Click Here
home features news forums classifieds faqs links search
5688 members 
Amiga Q&A /  Free for All /  Emulation /  Gaming / (Latest Posts)
Login

Nickname

Password

Lost Password?

Don't have an account yet?
Register now!

Support Amigaworld.net
Your support is needed and is appreciated as Amigaworld.net is primarily dependent upon the support of its users.
Donate

Menu
Main sections
Home
Features
News
Forums
Classifieds
Links
Downloads
Extras
OS4 Zone
IRC Network
AmigaWorld Radio
Newsfeed
Top Members
Amiga Dealers
Information
About Us
FAQs
Advertise
Polls
Terms of Service
Search

IRC Channel
Server: irc.amigaworld.net
Ports: 1024,5555, 6665-6669
SSL port: 6697
Channel: #Amigaworld
Channel Policy and Guidelines

Who's Online
17 crawler(s) on-line.
 14 guest(s) on-line.
 0 member(s) on-line.



You are an anonymous user.
Register Now!
 Signman:  12 mins ago
 billt:  19 mins ago
 Jasper:  25 mins ago
 Dwyloc:  37 mins ago
 Comi:  37 mins ago
 Derfs:  37 mins ago
 CLXIV:  44 mins ago
 SOFISTISOFTWARE:  45 mins ago
 Bugala:  45 mins ago
 cip060:  46 mins ago

/  Forum Index
   /  Amiga OS4 Software
      /  OWB Security Certificates
Register To Post

PosterThread
sicky 
OWB Security Certificates
Posted on 29-Jul-2011 15:40:04
#1 ]
Elite Member
Joined: 11-Mar-2003
Posts: 2828
From: Essex, UK

I have just tried to log into my bank account (Barclays) and got the following error message

Quote:
Peer certificate cannot be authenticated with known CA certificates


I was able to log into it a few weeks ago so assume they have updated their security checks within the website. Nothing has changed with OWB so must assume this to be the case.

Is there any newer security certificates available for OWB?

Last edited by sicky on 29-Jul-2011 at 03:41 PM.

_________________
SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.

 Status: Offline
Profile     Report this post  
sundown 
Re: OWB Security Certificates
Posted on 29-Jul-2011 19:29:31
#2 ]
Elite Member
Joined: 30-Aug-2003
Posts: 5112
From: Right here...

@sicky

Seeing as how OWB (current os4 version) isn't being developed any more, I think you're out of luck. Mui-owb is suppost to come out after update 3 is released, maybe it will work.

_________________
Hate tends to make you look stupid...

 Status: Offline
Profile     Report this post  
MickJT 
Re: OWB Security Certificates
Posted on 29-Jul-2011 19:38:01
#3 ]
Cult Member
Joined: 13-Jan-2005
Posts: 523
From: Adelaide, South Australia

There is a tooltype you can use to ignore security certificates. I can't remember it though!

Edit: Actually I think it's an ENV variable.

Found it.

setenv WEBKIT_IGNORE_SSL_ERRORS 1

Create a file called WEBKIT_IGNORE_SSL_ERRORS in ENV and ENVARC: and inside of it, add "1" on a single line without the quotes.

There's also:

CURLOPT_SSL_VERIFYPEER
CURLOPT_SSL_VERIFYHOST

Which I believe you'd set to 0.

The proper fix is to update curl-ca-bundle.crt in the Resources directory.

Last edited by MickJT on 29-Jul-2011 at 07:43 PM.
Last edited by MickJT on 29-Jul-2011 at 07:41 PM.
Last edited by MickJT on 29-Jul-2011 at 07:40 PM.
Last edited by MickJT on 29-Jul-2011 at 07:39 PM.

 Status: Offline
Profile     Report this post  
Fab 
Re: OWB Security Certificates
Posted on 29-Jul-2011 21:06:02
#4 ]
Super Member
Joined: 17-Mar-2004
Posts: 1178
From: Unknown

Instead of disabling verification, you can try using the curl-ca-bundle.crt from the latest OWB MorphOS version. I generated it about a week ago.

