Message boards :
News :
Expired SSL certificates in BOINC Client -- User Action Required
Message board moderation
Author | Message |
---|---|
Send message Joined: 8 Jul 11 Posts: 1341 Credit: 493,894,121 RAC: 558,810 |
This was discussed in another thread, and it just occurred to me I should post a news item with more explicit instructions. The issue is that the BOINC client comes bundled with SSL certificates and these expired earlier today. Here are the basic steps to fix the problem. (Note: this works on linux and I see no reason why it shouldn't work on Windows too.) 1. Download the new "ca-bundle.crt" file from here: https://1drv.ms/u/s!AsVDg7OAm7-whqEqBXKHuOie0UoBKA?e=VHwBAP 2. Replace the old ca-bundle.crt file with the new one (it should be in your BOINC root directory). |
Send message Joined: 28 Oct 11 Posts: 180 Credit: 241,761,954 RAC: 143,546 |
(it should be in your BOINC root directory).This problem primarily affects Windows, and some (but not all) versions of Linux. The file needing replacement can be found in the program directory for Windows - most commonly C:\Program Files\BOINC |
Send message Joined: 13 Apr 18 Posts: 5 Credit: 17,061,620 RAC: 0 |
Hello, the CRT file already installed is valid from 1998 till 2028 ! Then it will affect all BOINC project ! You are the only one who report this problem. And you are not sure it will works under Windows. Can you be more clear ? And first fix the up/download problem. Server seems to work, but unable to acces 31/05/2020 10:22:13 | NumberFields@home | Started upload of wu_sf3_DS-15x271_Grp4792905of6553600_0_r943010916_0 31/05/2020 10:22:13 | NumberFields@home | Started upload of wu_sf3_DS-15x271_Grp4802684of6553600_1_r1358983788_0 31/05/2020 10:22:17 | | Project communication failed: attempting access to reference site 31/05/2020 10:22:17 | NumberFields@home | Temporarily failed upload of wu_sf3_DS-15x271_Grp4792905of6553600_0_r943010916_0: transient HTTP error 31/05/2020 10:22:17 | NumberFields@home | Backing off 00:16:43 on upload of wu_sf3_DS-15x271_Grp4792905of6553600_0_r943010916_0 31/05/2020 10:22:17 | NumberFields@home | Temporarily failed upload of wu_sf3_DS-15x271_Grp4802684of6553600_1_r1358983788_0: transient HTTP error 31/05/2020 10:22:17 | NumberFields@home | Backing off 00:18:17 on upload of wu_sf3_DS-15x271_Grp4802684of6553600_1_r1358983788_0 31/05/2020 10:22:19 | | Internet access OK - project servers may be temporarily down. 31/05/2020 10:23:46 | NumberFields@home | Started upload of wu_sf3_DS-15x271_Grp4792510of6553600_0_r1802548779_0 31/05/2020 10:23:46 | NumberFields@home | Started upload of wu_sf3_DS-15x271_Grp4467611of6553600_1_r143695444_0 31/05/2020 10:23:47 | | Project communication failed: attempting access to reference site 31/05/2020 10:23:47 | NumberFields@home | Temporarily failed upload of wu_sf3_DS-15x271_Grp4792510of6553600_0_r1802548779_0: transient HTTP error 31/05/2020 10:23:47 | NumberFields@home | Backing off 00:10:20 on upload of wu_sf3_DS-15x271_Grp4792510of6553600_0_r1802548779_0 31/05/2020 10:23:47 | NumberFields@home | Temporarily failed upload of wu_sf3_DS-15x271_Grp4467611of6553600_1_r143695444_0: transient HTTP error 31/05/2020 10:23:47 | NumberFields@home | Backing off 00:07:13 on upload of wu_sf3_DS-15x271_Grp4467611of6553600_1_r143695444_0 31/05/2020 10:23:47 | NumberFields@home | Started upload of wu_sf3_DS-15x271_Grp4801304of6553600_0_r17914782_0 31/05/2020 10:23:47 | NumberFields@home | Started upload of wu_sf3_DS-15x271_Grp4806193of6553600_0_r461151290_0 |
Send message Joined: 19 Apr 19 Posts: 3 Credit: 1,586,498 RAC: 0 |
I have replacement the File and now works the Upload. Thx 4 the fast fix! Best Regards |
Send message Joined: 13 Apr 18 Posts: 5 Credit: 17,061,620 RAC: 0 |
