HTTP error: Peer certificate cannot be authenticated with given CA certificates

Dr Who Fan
Dr Who Fan
Joined: 3 May 14
Posts: 13
Credit: 191726
RAC: 0
Topic 85447

 Noticed this in my message logs and wondered if it is or could cause connection problems to the project :

13805 Albert@Home 12-11-2014 02:33 update requested by user 
13806   12-11-2014 02:33 [http] HTTP_OP::init_get(): https://albertathome.org/rss_main.php 
13807   12-11-2014 02:33 [http] HTTP_OP::libcurl_exec(): ca-bundle set 
13808   12-11-2014 02:33 [http] [ID#0] Info:  About to connect() to albertathome.org port 443 (#2) 
13809   12-11-2014 02:33 [http] [ID#0] Info:    Trying 129.89.61.67... 
13810 Albert@Home 12-11-2014 02:33 Sending scheduler request: Requested by user. 
13811 Albert@Home 12-11-2014 02:33 Reporting 1 completed tasks 
13812 Albert@Home 12-11-2014 02:33 Not requesting tasks: don't need 
13813 Albert@Home 12-11-2014 02:33 [http] HTTP_OP::init_post(): http://albert.phys.uwm.edu/AlbertAtHome_cgi/cgi 
13814 Albert@Home 12-11-2014 02:33 [http] HTTP_OP::libcurl_exec(): ca-bundle set 
13815   12-11-2014 02:33 [http] [ID#0] Info:  Connected to albertathome.org (129.89.61.67) port 443 (#2) 
13816   12-11-2014 02:33 [http] [ID#0] Info:  Connected to albertathome.org (129.89.61.67) port 443 (#2) 
13817   12-11-2014 02:33 [http] [ID#0] Info:  successfully set certificate verify locations: 
13818   12-11-2014 02:33 [http] [ID#0] Info:    CAfile: C:\BOINC\ca-bundle.crt 
13819   12-11-2014 02:33 [http] [ID#0] Info:    CApath: none 
13820   12-11-2014 02:33 [http] [ID#0] Info:  SSLv3, TLS handshake, Client hello (1): 
13821 Albert@Home 12-11-2014 02:33 [http] [ID#1] Info:  About to connect() to albert.phys.uwm.edu port 80 (#3) 
13822 Albert@Home 12-11-2014 02:33 [http] [ID#1] Info:    Trying 129.89.61.67... 
13823 Albert@Home 12-11-2014 02:33 [http] [ID#1] Info:  Connected to albert.phys.uwm.edu (129.89.61.67) port 80 (#3) 
13824 Albert@Home 12-11-2014 02:33 [http] [ID#1] Info:  Connected to albert.phys.uwm.edu (129.89.61.67) port 80 (#3) 
13825 Albert@Home 12-11-2014 02:33 [http] [ID#1] Sent header to server: POST /AlbertAtHome_cgi/cgi HTTP/1.1
 
13826 Albert@Home 12-11-2014 02:33 [http] [ID#1] Sent header to server: User-Agent: BOINC client (windows_intelx86 7.2.42)
 
13827 Albert@Home 12-11-2014 02:33 [http] [ID#1] Sent header to server: Host: albert.phys.uwm.edu
 
13828 Albert@Home 12-11-2014 02:33 [http] [ID#1] Sent header to server: Accept: */*
 
13829 Albert@Home 12-11-2014 02:33 [http] [ID#1] Sent header to server: Accept-Encoding: deflate, gzip
 
13830 Albert@Home 12-11-2014 02:33 [http] [ID#1] Sent header to server: Content-Type: application/x-www-form-urlencoded
 
13831 Albert@Home 12-11-2014 02:33 [http] [ID#1] Sent header to server: ACCEPT_LANGUAGE: en_US
 
13832 Albert@Home 12-11-2014 02:33 [http] [ID#1] Sent header to server: Content-Length: 77926
 
13833 Albert@Home 12-11-2014 02:33 [http] [ID#1] Sent header to server: Expect: 100-continue
 
13834 Albert@Home 12-11-2014 02:33 [http] [ID#1] Sent header to server:
 
13835   12-11-2014 02:33 [http] [ID#0] Info:  SSLv3, TLS handshake, Server hello (2): 
13836   12-11-2014 02:33 [http] [ID#0] Info:  SSLv3, TLS handshake, CERT (11): 
13837   12-11-2014 02:33 [http] [ID#0] Info:  SSLv3, TLS alert, Server hello (2): 
13838   12-11-2014 02:33 [http] [ID#0] Info:  SSL certificate problem, verify that the CA cert is OK. Details: 
13839   12-11-2014 02:33 [http] [ID#0] Info:  error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 
13840   12-11-2014 02:33 [http] [ID#0] Info:  Closing connection #2 
13841 Albert@Home 12-11-2014 02:33 [http] [ID#1] Received header from server: HTTP/1.1 100 Continue
 
13842   12-11-2014 02:33 [http] HTTP error: Peer certificate cannot be authenticated with given CA certificates 
13843 Albert@Home 12-11-2014 02:33 [http] [ID#1] Received header from server: HTTP/1.1 200 OK
 
13844 Albert@Home 12-11-2014 02:33 [http] [ID#1] Received header from server: Date: Wed, 12 Nov 2014 08:30:25 GMT
 
13845 Albert@Home 12-11-2014 02:33 [http] [ID#1] Received header from server: Server: Apache/2.2.3 (CentOS)
 
13846 Albert@Home 12-11-2014 02:33 [http] [ID#1] Received header from server: Transfer-Encoding: chunked
 
13847 Albert@Home 12-11-2014 02:33 [http] [ID#1] Received header from server: Content-Type: text/xml
 
13848 Albert@Home 12-11-2014 02:33 [http] [ID#1] Received header from server:
 
13849 Albert@Home 12-11-2014 02:33 [http] [ID#1] Info:  Connection #3 to host albert.phys.uwm.edu left intact 
13850 Albert@Home 12-11-2014 02:33 Scheduler request completed 

sig-1347.png

sig.png

rhb
rhb
Joined: 15 Aug 06
Posts: 1
Credit: 153281
RAC: 0

Nothing similar in my message

Nothing similar in my message file. This may have been a temporary configuration problem on the server which has been fixed already. If not, it probably works ok if it still allows to connect -- it appears that it did on the third attempt.

 

If this still occurs, it could theoretically allow someone to impersonate the albert@home site. Your boinc and OS versions might help someone figure out why it fails on your system.

Oliver Behnke
Oliver Behnke
Moderator
Administrator
Joined: 4 Sep 07
Posts: 320
Credit: 8545955
RAC: 0

Right, does the error still

Right, does the error still persist or can you reproduce it somehow?

Thanks,
Oliver 

Raspberry Pi - Brian
Raspberry Pi - Brian
Joined: 1 Jan 16
Posts: 1
Credit: 30438
RAC: 0

For Linux and Raspbian for

For Linux and Raspbian for the Raspberry Pi, this is discussed on the Einstein@Home forum and has been resolved by an update in the Raspbian (Jessie) repository.

https://einstein.phys.uwm.edu/forum_thread.php?id=11760

 (problem with ca-certificates)

Cheers!

// Brian

Expanding the edge of Science.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.