[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] "Invalid Server Certificate" accessing torproject.org on Chrome/Windows
From: Pascal <Pascal666@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 21 Mar 2012 01:29:18 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 21 Mar 2012 03:31:42 -0400
In-reply-to: <20120104215147.7ab835e7@kilik>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAM8WWJCvDein=YuVLa71u8dcLmPtpv6AFm7GxiXmex9LRudLjQ@xxxxxxxxxxxxxx> <4F04B22A.9040205@xxxxxxxxx> <4F04B4CD.2070805@xxxxxxxxxxxxxxxxxxxxx> <4F04B6D6.6090500@xxxxxxxxxxxxxxxxxxxxx> <4F04C958.2020009@xxxxxxxxx> <CAM8WWJAWtsQqxpSA3y+J1ebUKwnXiXoAA696VAt0xTa4b_xL5Q@xxxxxxxxxxxxxx> <20120104215147.7ab835e7@kilik>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.28) Gecko/20120306 Thunderbird/3.1.20

Though the cert chain for www.torproject.org is now fixed on38.229.72.14 and 38.229.72.16, it is still broken on 86.59.30.36.


-Pascal


On 1/4/2012 8:51 PM, Andrew Lewman wrote:

I think this is fixed for www.torproject.org now. Digicert apparently
updated their ca chained certs at some point. I've put the updated
ca-certs on the www servers. If this works, we can update them on all
torproject servers.

And for fun, I've attached the gnutls-cli output of the old cert in
place and the new cert in place.

tl;dr we went from:
our cert ->  DigiCert High Assurance CA-3

to now:
cert ->  DigiCert High Assurance CA-3 ->  DigiCert High Assurance EV Root
CA

I couldn't replicate the problem in Chromium, FF9, nor whatever version
of android i have on an obsolete phone.




_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: [tor-talk] Combining Accounting* and RelayBandwidth* settings; changing IPv6 port.
Next by Author: Re: [tor-talk] on the topic of tor's weaknesses
Previous by thread: Re: [tor-talk] Setting up Tor on Ubuntu
Next by thread: [tor-talk] Encrypting the layers...
Index(es):
- Author
- Thread