Peer certificate cannot be authenticated with given CA certificates

Message boards : Number crunching : Peer certificate cannot be authenticated with given CA certificates

To post messages, you must log in.

Previous · 1 . . . 4 · 5 · 6 · 7 · 8 · 9 · Next

AuthorMessage
monk_duck

Send message
Joined: 17 Nov 09
Posts: 11
Credit: 284,039
RAC: 0
Message 97278 - Posted: 7 Jun 2020, 23:31:23 UTC - in response to Message 97159.  

Nope still broken on Android, any update on this?
ID: 97278 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
bunnybooboo

Send message
Joined: 15 Apr 20
Posts: 8
Credit: 66,579
RAC: 0
Message 97281 - Posted: 8 Jun 2020, 10:06:01 UTC - in response to Message 97278.  
Last modified: 8 Jun 2020, 10:07:22 UTC

Not yet. Work is progressing over in Github though, particularly in relation to this security certificate issue. Based on those linked conversations (and pending pull requests) It looks likely we'll see a bump to 7.4+, at least on Android.
ID: 97281 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Mr P Hucker
Avatar

Send message
Joined: 12 Aug 06
Posts: 1600
Credit: 11,832,901
RAC: 13,059
Message 97282 - Posted: 8 Jun 2020, 11:00:51 UTC - in response to Message 97278.  

Nope still broken on Android, any update on this?


LHC and Rosetta both working fine on my Android 7.0 phone and my Android 4.5 phone - I upgraded to 7.16.3 on both.
ID: 97282 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
monk_duck

Send message
Joined: 17 Nov 09
Posts: 11
Credit: 284,039
RAC: 0
Message 97291 - Posted: 8 Jun 2020, 16:15:02 UTC - in response to Message 97281.  

Not yet. Work is progressing over in Github though, particularly in relation to this security certificate issue. Based on those linked conversations (and pending pull requests) It looks likely we'll see a bump to 7.4+, at least on Android.


Thanks I'll await a boinc update to appear, look like 7.4.53 is currently on google play so hopefully they update soon.

Nope still broken on Android, any update on this?


LHC and Rosetta both working fine on my Android 7.0 phone and my Android 4.5 phone - I upgraded to 7.16.3 on both.


Was that through Google Play?
ID: 97291 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Mr P Hucker
Avatar

Send message
Joined: 12 Aug 06
Posts: 1600
Credit: 11,832,901
RAC: 13,059
Message 97292 - Posted: 8 Jun 2020, 16:23:29 UTC - in response to Message 97291.  

Not yet. Work is progressing over in Github though, particularly in relation to this security certificate issue. Based on those linked conversations (and pending pull requests) It looks likely we'll see a bump to 7.4+, at least on Android.


Thanks I'll await a boinc update to appear, look like 7.4.53 is currently on google play so hopefully they update soon.

Nope still broken on Android, any update on this?


LHC and Rosetta both working fine on my Android 7.0 phone and my Android 4.5 phone - I upgraded to 7.16.3 on both.


Was that through Google Play?


No, I just went to the link provided in here: https://boinc.berkeley.edu/download_all.php - Android is at the bottom.
ID: 97292 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Razvan.Dumitriu

Send message
Joined: 10 Jun 06
Posts: 1
Credit: 12,032
RAC: 0
Message 97318 - Posted: 10 Jun 2020, 11:12:51 UTC - in response to Message 96882.  
Last modified: 10 Jun 2020, 11:13:39 UTC

The easiest way would be for BOINC to update, but until then, a workaround is to either manually do that edit as you mentioned or just refresh the ca-bundle.crt file with an updated version on your own:
https://github.com/bagder/ca-bundle

You can download it from there and replace your current file in the BOINC installation folder.


If you download from https://curl.haxx.se/docs/caextract.html , make sure you rename the cacert.pem to the current "ca-bundle.crt" filename and replace it in your BOINC folder.

This worked for me
ID: 97318 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Mr P Hucker
Avatar

Send message
Joined: 12 Aug 06
Posts: 1600
Credit: 11,832,901
RAC: 13,059
Message 98031 - Posted: 12 Jul 2020, 23:41:57 UTC

Why didn't Boinc just warn us "are you sure you want to use an outdated security certificate?" That's what I got a few times browsing websites that were expired. Most people wouldn't panic over a few days, just like you'd eat a yogurt that was a day over the sellby date.
ID: 98031 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
mikey
Avatar

Send message
Joined: 5 Jan 06
Posts: 1895
Credit: 9,168,422
RAC: 4,035
Message 98034 - Posted: 13 Jul 2020, 3:03:36 UTC - in response to Message 98031.  

Why didn't Boinc just warn us "are you sure you want to use an outdated security certificate?" That's what I got a few times browsing websites that were expired. Most people wouldn't panic over a few days, just like you'd eat a yogurt that was a day over the sellby date.


