I'm finally getting back to this. Sorry about the delay again. On Wed, 31 Dec 2008 10:55:36 -0800 coderman <coder...@gmail.com> wrote: >On Wed, Dec 31, 2008 at 12:21 AM, Scott Bennett <benn...@cs.niu.edu> wrote: >>... >> Nope. Instead I get: > >ah the joys of PKI. Tor has been changing certs. new roots are >http://www.entrust.net/developer/index.cfm and "Entrust Secure Server >CA" is the one you want. > Okay. I downloaded entrust_ssl_ca.der (the man page for wget(1) says it wants DER or PEM format for certificates) and put it into /usr/local/openssl/certs with 644 permissions. When trying for the new tor development branch version, I get:
Script started on Wed Jan 21 03:33:15 2009 [hellas] 101 % wget --ca-directory=/usr/local/openssl/certs --ca-certificate=entrust_ssl_ca.der https://www.torproject.org/dist/tor-0.2.1.11-alpha.tar.gz.asc ht https://www.torproject.org/dist/tor-0.2.1.11-alpha.tar.gz.sha1 https://www.torproject.org/dist/tor-0.2.1.11-alpha.tar.gz --03:33:53-- https://www.torproject.org/dist/tor-0.2.1.11-alpha.tar.gz.asc => `tor-0.2.1.11-alpha.tar.gz.asc' Resolving www.torproject.org... 86.59.21.36 Connecting to www.torproject.org|86.59.21.36|:443... connected. ERROR: Certificate verification error for www.torproject.org: unable to get local issuer certificate To connect to www.torproject.org insecurely, use `--no-check-certificate'. Unable to establish SSL connection. --03:33:59-- https://www.torproject.org/dist/tor-0.2.1.11-alpha.tar.gz.sha1 => `tor-0.2.1.11-alpha.tar.gz.sha1' Connecting to www.torproject.org|86.59.21.36|:443... connected. ERROR: Certificate verification error for www.torproject.org: unable to get local issuer certificate To connect to www.torproject.org insecurely, use `--no-check-certificate'. Unable to establish SSL connection. --03:34:00-- https://www.torproject.org/dist/tor-0.2.1.11-alpha.tar.gz => `tor-0.2.1.11-alpha.tar.gz' Connecting to www.torproject.org|86.59.21.36|:443... connected. ERROR: Certificate verification error for www.torproject.org: unable to get local issuer certificate To connect to www.torproject.org insecurely, use `--no-check-certificate'. Unable to establish SSL connection. FINISHED --03:34:04-- Downloaded: 0 bytes in 0 files [hellas] 102 % exit exit Script done on Wed Jan 21 03:34:09 2009 I guess the only thing to do is to use the --no-check-certificate option and then hope there's no MITM. :-( Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************