[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows
From: Pascal <Pascal666@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 04 Jan 2012 14:21:33 -0600
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 04 Jan 2012 15:21:54 -0500
In-reply-to: <4F04B22A.9040205@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAM8WWJCvDein=YuVLa71u8dcLmPtpv6AFm7GxiXmex9LRudLjQ@xxxxxxxxxxxxxx> <4F04B22A.9040205@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.25) Gecko/20111213 Thunderbird/3.1.17

The tool at http://www.digicert.com/help/ does a good job of showingwhat is going on with a web site's certs. Traditionally a website isexpected to send its own server cert and all intermediate certs, but notthe root cert. You can run www.google.com through that tool to see howthis looks. Running freenet.us.to through that tool shows how a siteincluding the root cert looks. Running www.torproject.org through thereshows that there are actually 2 intermediate certs required for theserver cert used, but only 1 of them is being included.


-Pascal


On 1/4/2012 2:10 PM, Ondrej Mikle wrote:

2. Since www.torproject.org does not send DigiCert root CA cert in
handshake, each browser builds yet another chain to root.

Though it might be helpful if www.torproject.org sent whole chain (up to
Digicert root).

Ondrej

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows
  - From: Pascal

References:
- [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows
  - From: Greg
- Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows
  - From: Ondrej Mikle

Prev by Author: Re: [tor-talk] How to install tor in Linux just as secure as tor-browser-bundle ?
Next by Author: Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows
Previous by thread: Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows
Next by thread: Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows
Index(es):
- Author
- Thread