Hello, tested under Win7 and Win10 : working ! Seems to have no impact on other projects. Thanks |
Send message Joined: 28 Oct 11 Posts: 180 Credit: 241,761,954 RAC: 143,546 |
the CRT file already installed is valid from 1998 till 2028 !The certificate file is a bundle, containing 133 different certificates. The Microsoft Windows tool only shows you the expiry date of the one on the top of the pile - the first certificate in the bundle. The problem here is caused by certificate number 6 in the bundle, which expired yesterday. Follow any of the suggestions for editing/replacing your bundle, and you will be able to contact this project's servers again. |
Send message Joined: 22 Jul 19 Posts: 8 Credit: 1,466,981 RAC: 1,066 |
After having substituted the ca-bundle.crt, I got new issue: Scheduler request failed: Peer certificate cannot be authenticated with given CA certificates. Ralph@home, Rosetta@home and NumberFields@home have the same certificate issue. The upload is still stuck. Here below the logs 31-May-2020 14:48:19 [ralph@home] Sending scheduler request: Requested by user. 31-May-2020 14:48:19 [ralph@home] Requesting new tasks for CPU 31-May-2020 14:48:20 [ralph@home] Scheduler request failed: Peer certificate cannot be authenticated with given CA certificates 31-May-2020 14:48:23 [---] Project communication failed: attempting access to reference site 31-May-2020 14:48:24 [---] Internet access OK - project servers may be temporarily down. 31-May-2020 14:48:25 [Rosetta@home] Sending scheduler request: Requested by user. 31-May-2020 14:48:25 [Rosetta@home] Requesting new tasks for CPU 31-May-2020 14:48:27 [---] Project communication failed: attempting access to reference site 31-May-2020 14:48:27 [Rosetta@home] Scheduler request failed: Peer certificate cannot be authenticated with given CA certificates 31-May-2020 14:48:28 [---] Internet access OK - project servers may be temporarily down. 31-May-2020 14:49:01 [NumberFields@home] Sending scheduler request: Requested by user. 31-May-2020 14:49:01 [NumberFields@home] Not requesting tasks: don't need (job cache full) 31-May-2020 14:49:02 [---] Project communication failed: attempting access to reference site 31-May-2020 14:49:02 [NumberFields@home] Scheduler request failed: Peer certificate cannot be authenticated with given CA certificates 31-May-2020 14:49:03 [---] Internet access OK - project servers may be temporarily down. 31-May-2020 14:49:28 [NumberFields@home] Started upload of wu_sf3_DS-15x271_Grp4533296of6553600_0_r594049101_0 31-May-2020 14:49:31 [---] Project communication failed: attempting access to reference site 31-May-2020 14:49:31 [NumberFields@home] Temporarily failed upload of wu_sf3_DS-15x271_Grp4533296of6553600_0_r594049101_0: transient HTTP error 31-May-2020 14:49:31 [NumberFields@home] Backing off 02:43:20 on upload of wu_sf3_DS-15x271_Grp4533296of6553600_0_r594049101_0 |
Send message Joined: 8 Jul 11 Posts: 1341 Credit: 493,894,121 RAC: 558,810 |
After having substituted the ca-bundle.crt, I got new issue: Is this happening on all your computers or just the one with windows? Could you also set the http_debug flag in the event log options to get some more information? |
Send message Joined: 22 Jul 19 Posts: 8 Credit: 1,466,981 RAC: 1,066 |
