Message boards : Number crunching : Peer certificate cannot be authenticated with given CA certificates
Previous · 1 . . . 4 · 5 · 6 · 7 · 8 · 9 · Next
Author | Message |
---|---|
monk_duck Send message Joined: 17 Nov 09 Posts: 11 Credit: 284,039 RAC: 0 |
Nope still broken on Android, any update on this? |
bunnybooboo Send message Joined: 15 Apr 20 Posts: 8 Credit: 66,579 RAC: 0 |
Not yet. Work is progressing over in Github though, particularly in relation to this security certificate issue. Based on those linked conversations (and pending pull requests) It looks likely we'll see a bump to 7.4+, at least on Android. |
Mr P Hucker Send message Joined: 12 Aug 06 Posts: 1600 Credit: 11,717,270 RAC: 11,974 |
Nope still broken on Android, any update on this? LHC and Rosetta both working fine on my Android 7.0 phone and my Android 4.5 phone - I upgraded to 7.16.3 on both. |
monk_duck Send message Joined: 17 Nov 09 Posts: 11 Credit: 284,039 RAC: 0 |
Not yet. Work is progressing over in Github though, particularly in relation to this security certificate issue. Based on those linked conversations (and pending pull requests) It looks likely we'll see a bump to 7.4+, at least on Android. Thanks I'll await a boinc update to appear, look like 7.4.53 is currently on google play so hopefully they update soon. Nope still broken on Android, any update on this? Was that through Google Play? |
Mr P Hucker Send message Joined: 12 Aug 06 Posts: 1600 Credit: 11,717,270 RAC: 11,974 |
Not yet. Work is progressing over in Github though, particularly in relation to this security certificate issue. Based on those linked conversations (and pending pull requests) It looks likely we'll see a bump to 7.4+, at least on Android. No, I just went to the link provided in here: https://boinc.berkeley.edu/download_all.php - Android is at the bottom. |
Razvan.Dumitriu Send message Joined: 10 Jun 06 Posts: 1 Credit: 12,032 RAC: 0 |
The easiest way would be for BOINC to update, but until then, a workaround is to either manually do that edit as you mentioned or just refresh the ca-bundle.crt file with an updated version on your own: https://github.com/bagder/ca-bundle You can download it from there and replace your current file in the BOINC installation folder. If you download from https://curl.haxx.se/docs/caextract.html , make sure you rename the cacert.pem to the current "ca-bundle.crt" filename and replace it in your BOINC folder. This worked for me |
Mr P Hucker Send message Joined: 12 Aug 06 Posts: 1600 Credit: 11,717,270 RAC: 11,974 |
Why didn't Boinc just warn us "are you sure you want to use an outdated security certificate?" That's what I got a few times browsing websites that were expired. Most people wouldn't panic over a few days, just like you'd eat a yogurt that was a day over the sellby date. |
mikey Send message Joined: 5 Jan 06 Posts: 1895 Credit: 9,132,479 RAC: 4,817 |
Why didn't Boinc just warn us "are you sure you want to use an outdated security certificate?" That's what I got a few times browsing websites that were expired. Most people wouldn't panic over a few days, just like you'd eat a yogurt that was a day over the sellby date. Because no one realized it until it happened, don't know if warnings were sent to the Developers and people ignored them but now it is what it is. One thing is that most versions of Boinc above 10.04 still worked fine for awhile, versions older than that are the first ones in trouble. People were still using OLD OLD OLD versions of Boinc, even some of the Linux Distros linked to OLD versions of Boinc if people didn't add the Boinc PPA manually. I guess that's what happens when they go to an all volunteer group, other things get in the way. |
Brian Nixon Send message Joined: 12 Apr 20 Posts: 293 Credit: 8,432,366 RAC: 0 |
Why didn't Boinc just warn usIt might not have been that simple. The fault is in the OpenSSL library that ships with BOINC, which BOINC uses indirectly through curl. While BOINC might not have been written to cope with such a problem, the information needed for it to be able to might not even have been available. |
Mr P Hucker Send message Joined: 12 Aug 06 Posts: 1600 Credit: 11,717,270 RAC: 11,974 |
Because no one realized it until it happened, don't know if warnings were sent to the Developers and people ignored them but now it is what it is. One thing is that most versions of Boinc above 10.04 still worked fine for awhile, versions older than that are the first ones in trouble. People were still using OLD OLD OLD versions of Boinc, even some of the Linux Distros linked to OLD versions of Boinc if people didn't add the Boinc PPA manually. I guess that's what happens when they go to an all volunteer group, other things get in the way. An autoupdate facility on Boinc would go a long way.... every other program does this nowadays. The fault is in the OpenSSL library that ships with BOINC, which BOINC uses indirectly through curl. While BOINC might not have been written to cope with such a problem, the information needed for it to be able to might not even have been available. When something expires and I'm browsing a webpage in Opera, Opera just tells me it may be unsafe. Why can the same not occur with Boinc? |
Brian Nixon Send message Joined: 12 Apr 20 Posts: 293 Credit: 8,432,366 RAC: 0 |
It can; whether it does seems more a question of whether the developers want to prioritise predicting, testing for and dealing with obscure once-in-a-decade bugs in complex third-party libraries… |
Mr P Hucker Send message Joined: 12 Aug 06 Posts: 1600 Credit: 11,717,270 RAC: 11,974 |