Because no one realized it until it happened, don't know if warnings were sent to the Developers and people ignored them but now it is what it is. One thing is that most versions of Boinc above 10.04 still worked fine for awhile, versions older than that are the first ones in trouble. People were still using OLD OLD OLD versions of Boinc, even some of the Linux Distros linked to OLD versions of Boinc if people didn't add the Boinc PPA manually. I guess that's what happens when they go to an all volunteer group, other things get in the way.
ID: 98034 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Brian Nixon

Send message
Joined: 12 Apr 20
Posts: 293
Credit: 8,432,366
RAC: 0
Message 98047 - Posted: 13 Jul 2020, 12:40:09 UTC - in response to Message 98031.  
Last modified: 13 Jul 2020, 12:41:27 UTC

Why didn't Boinc just warn us
It might not have been that simple.

The fault is in the OpenSSL library that ships with BOINC, which BOINC uses indirectly through curl. While BOINC might not have been written to cope with such a problem, the information needed for it to be able to might not even have been available.
ID: 98047 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Mr P Hucker
Avatar

Send message
Joined: 12 Aug 06
Posts: 1600
Credit: 11,832,901
RAC: 13,059
Message 98049 - Posted: 13 Jul 2020, 13:26:13 UTC

Because no one realized it until it happened, don't know if warnings were sent to the Developers and people ignored them but now it is what it is. One thing is that most versions of Boinc above 10.04 still worked fine for awhile, versions older than that are the first ones in trouble. People were still using OLD OLD OLD versions of Boinc, even some of the Linux Distros linked to OLD versions of Boinc if people didn't add the Boinc PPA manually. I guess that's what happens when they go to an all volunteer group, other things get in the way.


An autoupdate facility on Boinc would go a long way.... every other program does this nowadays.

The fault is in the OpenSSL library that ships with BOINC, which BOINC uses indirectly through curl. While BOINC might not have been written to cope with such a problem, the information needed for it to be able to might not even have been available.


When something expires and I'm browsing a webpage in Opera, Opera just tells me it may be unsafe. Why can the same not occur with Boinc?
ID: 98049 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Brian Nixon

Send message
Joined: 12 Apr 20
Posts: 293
Credit: 8,432,366
RAC: 0
Message 98051 - Posted: 13 Jul 2020, 15:07:55 UTC - in response to Message 98049.  

It can; whether it does seems more a question of whether the developers want to prioritise predicting, testing for and dealing with obscure once-in-a-decade bugs in complex third-party libraries…
ID: 98051 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Mr P Hucker
Avatar

Send message
Joined: 12 Aug 06
Posts: 1600
Credit: 11,832,901
RAC: 13,059
Message 98053 - Posted: 13 Jul 2020, 18:31:12 UTC - in response to Message 98051.  

It can; whether it does seems more a question of whether the developers want to prioritise predicting, testing for and dealing with obscure once-in-a-decade bugs in complex third-party libraries…


Hopefully programmers of nuclear power plant control systems take greater care :-)
ID: 98053 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Mod.Sense
Volunteer moderator

Send message
Joined: 22 Aug 06
Posts: 4018
Credit: 0
RAC: 0
Message 98055 - Posted: 13 Jul 2020, 18:49:43 UTC - in response to Message 98053.  

Hopefully the programmers of nuclear power plant control systems can presume there is an active window with a person viewing that can respond to a prompt.
Rosetta Moderator: Mod.Sense
ID: 98055 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Brian Nixon

Send message
Joined: 12 Apr 20
Posts: 293
Credit: 8,432,366
RAC: 0
Message 98056 - Posted: 13 Jul 2020, 20:55:46 UTC - in response to Message 98053.  

You could argue that BOINC was actually pretty robust in the face of the unexpected condition in May. Connections failed; the client backed off and kept retrying periodically; after action was taken at the server end, connections succeeded and normal operation resumed without user intervention. I imagine a healthy proportion of crunchers never even noticed a problem.
ID: 98056 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Mr P Hucker
Avatar

Send message
Joined: 12 Aug 06
Posts: 1600
Credit: 11,832,901
RAC: 13,059
Message 98078 - Posted: 14 Jul 2020, 19:19:19 UTC - in response to Message 98055.  

Hopefully the programmers of nuclear power plant control systems can presume there is an active window with a person viewing that can respond to a prompt.


Most programs on PCs will produce some kind of warning. Even things in the background. That's why we have a notification area. I notice when AVG needs a reboot for example. If I'm not there, there's no harm in the warning being sat there. But if I am there, I can do something about it.

Just don't make it like Windows 10 where if you're not there it makes stupid assumptions and reboots the PC without permission (they really should be royally sued for that, people have lost much work and money because of it).
ID: 98078 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Mr P Hucker
Avatar

Send message
Joined: 12 Aug 06
Posts: 1600
Credit: 11,832,901
RAC: 13,059
Message 98079 - Posted: 14 Jul 2020, 19:22:45 UTC - in response to Message 98056.  