Hi Eric Is this happening on all your computers or just the one with windows? I have 4 PCs. I made the substitution in only one PC (Linux 32bit Ubuntu 12.04.5, BOINC 7.4.22). Asap I'll test the ca-bundle.crt in the other PCs (Windows and Linux x64) Could you also set the http_debug flag in the event log options to get some more information? Here below the logs. Thanks a lot. 31-May-2020 18:38:34 [---] Re-reading cc_config.xml 31-May-2020 18:38:34 [---] Not using a proxy 31-May-2020 18:38:34 [---] Config: GUI RPCs allowed from: 31-May-2020 18:38:34 [---] 192.168.1.198 31-May-2020 18:38:34 [---] 192.168.1.199 31-May-2020 18:38:34 [---] log flags: file_xfer, sched_ops, task, http_debug 31-May-2020 18:38:46 [NumberFields@home] Started upload of wu_sf3_DS-15x271_Grp4533296of6553600_0_r594049101_0 31-May-2020 18:38:46 [NumberFields@home] [http] [ID#7] Info: About to connect() to numberfields.asu.edu port 80 (#1) 31-May-2020 18:38:46 [NumberFields@home] [http] [ID#7] Info: Trying 129.219.51.76... 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Info: Connected to numberfields.asu.edu (129.219.51.76) port 80 (#1) 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Sent header to server: POST /NumberFields_cgi/file_upload_handler/ HTTP/1.1 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Sent header to server: User-Agent: BOINC client (i686-pc-linux-gnu 7.4.22) 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Sent header to server: Host: numberfields.asu.edu 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Sent header to server: Accept: */* 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Sent header to server: Accept-Encoding: deflate, gzip 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Sent header to server: Content-Type: application/x-www-form-urlencoded 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Sent header to server: Accept-Language: en_US 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Sent header to server: Content-Length: 716 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Sent header to server: 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Received header from server: HTTP/1.1 301 Moved Permanently 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Received header from server: Date: Sun, 31 May 2020 16:38:47 GMT 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Received header from server: Server: Apache/2.4.29 (Ubuntu) 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Info: the ioctl callback returned 0 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Received header from server: Location: https://numberfields.asu.edu/NumberFields_cgi/file_upload_handler/ 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Received header from server: Content-Length: 360 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Received header from server: Content-Type: text/html; charset=iso-8859-1 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Info: HTTP error before end of send, stop sending 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Received header from server: 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Info: Closing connection #1 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Info: Issue another request to this URL: 'https://numberfields.asu.edu/NumberFields_cgi/file_upload_handler/' 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Info: About to connect() to numberfields.asu.edu port 443 (#1) 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Info: Trying 129.219.51.76... 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Info: Connected to numberfields.asu.edu (129.219.51.76) port 443 (#1) 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Info: successfully set certificate verify locations: 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Info: CAfile: ca-bundle.crt 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Info: CApath: /etc/ssl/certs 31-May-2020 18:38:47 [NumberFields@home] [http] [ID#7] Info: SSLv3, TLS handshake, Client hello (1): 31-May-2020 18:38:48 [NumberFields@home] [http] [ID#7] Info: SSLv3, TLS handshake, Server hello (2): 31-May-2020 18:38:48 [NumberFields@home] [http] [ID#7] Info: SSLv3, TLS handshake, CERT (11): 31-May-2020 18:38:48 [NumberFields@home] [http] [ID#7] Info: SSLv3, TLS alert, Server