 Status: Offline
Profile     Report this post  
sicky 
Re: OWB Security Certificates
Posted on 6-Aug-2011 18:12:11
#5 ]
Elite Member
Joined: 11-Mar-2003
Posts: 2828
From: Essex, UK

@MickJT

Quote:
setenv WEBKIT_IGNORE_SSL_ERRORS 1


Do I just do that in a shell? Me being stupid, forgot so much Amiga stuff!

Quote:
Create a file called WEBKIT_IGNORE_SSL_ERRORS in ENV and ENVARC: and inside of it, add "1" on a single line without the quotes.


Can I do that using NotePad or something, if so where do I save it to OS4.1:/Prefs/Env-Archive?

Quote:
There's also:

CURLOPT_SSL_VERIFYPEER
CURLOPT_SSL_VERIFYHOST


Where do I dind them, and where do they go, OWB/Resources/?


Quote:
The proper fix is to update curl-ca-bundle.crt in the Resources directory.


I downloaded that file and copied it to location of original but get the same error messages

_________________
SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.

 Status: Offline
Profile     Report this post  
hotrod 
Re: OWB Security Certificates
Posted on 6-Aug-2011 19:19:00
#6 ]
Elite Member
Joined: 11-Mar-2003
Posts: 2778
From: Stockholm, Sweden

@sicky

Yes you type that in a shell.

You should find answers here:

http://en.wikipedia.org/wiki/AmigaDOS

However yes you can use Notepad or Ed to create those files or use the setenv command, either way works.

 Status: Offline
Profile     Report this post  
nbache 
Re: OWB Security Certificates
Posted on 6-Aug-2011 22:13:44
#7 ]
Cult Member
Joined: 8-Apr-2003
Posts: 960
From: Copenhagen, Denmark

@sicky

Quote:
sicky wrote:
@MickJT

Quote:
setenv WEBKIT_IGNORE_SSL_ERRORS 1

Do I just do that in a shell? Me being stupid, forgot so much Amiga stuff!

Quote:
Create a file called WEBKIT_IGNORE_SSL_ERRORS in ENV and ENVARC: and inside of it, add "1" on a single line without the quotes.

Can I do that using NotePad or something, if so where do I save it to OS4.1:/Prefs/Env-Archive?

Don't bother messing about with creating files. All you need to do is the above command in a Shell:

setenv WEBKIT_IGNORE_SSL_ERRORS 1

- or, if you want it to be permanent:

setenv WEBKIT_IGNORE_SSL_ERRORS SAVE 1

Best regards,

Niels

 Status: Offline
Profile     Report this post  
sicky 
Re: OWB Security Certificates
Posted on 20-Aug-2011 18:13:56
#8 ]
Elite Member
Joined: 11-Mar-2003
Posts: 2828
From: Essex, UK

@All

Getting worse now, can't log into my Gmail account now either, and there was me thinking I can almost go Total Amiga (excuse the pun) now! Looks like these websites have changed something and say we cannot securely log in any more

_________________
SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.

 Status: Offline
Profile     Report this post  
sundown 
Re: OWB Security Certificates
Posted on 20-Aug-2011 21:46:16
#9 ]
Elite Member
Joined: 30-Aug-2003
Posts: 5112
From: Right here...

@sicky

The latest (Aug. 6th) certificate file is here http://curl.haxx.se/ca/cacert.pem

Copy the whole page, I used IBrowse menu Webpage/save source as/Plain text & saved it to RAM:.

Rename it as curl-ca-bundle.crt & copy it to Resources, it replaces the current .crt file.

Second, paste the following in NotePad, Mozilla/5.0 (Windows NT 6.0 rv:5.0) Gecko/20100101 Firefox/5.0, & save it as OWB_USER_AGENT. Save this to ENV: & SYS:Prefs/env-archive.

See if that helps, gmail works for me.

Last edited by sundown on 20-Aug-2011 at 09:46 PM.

_________________
Hate tends to make you look stupid...

 Status: Offline
Profile     Report this post  
ChrisH 
Re: OWB Security Certificates
Posted on 21-Aug-2011 9:29:49
#10 ]
Elite Member
Joined: 30-Jan-2005
Posts: 6673
From: Unknown

@sicky
Something must be wrong with your machine, because I can log into GMail just fine (tested right now - although I usually use SimpleMail because it's faster). However, I am using a recent security certificate, so perhaps that is your problem.