It can; whether it does seems more a question of whether the developers want to prioritise predicting, testing for and dealing with obscure once-in-a-decade bugs in complex third-party libraries… Hopefully programmers of nuclear power plant control systems take greater care :-) |
Mod.Sense Volunteer moderator Send message Joined: 22 Aug 06 Posts: 4018 Credit: 0 RAC: 0 |
Hopefully the programmers of nuclear power plant control systems can presume there is an active window with a person viewing that can respond to a prompt. Rosetta Moderator: Mod.Sense |
Brian Nixon Send message Joined: 12 Apr 20 Posts: 293 Credit: 8,432,366 RAC: 0 |
You could argue that BOINC was actually pretty robust in the face of the unexpected condition in May. Connections failed; the client backed off and kept retrying periodically; after action was taken at the server end, connections succeeded and normal operation resumed without user intervention. I imagine a healthy proportion of crunchers never even noticed a problem. |
Mr P Hucker Send message Joined: 12 Aug 06 Posts: 1600 Credit: 11,717,270 RAC: 11,974 |
Hopefully the programmers of nuclear power plant control systems can presume there is an active window with a person viewing that can respond to a prompt. Most programs on PCs will produce some kind of warning. Even things in the background. That's why we have a notification area. I notice when AVG needs a reboot for example. If I'm not there, there's no harm in the warning being sat there. But if I am there, I can do something about it. Just don't make it like Windows 10 where if you're not there it makes stupid assumptions and reboots the PC without permission (they really should be royally sued for that, people have lost much work and money because of it). |
Mr P Hucker Send message Joined: 12 Aug 06 Posts: 1600 Credit: 11,717,270 RAC: 11,974 |
You could argue that BOINC was actually pretty robust in the face of the unexpected condition in May. Connections failed; the client backed off and kept retrying periodically; after action was taken at the server end, connections succeeded and normal operation resumed without user intervention. I imagine a healthy proportion of crunchers never even noticed a problem. Yes, it does manage fairly well. But I've found a lot of tweaking is required to get things to work well. I use Boinctasks to view it sensibly, otherwise I have an enormous list of tasks, with no colours to show what's running, and no grouping of queues. When you run Milkyway on a GPU, you have queues of several hundred tasks, not really acceptable to view in the Boinc Manager. And when you run 6 computers, I don't think Boinc Manager can show them all on one screen. And I use TThrottle, because no matter how big a fan you put on things, they still overheat. |
Grant (SSSF) Send message Joined: 28 Mar 20 Posts: 1673 Credit: 17,608,285 RAC: 22,349 |
And I use TThrottle, because no matter how big a fan you put on things, they still overheat.Only if there is a problem with the system. I've had systems with the CPU & 2GPUs running fully loaded in 38°c+ temperatures (and not getting below 30°c) with no problems. Grant Darwin NT |
Mr P Hucker Send message Joined: 12 Aug 06 Posts: 1600 Credit: 11,717,270 RAC: 11,974 |
And I use TThrottle, because no matter how big a fan you put on things, they still overheat.Only if there is a problem with the system. I can't see how that's possible. GPUs give off up to 250W each. Half a kilowatt is not possible to remove from a case without some kind of industrial fans blasting it out loud enough so you can't hear yourself think. I have most of mine out of cases on bookshelves, which is much better, as they suck in fresh air, but even with the air intake of the GPU at 25C, the exhaust is 70C, that's with their stock fans at 100%. |
Grant (SSSF) Send message Joined: 28 Mar 20 Posts: 1673 Credit: 17,608,285 RAC: 22,349 |
My video cards are mid range units- 175W max.I can't see how that's possible. GPUs give off up to 250W each. Half a kilowatt is not possible to remove from a case without some kind of industrial fans blasting it out loud enough so you can't hear yourself think.And I use TThrottle, because no matter how big a fan you put on things, they still overheat.Only if there is a problem with the system. A water cooled CPU with a large case which is designed for good air flow, with large fans (the larger the fan the more air it can move at lower speeds). They are noisy, but not that noisy- the ceiling fans going flat out tend to be louder than the computer fans. A good- large -case can handle a 750W load with ease. A small case with small fans, will sound like an aircraft taking off and still not be able to remove all the heat. Grant Darwin NT |
mikey Send message Joined: 5 Jan 06 Posts: 1895 Credit: 9,132,479 RAC: 4,817 |
And I use TThrottle, because no matter how big a fan you put on things, they still overheat.Only if there is a problem with the system. Well positioned fans helps too, top and side fans can move alot of air. If you do air cooling be sure to use very good cpu fans with at least 4 heat pipes and replace the paste between the cpu and it's fan no more than every other year, every year is better. Lots of places rate cpu cooling fans, be sure to check them out before buying, most of the time using the one supplied by your cpu maker isn't as good as it could be. I have a 'computer room' so leave the side off of all my cases for better airflow, I do get the occasional mosquito stuck on a cooling vent but they clean out easily. |
Message boards :
Number crunching :
Peer certificate cannot be authenticated with given CA certificates
©2024 University of Washington
https://www.bakerlab.org