Cannot Verify bitbucket.org's Certificate

Bug #1371201 reported by jean-christophe manciot on 2014-09-18
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Pipelight
Undecided
Unassigned
pipelight-multi (Ubuntu)
Undecided
Unassigned

Bug Description

Environment: Ubuntu 14.04 - pipelight-multi 0.2.7.1 with all dependencies
------------------
System Check: System-Check.txt - Libraries fail on libXxf86vm.so.1, but it is present.
-------------------
Installed Plugins: pipelight-plugin --list-enabled-all: silverlight5.1
-----------------------
console output: pipelight.log
---------------------

Running 'pipelight-plugin --update' leads to the following error:

"root@MSI-GE60-Ubuntu-14:/home/actionmystique# pipelight-plugin --update
--2014-09-18 18:20:59-- https://bitbucket.org/mmueller2012/pipelight/raw/master/share/install-dependency.sig
Resolving bitbucket.org (bitbucket.org)... 131.103.20.168, 131.103.20.167
Connecting to bitbucket.org (bitbucket.org)|131.103.20.168|:443... connected.
ERROR: cannot verify bitbucket.org's certificate, issued by ‘/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV CA-1’:
  Unable to locally verify the issuer's authority.
To connect to bitbucket.org insecurely, use `--no-check-certificate'.

ERROR: Failed to download latest dependency-installer script"

The "--no-check-certificate" is not allowed.

Downoading "https://bitbucket.org/mmueller2012/pipelight/raw/master/share/install-dependency.sig" through a browser is possible, but then what?

export SSL_CERT_DIR=/etc/ssl/certs has been helpful.

Now, "pipelight-plugin --update" leads to:

--2014-09-20 09:24:52-- https://bitbucket.org/mmueller2012/pipelight/raw/master/share/install-dependency.sig
Resolving bitbucket.org (bitbucket.org)... 131.103.20.168, 131.103.20.167
Connecting to bitbucket.org (bitbucket.org)|131.103.20.168|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9609 (9.4K) [application/pgp-signature]
Saving to: ‘/tmp/tmp.WeljfL54h5’

100%[============================================================================================================>] 9,609 --.-K/s in 0s

2014-09-20 09:24:52 (280 MB/s) - ‘/tmp/tmp.WeljfL54h5’ saved [9609/9609]

gpg: Signature made Thu 11 Sep 2014 10:19:57 PM CEST using RSA key ID 1C3B0533
gpg: Good signature from "Pipelight Dev Team <email address hidden>"
**************************************************************************
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3978 8ABB 0402 FC31 D4FB 22AA 0B6B 817C 1C3B 0533
**************************************************************************

Michael Müller (mqchael) wrote :

Hi,

your last output looks okay. The warning is only caused by the fact that you did not define our key as trusted signature (which is not necessary). However the line:

gpg: Good signature from "Pipelight Dev Team <email address hidden>"

indicates that the signature check was successful.

Michael

Ron Widell (r-widell) wrote :

I have the same issue as jean-christophe manciot wrt bitbucket.org certificate, with a couple of minor differences:

Environment:
Kubuntu 14.04, pipelight-multi 0.2.8~ubuntu14.04.1 with all dependencies

system-check fails on Libraries saying libnetapi.so is missing (but it's in the same directories as the other libs).

--
export SSL_CERT_DIR=/etc/ssl/certs was no help to me, I got the same error.
So I edited the pipelight-plugin file to add the --no-check-certificate option to the invocation of wget (diff file attached). I figured that was safe since the gpg signature of the downloaded file was also checked (and passed).

Thanks,
ron

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers