I have just tried to log into my bank account (Barclays) and got the following error message

Quote:

Peer certificate cannot be authenticated with known CA certificates

I was able to log into it a few weeks ago so assume they have updated their security checks within the website. Nothing has changed with OWB so must assume this to be the case.

Is there any newer security certificates available for OWB?

Last edited by sicky on 29-Jul-2011 at 03:41 PM.

_________________
SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.

@sicky

Seeing as how OWB (current os4 version) isn't being developed any more, I think you're out of luck. Mui-owb is suppost to come out after update 3 is released, maybe it will work.

_________________
Hate tends to make you look stupid...

There is a tooltype you can use to ignore security certificates. I can't remember it though!

Edit: Actually I think it's an ENV variable.

Found it.

setenv WEBKIT_IGNORE_SSL_ERRORS 1

Create a file called WEBKIT_IGNORE_SSL_ERRORS in ENV and ENVARC: and inside of it, add "1" on a single line without the quotes.

There's also:

CURLOPT_SSL_VERIFYPEER
CURLOPT_SSL_VERIFYHOST

Which I believe you'd set to 0.

The proper fix is to update curl-ca-bundle.crt in the Resources directory.

Last edited by MickJT on 29-Jul-2011 at 07:43 PM.
Last edited by MickJT on 29-Jul-2011 at 07:41 PM.
Last edited by MickJT on 29-Jul-2011 at 07:40 PM.
Last edited by MickJT on 29-Jul-2011 at 07:39 PM.

Instead of disabling verification, you can try using the curl-ca-bundle.crt from the latest OWB MorphOS version. I generated it about a week ago.

@MickJT

Quote:

setenv WEBKIT_IGNORE_SSL_ERRORS 1

Do I just do that in a shell? Me being stupid, forgot so much Amiga stuff!

Quote:

Create a file called WEBKIT_IGNORE_SSL_ERRORS in ENV and ENVARC: and inside of it, add "1" on a single line without the quotes.

Can I do that using NotePad or something, if so where do I save it to OS4.1:/Prefs/Env-Archive?

Quote:

There's also: CURLOPT_SSL_VERIFYPEER CURLOPT_SSL_VERIFYHOST

Where do I dind them, and where do they go, OWB/Resources/?


Quote:

The proper fix is to update curl-ca-bundle.crt in the Resources directory.

I downloaded that file and copied it to location of original but get the same error messages

_________________
SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.

@sicky

Yes you type that in a shell.

You should find answers here:

http://en.wikipedia.org/wiki/AmigaDOS

However yes you can use Notepad or Ed to create those files or use the setenv command, either way works.

@sicky

Quote:

sicky wrote: @MickJT Quote: setenv WEBKIT_IGNORE_SSL_ERRORS 1 Do I just do that in a shell? Me being stupid, forgot so much Amiga stuff! Quote: Create a file called WEBKIT_IGNORE_SSL_ERRORS in ENV and ENVARC: and inside of it, add "1" on a single line without the quotes. Can I do that using NotePad or something, if so where do I save it to OS4.1:/Prefs/Env-Archive?

Don't bother messing about with creating files. All you need to do is the above command in a Shell:

setenv WEBKIT_IGNORE_SSL_ERRORS 1

- or, if you want it to be permanent:

setenv WEBKIT_IGNORE_SSL_ERRORS SAVE 1

Best regards,

Niels

@All

Getting worse now, can't log into my Gmail account now either, and there was me thinking I can almost go Total Amiga (excuse the pun) now! Looks like these websites have changed something and say we cannot securely log in any more

_________________
SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.

@sicky

The latest (Aug. 6th) certificate file is here http://curl.haxx.se/ca/cacert.pem

Copy the whole page, I used IBrowse menu Webpage/save source as/Plain text & saved it to RAM:.

Rename it as curl-ca-bundle.crt & copy it to Resources, it replaces the current .crt file.

Second, paste the following in NotePad, Mozilla/5.0 (Windows NT 6.0 rv:5.0) Gecko/20100101 Firefox/5.0, & save it as OWB_USER_AGENT. Save this to ENV: & SYS:Prefs/env-archive.

See if that helps, gmail works for me.

Last edited by sundown on 20-Aug-2011 at 09:46 PM.

_________________
Hate tends to make you look stupid...

@sicky
Something must be wrong with your machine, because I can log into GMail just fine (tested right now - although I usually use SimpleMail because it's faster). However, I am using a recent security certificate, so perhaps that is your problem.

Quote:

The latest (Aug. 6th) certificate file is here http://curl.haxx.se/ca/cacert.pem Copy the whole page, I used IBrowse menu Webpage/save source as/Plain text & saved it to RAM:. Rename it as curl-ca-bundle.crt & copy it to Resources, it replaces the current .crt file.

Alternatively, in OWB just right-click that link, click on "Download Linked File", then in the file requester than appears click on the Resources folder & then the curl-ca-bundle.crt file, then click OK (you may then need to confirm you want to replace the file).

Or if you have not enabled right-clicking in OWB, then instead: Left click on the link, wait it has loaded the page, then use the "Project/Save As..." menu item, then in the file requester than appears click on the Resources folder & then the curl-ca-bundle.crt file, then click OK (you may then need to confirm you want to replace the file).

Rigo or someone should really add this to AmiUpdate, so it happens automatically. Or even just add the most recent version to OWB, as it comes with an *incredibly* outdated file.

Last edited by ChrisH on 21-Aug-2011 at 09:37 AM.
Last edited by ChrisH on 21-Aug-2011 at 09:36 AM.
Last edited by ChrisH on 21-Aug-2011 at 09:35 AM.
Last edited by ChrisH on 21-Aug-2011 at 09:33 AM.

_________________
Author of the PortablE programming language.
It is pitch black. You are likely to be eaten by a grue...

@ChrisH

Strange things happening her, tried to log into Gmail and got usual 'security certificete blah blah bla' message, but when I clicked back button in OWB the site loaded and I can read my e-mails...... how weird is that!

_________________
SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.

@sundown

Quote:

The latest (Aug. 6th) certificate file is here http://curl.haxx.se/ca/cacert.pem Copy the whole page, I used IBrowse menu Webpage/save source as/Plain text & saved it to RAM:. Rename it as curl-ca-bundle.crt & copy it to Resources, it replaces the current .crt file. Second, paste the following in NotePad, Mozilla/5.0 (Windows NT 6.0 rv:5.0) Gecko/20100101 Firefox/5.0, & save it as OWB_USER_AGENT. Save this to ENV: & SYS:Prefs/env-archive. See if that helps, gmail works for me.

I did all that and am now able to log into Gmail account with OWB but still unable to log into www.ibank.barclays.co.uk

_________________
SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.

@sicky

I was referred to this thread after I started an almost identical one on www.amigans.net. Only the name of the bank is really different (and I use YAM instead of Gmail). I was told the solution was here, but my result is the same as yours.

There was one thing I didn't do because I don't understand it, namely "Second, paste the following in NotePad, Mozilla/5.0 (Windows NT 6.0 rv:5.0) Gecko/20100101 Firefox/5.0, & save it as OWB_USER_AGENT. Save this to ENV: & SYS:Prefs/env-archive." I assume you understood and did it to no avail, so I'll stop worrying about it.

@kilaueabart

I downloaded the version pointed to on Amigans.net today using Mozilla on a PC and copied the file to my Sam using samba. I was able to log in to my acount with a major US Bank after with OWB .
It is possible downloading the file with OWB may mess something up.

Edit:

The Github.com site does not work so not fixed .

Quote:

kilaueabart wrote: @sicky I was referred to this thread after I started an almost identical one on www.amigans.net. Only the name of the bank is really different (and I use YAM instead of Gmail). I was told the solution was here, but my result is the same as yours. There was one thing I didn't do because I don't understand it, namely "Second, paste the following in NotePad, Mozilla/5.0 (Windows NT 6.0 rv:5.0) Gecko/20100101 Firefox/5.0, & save it as OWB_USER_AGENT. Save this to ENV: & SYS:Prefs/env-archive." I assume you understood and did it to no avail, so I'll stop worrying about it.

Last edited by Spectre660 on 27-Aug-2011 at 03:36 AM.

_________________
Sam460ex : Radeon Rx550 Single slot Video Card : SIL3112 SATA card

@kilaueabart

Quote:

I was referred to this thread after I started an almost identical one on www.amigans.net. Only the name of the bank is really different (and I use YAM instead of Gmail). I was told the solution was here, but my result is the same as yours. There was one thing I didn't do because I don't understand it, namely "Second, paste the following in NotePad, Mozilla/5.0 (Windows NT 6.0 rv:5.0) Gecko/20100101 Firefox/5.0, & save it as OWB_USER_AGENT. Save this to ENV: & SYS:Prefs/env-archive." I assume you understood and did it to no avail, so I'll stop worrying about it.

I did the second item and it made no difference whatsoever. You basically put all that text into notepad and save it as OWB_USER_AGENT where it says, I did all that!

I have tried IBrowse, OWB, Timberwolf and NetSurf all with same result, so it looks like the banks etc have changed their requirements with regarding security.

_________________
SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.

@All

Just grabbed this file at http://curl.haxx.se/ca/cacert.pem and now it all works again, thanks to ChrisH for pointing it to me

_________________
SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.

@Fab
Quote:

nstead of disabling verification, you can try using the curl-ca-bundle.crt from the latest OWB MorphOS version. I generated it about a week ago.

I D/L the latest MOS OWB (1.14) on your site and the extraction date at the top of the file is April 13, 2011 while the CURL cert file has an extraction date of Aug 6, 2011 at the top of the file. Diffing the 2 files shows differences in some of the certificates. I don't know if one of the files is corrupt or if you didn't actually generate the latest file.

_________________
X1000 with 2GB memory & OS4.1FE

@Xenic

First, it was generated in July or so (whatever the header says), and secondly, the official generated bundle from CURL lacks 4 certificates classes that are quite commonly used, so i added them as well.