Quote:
The latest (Aug. 6th) certificate file is here http://curl.haxx.se/ca/cacert.pem

Copy the whole page, I used IBrowse menu Webpage/save source as/Plain text & saved it to RAM:.

Rename it as curl-ca-bundle.crt & copy it to Resources, it replaces the current .crt file.

Alternatively, in OWB just right-click that link, click on "Download Linked File", then in the file requester than appears click on the Resources folder & then the curl-ca-bundle.crt file, then click OK (you may then need to confirm you want to replace the file).

Or if you have not enabled right-clicking in OWB, then instead: Left click on the link, wait it has loaded the page, then use the "Project/Save As..." menu item, then in the file requester than appears click on the Resources folder & then the curl-ca-bundle.crt file, then click OK (you may then need to confirm you want to replace the file).

Rigo or someone should really add this to AmiUpdate, so it happens automatically. Or even just add the most recent version to OWB, as it comes with an *incredibly* outdated file.

Last edited by ChrisH on 21-Aug-2011 at 09:37 AM.
Last edited by ChrisH on 21-Aug-2011 at 09:36 AM.
Last edited by ChrisH on 21-Aug-2011 at 09:35 AM.
Last edited by ChrisH on 21-Aug-2011 at 09:33 AM.

_________________
Author of the PortablE programming language.
I can usually be found on www.Amigans.net (my favourite Amiga forum).
It is pitch black. You are likely to be eaten by a grue...

 Status: Offline
Profile     Report this post  
sicky 
Re: OWB Security Certificates
Posted on 21-Aug-2011 10:52:16
#11 ]
Elite Member
Joined: 11-Mar-2003
Posts: 2828
From: Essex, UK

@ChrisH

Strange things happening her, tried to log into Gmail and got usual 'security certificete blah blah bla' message, but when I clicked back button in OWB the site loaded and I can read my e-mails...... how weird is that!

_________________
SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.

 Status: Offline
Profile     Report this post  
sicky 
Re: OWB Security Certificates
Posted on 21-Aug-2011 11:23:33
#12 ]
Elite Member
Joined: 11-Mar-2003
Posts: 2828
From: Essex, UK

@sundown

Quote:
The latest (Aug. 6th) certificate file is here http://curl.haxx.se/ca/cacert.pem

Copy the whole page, I used IBrowse menu Webpage/save source as/Plain text & saved it to RAM:.

Rename it as curl-ca-bundle.crt & copy it to Resources, it replaces the current .crt file.

Second, paste the following in NotePad, Mozilla/5.0 (Windows NT 6.0 rv:5.0) Gecko/20100101 Firefox/5.0, & save it as OWB_USER_AGENT. Save this to ENV: & SYS:Prefs/env-archive.

See if that helps, gmail works for me.


I did all that and am now able to log into Gmail account with OWB but still unable to log into www.ibank.barclays.co.uk

_________________
SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.

 Status: Offline
Profile     Report this post  
kilaueabart 
Re: OWB Security Certificates
Posted on 27-Aug-2011 2:36:46
#13 ]
Cult Member
Joined: 14-Jun-2004
Posts: 646
From: Honolulu

@sicky

I was referred to this thread after I started an almost identical one on www.amigans.net. Only the name of the bank is really different (and I use YAM instead of Gmail). I was told the solution was here, but my result is the same as yours.

There was one thing I didn't do because I don't understand it, namely "Second, paste the following in NotePad, Mozilla/5.0 (Windows NT 6.0 rv:5.0) Gecko/20100101 Firefox/5.0, & save it as OWB_USER_AGENT. Save this to ENV: & SYS:Prefs/env-archive." I assume you understood and did it to no avail, so I'll stop worrying about it.

 Status: Offline
Profile     Report this post  
Spectre660 
Re: OWB Security Certificates
Posted on 27-Aug-2011 3:13:21
#14 ]
Elite Member
Joined: 4-Jun-2005
Posts: 3745
From: Unknown

@kilaueabart

I downloaded the version pointed to on Amigans.net today using Mozilla on a PC and copied the file to my Sam using samba. I was able to log in to my acount with a major US Bank after with OWB .
It is possible downloading the file with OWB may mess something up.