You could argue that BOINC was actually pretty robust in the face of the unexpected condition in May. Connections failed; the client backed off and kept retrying periodically; after action was taken at the server end, connections succeeded and normal operation resumed without user intervention. I imagine a healthy proportion of crunchers never even noticed a problem.


Yes, it does manage fairly well. But I've found a lot of tweaking is required to get things to work well.

I use Boinctasks to view it sensibly, otherwise I have an enormous list of tasks, with no colours to show what's running, and no grouping of queues. When you run Milkyway on a GPU, you have queues of several hundred tasks, not really acceptable to view in the Boinc Manager. And when you run 6 computers, I don't think Boinc Manager can show them all on one screen.

And I use TThrottle, because no matter how big a fan you put on things, they still overheat.
ID: 98079 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Grant (SSSF)

Send message
Joined: 28 Mar 20
Posts: 1680
Credit: 17,841,366
RAC: 22,994
Message 98081 - Posted: 14 Jul 2020, 19:41:21 UTC - in response to Message 98079.  

And I use TThrottle, because no matter how big a fan you put on things, they still overheat.
Only if there is a problem with the system.
I've had systems with the CPU & 2GPUs running fully loaded in 38°c+ temperatures (and not getting below 30°c) with no problems.
Grant
Darwin NT
ID: 98081 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Mr P Hucker
Avatar

Send message
Joined: 12 Aug 06
Posts: 1600
Credit: 11,832,901
RAC: 13,059
Message 98115 - Posted: 15 Jul 2020, 19:52:06 UTC - in response to Message 98081.  

And I use TThrottle, because no matter how big a fan you put on things, they still overheat.
Only if there is a problem with the system.
I've had systems with the CPU & 2GPUs running fully loaded in 38°c+ temperatures (and not getting below 30°c) with no problems.


I can't see how that's possible. GPUs give off up to 250W each. Half a kilowatt is not possible to remove from a case without some kind of industrial fans blasting it out loud enough so you can't hear yourself think. I have most of mine out of cases on bookshelves, which is much better, as they suck in fresh air, but even with the air intake of the GPU at 25C, the exhaust is 70C, that's with their stock fans at 100%.
ID: 98115 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Profile Grant (SSSF)

Send message
Joined: 28 Mar 20
Posts: 1680
Credit: 17,841,366
RAC: 22,994
Message 98116 - Posted: 15 Jul 2020, 20:37:50 UTC - in response to Message 98115.  

And I use TThrottle, because no matter how big a fan you put on things, they still overheat.
Only if there is a problem with the system.
I've had systems with the CPU & 2GPUs running fully loaded in 38°c+ temperatures (and not getting below 30°c) with no problems.
I can't see how that's possible. GPUs give off up to 250W each. Half a kilowatt is not possible to remove from a case without some kind of industrial fans blasting it out loud enough so you can't hear yourself think.
My video cards are mid range units- 175W max.
A water cooled CPU with a large case which is designed for good air flow, with large fans (the larger the fan the more air it can move at lower speeds). They are noisy, but not that noisy- the ceiling fans going flat out tend to be louder than the computer fans.
A good- large -case can handle a 750W load with ease. A small case with small fans, will sound like an aircraft taking off and still not be able to remove all the heat.


Grant
Darwin NT
ID: 98116 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
mikey
Avatar

Send message
Joined: 5 Jan 06
Posts: 1895
Credit: 9,168,422
RAC: 4,035
Message 98123 - Posted: 16 Jul 2020, 13:08:50 UTC - in response to Message 98115.  

And I use TThrottle, because no matter how big a fan you put on things, they still overheat.
Only if there is a problem with the system.
I've had systems with the CPU & 2GPUs running fully loaded in 38°c+ temperatures (and not getting below 30°c) with no problems.


I can't see how that's possible. GPUs give off up to 250W each. Half a kilowatt is not possible to remove from a case without some kind of industrial fans blasting it out loud enough so you can't hear yourself think. I have most of mine out of cases on bookshelves, which is much better, as they suck in fresh air, but even with the air intake of the GPU at 25C, the exhaust is 70C, that's with their stock fans at 100%.


Well positioned fans helps too, top and side fans can move alot of air. If you do air cooling be sure to use very good cpu fans with at least 4 heat pipes and replace the paste between the cpu and it's fan no more than every other year, every year is better. Lots of places rate cpu cooling fans, be sure to check them out before buying, most of the time using the one supplied by your cpu maker isn't as good as it could be. I have a 'computer room' so leave the side off of all my cases for better airflow, I do get the occasional mosquito stuck on a cooling vent but they clean out easily.
ID: 98123 · Rating: 0 · rate: Rate + / Rate - Report as offensive    Reply Quote
Previous · 1 . . . 4 · 5 · 6 · 7 · 8 · 9 · Next

Message boards : Number crunching : Peer certificate cannot be authenticated with given CA certificates



©2024 University of Washington
https://www.bakerlab.org