hello (2): 31-May-2020 18:38:48 [NumberFields@home] [http] [ID#7] Info: SSL certificate problem, verify that the CA cert is OK. Details: 31-May-2020 18:38:48 [NumberFields@home] [http] [ID#7] Info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 31-May-2020 18:38:48 [NumberFields@home] [http] [ID#7] Info: Closing connection #1 31-May-2020 18:38:48 [NumberFields@home] [http] HTTP error: Peer certificate cannot be authenticated with given CA certificates 31-May-2020 18:38:48 [---] Project communication failed: attempting access to reference site 31-May-2020 18:38:48 [---] [http] HTTP_OP::init_get(): http://www.google.com/ 31-May-2020 18:38:48 [NumberFields@home] Temporarily failed upload of wu_sf3_DS-15x271_Grp4533296of6553600_0_r594049101_0: transient HTTP error 31-May-2020 18:38:48 [NumberFields@home] Backing off 03:12:28 on upload of wu_sf3_DS-15x271_Grp4533296of6553600_0_r594049101_0 31-May-2020 18:38:48 [---] [http] [ID#0] Info: Re-using existing connection! (#0) with host www.google.com 31-May-2020 18:38:48 [---] [http] [ID#0] Info: Connected to www.google.com (216.58.208.164) port 80 (#0) 31-May-2020 18:38:48 [---] [http] [ID#0] Sent header to server: GET / HTTP/1.1 31-May-2020 18:38:48 [---] [http] [ID#0] Sent header to server: User-Agent: BOINC client (i686-pc-linux-gnu 7.4.22) 31-May-2020 18:38:48 [---] [http] [ID#0] Sent header to server: Host: www.google.com 31-May-2020 18:38:48 [---] [http] [ID#0] Sent header to server: Accept: */* 31-May-2020 18:38:48 [---] [http] [ID#0] Sent header to server: Accept-Encoding: deflate, gzip 31-May-2020 18:38:48 [---] [http] [ID#0] Sent header to server: Content-Type: application/x-www-form-urlencoded 31-May-2020 18:38:48 [---] [http] [ID#0] Sent header to server: Accept-Language: en_US 31-May-2020 18:38:48 [---] [http] [ID#0] Sent header to server: 31-May-2020 18:38:49 [---] [http] [ID#0] Received header from server: HTTP/1.1 200 OK 31-May-2020 18:38:49 [---] [http] [ID#0] Received header from server: Date: Sun, 31 May 2020 16:38:49 GMT 31-May-2020 18:38:49 [---] [http] [ID#0] Received header from server: Expires: -1 31-May-2020 18:38:49 [---] [http] [ID#0] Received header from server: Cache-Control: private, max-age=0 31-May-2020 18:38:49 [---] [http] [ID#0] Received header from server: Content-Type: text/html; charset=ISO-8859-1 31-May-2020 18:38:49 [---] [http] [ID#0] Received header from server: P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." 31-May-2020 18:38:49 [---] [http] [ID#0] Received header from server: Content-Encoding: gzip 31-May-2020 18:38:49 [---] [http] [ID#0] Received header from server: Server: gws 31-May-2020 18:38:49 [---] [http] [ID#0] Received header from server: Content-Length: 5461 31-May-2020 18:38:49 [---] [http] [ID#0] Received header from server: X-XSS-Protection: 0 31-May-2020 18:38:49 [---] [http] [ID#0] Received header from server: X-Frame-Options: SAMEORIGIN 31-May-2020 18:38:49 [---] [http] [ID#0] Received header from server: Set-Cookie: 1P_JAR=2020-05-31-16; expires=Tue, 30-Jun-2020 16:38:49 GMT; path=/; domain=.google.com; Secure 31-May-2020 18:38:49 [---] [http] [ID#0] Received header from server: Set-Cookie: NID=204=S1IbZM4cTKbET9-0-Ns97GKD3Arg1mUPPMB0cZVgY3U7qFl8a_ykJbD0BthOkMOmTnMWjJ3HZB0VBKiFfVn9MFHJdYXAAWGX1rIB3V9JSyhNn1N98xaadxR-ibCuOoMMQCw2VptnNUt5terTGA8XtN8beeqRaKYEXRjkwLIudWU; expires=Mon, 30-Nov-2020 16:38:49 GMT; path=/; domain=.google.com; HttpOnly 31-May-2020 18:38:49 [---] [http] [ID#0] Received header from server: 31-May-2020 18:38:49 [---] [http] [ID#0] Info: Connection #0 to host www.google.com left intact 31-May-2020 18:38:49 [---] Internet access OK - project servers may be temporarily down. 31-May-2020 18:39:42 [NumberFields@home] update requested by user 31-May-2020 18:39:43 [---] [http] HTTP_OP::init_get(): https://numberfields.asu.edu/NumberFields/notices.php?userid=95159&auth=95159_12c786ec4d500376aebb3541de0775d2 31-May-2020 18:39:43 [---] [http] [ID#0] Info: About to connect() to numberfields.asu.edu port 443 (#1) 31-May-2020 18:39:43 [---] [http] [ID#0] Info: Trying 129.219.51.76... 