Edit:

The Github.com site does not work so not fixed .

Quote:

kilaueabart wrote:
@sicky

I was referred to this thread after I started an almost identical one on www.amigans.net. Only the name of the bank is really different (and I use YAM instead of Gmail). I was told the solution was here, but my result is the same as yours.

There was one thing I didn't do because I don't understand it, namely "Second, paste the following in NotePad, Mozilla/5.0 (Windows NT 6.0 rv:5.0) Gecko/20100101 Firefox/5.0, & save it as OWB_USER_AGENT. Save this to ENV: & SYS:Prefs/env-archive." I assume you understood and did it to no avail, so I'll stop worrying about it.

Last edited by Spectre660 on 27-Aug-2011 at 03:36 AM.

_________________

 Status: Offline
Profile     Report this post  
sicky 
Re: OWB Security Certificates
Posted on 27-Aug-2011 9:15:25
#15 ]
Elite Member
Joined: 11-Mar-2003
Posts: 2828
From: Essex, UK

@kilaueabart

Quote:
I was referred to this thread after I started an almost identical one on www.amigans.net. Only the name of the bank is really different (and I use YAM instead of Gmail). I was told the solution was here, but my result is the same as yours. There was one thing I didn't do because I don't understand it, namely "Second, paste the following in NotePad, Mozilla/5.0 (Windows NT 6.0 rv:5.0) Gecko/20100101 Firefox/5.0, & save it as OWB_USER_AGENT. Save this to ENV: & SYS:Prefs/env-archive." I assume you understood and did it to no avail, so I'll stop worrying about it.


I did the second item and it made no difference whatsoever. You basically put all that text into notepad and save it as OWB_USER_AGENT where it says, I did all that!

I have tried IBrowse, OWB, Timberwolf and NetSurf all with same result, so it looks like the banks etc have changed their requirements with regarding security.

_________________
SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.

 Status: Offline
Profile     Report this post  
sicky 
Re: OWB Security Certificates
Posted on 27-Aug-2011 14:12:30
#16 ]
Elite Member
Joined: 11-Mar-2003
Posts: 2828
From: Essex, UK

@All

Just grabbed this file at http://curl.haxx.se/ca/cacert.pem and now it all works again, thanks to ChrisH for pointing it to me

_________________
SAM 460 with 2GB or RAM, 1000GB HD, 4 port SATA, DVDRW drive and Radeon HD 4650 GFX card.

 Status: Offline
Profile     Report this post  
Xenic 
Re: OWB Security Certificates
Posted on 29-Aug-2011 15:26:57
#17 ]
Super Member
Joined: 2-Feb-2004
Posts: 1238
From: Pennsylvania, USA

@Fab
Quote:
nstead of disabling verification, you can try using the curl-ca-bundle.crt from the latest OWB MorphOS version. I generated it about a week ago.

I D/L the latest MOS OWB (1.14) on your site and the extraction date at the top of the file is April 13, 2011 while the CURL cert file has an extraction date of Aug 6, 2011 at the top of the file. Diffing the 2 files shows differences in some of the certificates. I don't know if one of the files is corrupt or if you didn't actually generate the latest file.

_________________
X1000 with 2GB memory & OS4.1FE

 Status: Offline
Profile     Report this post  
Fab 
Re: OWB Security Certificates
Posted on 29-Aug-2011 16:01:16
#18 ]
Super Member
Joined: 17-Mar-2004
Posts: 1178
From: Unknown

@Xenic

First, it was generated in July or so (whatever the header says), and secondly, the official generated bundle from CURL lacks 4 certificates classes that are quite commonly used, so i added them as well.

 Status: Offline
Profile     Report this post  

[ home ][ about us ][ privacy ] [ forums ][ classifieds ] [ links ][ news archive ] [ link to us ][ user account ]
Copyright (C) 2000 - 2019 Amigaworld.net.
Amigaworld.net was originally founded by David Doyle