helping tor
Next by Author: Re: problem while trying to fetch 0.2.1.8-alpha
Previous by thread: Re: command line control software
Next by thread: Re: problem while trying to fetch 0.2.1.8-alpha
Index(es):
- Author
- Thread