Posts by harukaff

1) Message boards : Number crunching : Problems and Technical Issues with Rosetta@home (Message 108044) Posted 15 Feb 2023 by harukaff Post: Encryption is almost a must though nowadays. You don't really want anyone on the network path to be able to just casually collect all the info you send through your network port. Not to mention that you actually download executables from BOINC projects that just directly runs on your machines. That said, the current PKI system is inherently flawed. There are ways to "fix" that but it's even more difficult to configure everything right. Guess it's just too hard to build verifiable trust in today's world.
2) Message boards : Number crunching : Problems and Technical Issues with Rosetta@home (Message 108041) Posted 15 Feb 2023 by harukaff Post: Rosetta's download server is having a very classic HTTPS configuration error: they forgot to put the intermediate certificate on the web server. Some HTTPS implementations won't actively try to fetch the intermediate certificate (the link is actually written in the certificate info), so they can't verify the certificate, leading to connection errors. If you enable the file_xfer_debug log flag, you will see the error code is -184, which means cURL error. There is a very dirty workaround though, but don't do it on production systems - generally it should be safe but there is always a possibility this will come back and bite you: You can manually install the intermediate certificate as a trusted root certificate. After that, the system will be able to verify the certificate. If you can understand what the workaround is doing, I guess you already know how to do that. Otherwise, please know that this is inherently insecure, so I won't post a tutorial now. To anyone that can connect to the project team: please tell them about this issue and let them add the intermediate certificate to the web server. Shouldn't take more than a few minutes to fix. EDIT: fixed wonky English.