31-May-2020 18:39:43 [---] [http] [ID#0] Info: Connected to numberfields.asu.edu (129.219.51.76) port 443 (#1) 31-May-2020 18:39:43 [---] [http] [ID#0] Info: successfully set certificate verify locations: 31-May-2020 18:39:43 [---] [http] [ID#0] Info: CAfile: ca-bundle.crt 31-May-2020 18:39:43 [---] [http] [ID#0] Info: CApath: /etc/ssl/certs 31-May-2020 18:39:43 [---] [http] [ID#0] Info: SSLv3, TLS handshake, Client hello (1): 31-May-2020 18:39:43 [---] [http] [ID#0] Info: SSLv3, TLS handshake, Server hello (2): 31-May-2020 18:39:43 [---] [http] [ID#0] Info: SSLv3, TLS handshake, CERT (11): 31-May-2020 18:39:43 [---] [http] [ID#0] Info: SSLv3, TLS alert, Server hello (2): 31-May-2020 18:39:43 [---] [http] [ID#0] Info: SSL certificate problem, verify that the CA cert is OK. Details: 31-May-2020 18:39:43 [---] [http] [ID#0] Info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 31-May-2020 18:39:43 [---] [http] [ID#0] Info: Closing connection #1 31-May-2020 18:39:43 [---] [http] HTTP error: Peer certificate cannot be authenticated with given CA certificates 31-May-2020 18:39:46 [NumberFields@home] Sending scheduler request: Requested by user. 31-May-2020 18:39:46 [NumberFields@home] Not requesting tasks: don't need (not highest priority project) 31-May-2020 18:39:46 [NumberFields@home] [http] HTTP_OP::init_post(): https://numberfields.asu.edu/NumberFields_cgi/cgi 31-May-2020 18:39:46 [NumberFields@home] [http] [ID#1] Info: About to connect() to numberfields.asu.edu port 443 (#1) 31-May-2020 18:39:46 [NumberFields@home] [http] [ID#1] Info: Trying 129.219.51.76... 31-May-2020 18:39:46 [NumberFields@home] [http] [ID#1] Info: Connected to numberfields.asu.edu (129.219.51.76) port 443 (#1) 31-May-2020 18:39:46 [NumberFields@home] [http] [ID#1] Info: successfully set certificate verify locations: 31-May-2020 18:39:46 [NumberFields@home] [http] [ID#1] Info: CAfile: ca-bundle.crt 31-May-2020 18:39:46 [NumberFields@home] [http] [ID#1] Info: CApath: /etc/ssl/certs 31-May-2020 18:39:46 [NumberFields@home] [http] [ID#1] Info: SSLv3, TLS handshake, Client hello (1): 31-May-2020 18:39:46 [NumberFields@home] [http] [ID#1] Info: SSLv3, TLS handshake, Server hello (2): 31-May-2020 18:39:47 [NumberFields@home] [http] [ID#1] Info: SSLv3, TLS handshake, CERT (11): 31-May-2020 18:39:47 [NumberFields@home] [http] [ID#1] Info: SSLv3, TLS alert, Server hello (2): 31-May-2020 18:39:47 [NumberFields@home] [http] [ID#1] Info: SSL certificate problem, verify that the CA cert is OK. Details: 31-May-2020 18:39:47 [NumberFields@home] [http] [ID#1] Info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 31-May-2020 18:39:47 [NumberFields@home] [http] [ID#1] Info: Closing connection #1 31-May-2020 18:39:47 [NumberFields@home] [http] HTTP error: Peer certificate cannot be authenticated with given CA certificates 31-May-2020 18:39:47 [---] Project communication failed: attempting access to reference site 31-May-2020 18:39:47 [---] [http] HTTP_OP::init_get(): http://www.google.com/ 31-May-2020 18:39:47 [NumberFields@home] Scheduler request failed: Peer certificate cannot be authenticated with given CA certificates 31-May-2020 18:39:47 [---] [http] [ID#0] Info: Re-using existing connection! (#0) with host www.google.com 31-May-2020 18:39:47 [---] [http] [ID#0] Info: Connected to www.google.com (216.58.208.164) port 80 (#0) 31-May-2020 18:39:47 [---] [http] [ID#0] Sent header to server: GET / HTTP/1.1 31-May-2020 18:39:47 [---] [http] [ID#0] Sent