problem while trying to fetch 0.2.1.8-alpha

Wed Jan 21 09:43:01 UTC 2009

     I'm finally getting back to this.  Sorry about the delay again.
     On Wed, 31 Dec 2008 10:55:36 -0800 coderman <coderman at gmail.com>
wrote:
>On Wed, Dec 31, 2008 at 12:21 AM, Scott Bennett <bennett at cs.niu.edu> wrote:
>>...
>>     Nope.  Instead I get:
>
>ah the joys of PKI.  Tor has been changing certs.  new roots are
>http://www.entrust.net/developer/index.cfm and "Entrust Secure Server
>CA" is the one you want.
>
     Okay.  I downloaded entrust_ssl_ca.der (the man page for wget(1) says
it wants DER or PEM format for certificates) and put it into
/usr/local/openssl/certs with 644 permissions.  When trying for the new tor
development branch version, I get:

Script started on Wed Jan 21 03:33:15 2009
[hellas] 101 % wget --ca-directory=/usr/local/openssl/certs --ca-certificate=entrust_ssl_ca.der https://www.torproject.org/dist/tor-0.2.1.11-alpha.tar.gz.asc ht https://www.torproject.org/dist/tor-0.2.1.11-alpha.tar.gz.sha1 https://www.torproject.org/dist/tor-0.2.1.11-alpha.tar.gz
--03:33:53--  https://www.torproject.org/dist/tor-0.2.1.11-alpha.tar.gz.asc
           => `tor-0.2.1.11-alpha.tar.gz.asc'
Resolving www.torproject.org... 86.59.21.36
Connecting to www.torproject.org|86.59.21.36|:443... connected.
ERROR: Certificate verification error for www.torproject.org: unable to get local issuer certificate
To connect to www.torproject.org insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
--03:33:59--  https://www.torproject.org/dist/tor-0.2.1.11-alpha.tar.gz.sha1
           => `tor-0.2.1.11-alpha.tar.gz.sha1'
Connecting to www.torproject.org|86.59.21.36|:443... connected.
ERROR: Certificate verification error for www.torproject.org: unable to get local issuer certificate
To connect to www.torproject.org insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
--03:34:00--  https://www.torproject.org/dist/tor-0.2.1.11-alpha.tar.gz
           => `tor-0.2.1.11-alpha.tar.gz'
Connecting to www.torproject.org|86.59.21.36|:443... connected.
ERROR: Certificate verification error for www.torproject.org: unable to get local issuer certificate
To connect to www.torproject.org insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.

FINISHED --03:34:04--
Downloaded: 0 bytes in 0 files
[hellas] 102 % exit
exit

Script done on Wed Jan 21 03:34:09 2009

     I guess the only thing to do is to use the --no-check-certificate option
and then hope there's no MITM.  :-(


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************