header to server: User-Agent: BOINC client (i686-pc-linux-gnu 7.4.22) 31-May-2020 18:39:47 [---] [http] [ID#0] Sent header to server: Host: www.google.com 31-May-2020 18:39:47 [---] [http] [ID#0] Sent header to server: Accept: */* 31-May-2020 18:39:47 [---] [http] [ID#0] Sent header to server: Accept-Encoding: deflate, gzip 31-May-2020 18:39:47 [---] [http] [ID#0] Sent header to server: Content-Type: application/x-www-form-urlencoded 31-May-2020 18:39:47 [---] [http] [ID#0] Sent header to server: Accept-Language: en_US 31-May-2020 18:39:47 [---] [http] [ID#0] Sent header to server: 31-May-2020 18:39:48 [---] [http] [ID#0] Received header from server: HTTP/1.1 200 OK 31-May-2020 18:39:48 [---] [http] [ID#0] Received header from server: Date: Sun, 31 May 2020 16:39:48 GMT 31-May-2020 18:39:48 [---] [http] [ID#0] Received header from server: Expires: -1 31-May-2020 18:39:48 [---] [http] [ID#0] Received header from server: Cache-Control: private, max-age=0 31-May-2020 18:39:48 [---] [http] [ID#0] Received header from server: Content-Type: text/html; charset=ISO-8859-1 31-May-2020 18:39:48 [---] [http] [ID#0] Received header from server: P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." 31-May-2020 18:39:48 [---] [http] [ID#0] Received header from server: Content-Encoding: gzip 31-May-2020 18:39:48 [---] [http] [ID#0] Received header from server: Server: gws 31-May-2020 18:39:48 [---] [http] [ID#0] Received header from server: Content-Length: 5429 31-May-2020 18:39:48 [---] [http] [ID#0] Received header from server: X-XSS-Protection: 0 31-May-2020 18:39:48 [---] [http] [ID#0] Received header from server: X-Frame-Options: SAMEORIGIN 31-May-2020 18:39:48 [---] [http] [ID#0] Received header from server: Set-Cookie: 1P_JAR=2020-05-31-16; expires=Tue, 30-Jun-2020 16:39:48 GMT; path=/; domain=.google.com; Secure 31-May-2020 18:39:48 [---] [http] [ID#0] Received header from server: Set-Cookie: NID=204=Y1rrTSAELQ8BQcNu2RPVzsg_rCZLmZn7ZXJLzctesxVw3l3liJRTIRJzjYE8eszeyoIj_BDu41iXmfXakrWWHwfN538Gghj1ZcsKCVZ-XE0M6u6YoX9An8NpPqQX2prW-0AXJpipu6QXzWDdI1rZwVh6MG76vAw_yadQ2fYTDgo; expires=Mon, 30-Nov-2020 16:39:48 GMT; path=/; domain=.google.com; HttpOnly 31-May-2020 18:39:48 [---] [http] [ID#0] Received header from server: 31-May-2020 18:39:48 [---] [http] [ID#0] Info: Connection #0 to host www.google.com left intact 31-May-2020 18:39:48 [---] Internet access OK - project servers may be temporarily down. |
Send message Joined: 6 Jun 12 Posts: 3 Credit: 12,076,243 RAC: 0 |
Just replaced ca-bundle on Windows 10 machine, retried uploads with success. |
Send message Joined: 8 Jul 11 Posts: 1341 Credit: 493,894,121 RAC: 558,810 |
31-May-2020 18:38:48 [NumberFields@home] [http] [ID#7] Info: SSL certificate problem, verify that the CA cert is OK. Hi Paolo, This error message is different from previous error messages which explicitly said the certificate had expired. This message tells me there is something wrong with the ca-bundle.crt file. Could it be the classic windows/linux line ending problem? The file worked for me as is, but then again I use Fedora. You could try running dos2unix on it to see if that helps. |
Send message Joined: 22 Jul 19 Posts: 8 Credit: 1,466,981 RAC: 1,066 |
Just replaced ca-bundle on Windows 10 machine, retried uploads with success. Very very thanks Steve Dodd. The Windows machine now works fine. The upload of NumberField and Rosetta WUs works. @Eric Driver I think the root cause of the issue in my old Linux x32 is SSLv3, maybe the certificate doesn't work with old and deprecate SSLv3. The certificate works fine in the Windows 10 x64 machine because Windows uses TLSv1.2!! |
Send message Joined: 8 Jul 11 Posts: 1341 Credit: 493,894,121 RAC: 558,810 |
Just replaced ca-bundle on Windows 10 machine, retried uploads with success. I'm not well versed in the different SSL versions. If I run "openssl version -a", I get OpenSSL 1.1.1g as my version and the supported ciphers are TLSv1.0, TLSv1.1, and TLSv1.2. I don't know what "SSLv3" is. If that is a deprecated protocol as you suggest, then yes, that is most likely your problem. |
Send message Joined: 22 Jul 19 Posts: 8 Credit: 1,466,981 RAC: 1,066 |
I'm not well versed in the different SSL versions. If I run "openssl version -a", I get OpenSSL 1.1.1g as my version and the supported ciphers are TLSv1.0, TLSv1.1, and TLSv1.2. I don't know what "SSLv3" is. If that is a deprecated protocol as you suggest, then yes, that is most likely your problem. Hi Eric and hi folks, Please forget my post about SSLv3 vs TLSv1.2. It was a big mistake. Now my old Linux Ubuntu 12 x32 works fine. I don’t know what was the winning procedure, so I share all the tasks I did. *) Alternately I used the ca-bundle.crt Eric gave us, the ca-bundle.crt from the post thread Rosetta and the original ca-bundle.crt from Boinc package 7.4.22. *) I put “!” at the beginning of the entry mozilla/AddTrust_External_Root.crt in the file /etc/ca-certificates.conf. *) After each change, I executed update-ca-certificates two times |
Send message Joined: 28 Oct 11 Posts: 180 Credit: 241,761,954 RAC: 143,546 |
If any Windows user, 64-bit only, is still affected by this, there is a hotfix v7.16.7 of BOINC available from https://boinc.berkeley.edu/download.php |
Send message Joined: 5 Jan 13 Posts: 43 Credit: 41,024,048 RAC: 1,387 |
It looks like overall speed is reduced after this incident. |
Send message Joined: 8 Jul 11 Posts: 1341 Credit: 493,894,121 RAC: 558,810 |
It looks like overall speed is reduced after this incident. Yes, speed has dropped significantly since the Pentathlon finished. I have been watching the stats page and it seems the big dogs have been slowly dropping- charity engine, grcpool, etc. There was a drop before the pentathlon which I am pretty sure is related to Covid19. But I agree the recent drops are due to the SSL certificate issue. Not sure what to do about it, and I don't think disabling SSL is a good idea. |
Send message Joined: 28 Oct 11 Posts: 180 Credit: 241,761,954 RAC: 143,546 |
But I agree the recent drops are due to the SSL certificate issue. Not sure what to do about it, and I don't think disabling SSL is a good idea.Both LHC@home and Rosetta@home managed to modify their server certificates in a way that enabled work to flow even for people with the older client version / certificate bundle. You could reach out to those two projects, either over the BOINC projects email list, or privately in case they don't want to be public about their security settings. |
Send message Joined: 8 Jul 11 Posts: 1341 Credit: 493,894,121 RAC: 558,810 |
But I agree the recent drops are due to the SSL certificate issue. Not sure what to do about it, and I don't think disabling SSL is a good idea.Both LHC@home and Rosetta@home managed to modify their server certificates in a way that enabled work to flow even for people with the older client version / certificate bundle. You could reach out to those two projects, either over the BOINC projects email list, or privately in case they don't want to be public about their security settings. I did try something yesterday, but I'm not sure yet if it worked. I'll reach out to them to see what they did. |
Send message Joined: 21 Sep 11 Posts: 3 Credit: 17,155,801 RAC: 0 |
Hello, It seems this modification impact more than upload/download. It seems some statistics websites are also having issues to retrieve the data: https://statsbzh.boinc-af.org/formulamt.php?project_id=numberfieldsathome& Will need to get around MyUneo, the Cupid of Service |