You are not logged in.

#1 2015-06-25 12:29:56

hoschi
Member
From: Ulm (Germany)
Registered: 2008-11-03
Posts: 468

[Epiphany] CSS and Images are not loaded on archlinux.org

Hello!

Since some days, the CSS (Layout) and Images are not loaded inside Epiphany on archlinux.org.
The reason for this seem to be an unacceptable TLS-Certificate for the CSS-File (WebKit Inspector -> Console -> Error):

Failed to load resource: Unacceptable TLS certificate https://d11xdyzr0div58.cloudfront.net/static/archweb.0cdf960f55ca.css

I have the unsharp memory, that this happend some year ago in the same way. Can we fix that?
Why do we store the CSS on a different server? It's by nature very small and a core part of the website. This feels groggy and unsecure.

Thanks




// update -> certificat details from Epiphany:
The signing certificate authority is not known

*.cloudfront.net
Identity: *.cloudfront.net
Verified by: VeriSign Class 3 Secure Server CA - G3
Expires: 10/19/2015

Subject Name
C (Country):    US
ST (State):    Washington
L (Locality):    Seattle
O (Organization):    Amazon.com, Inc.
CN (Common Name):    *.cloudfront.net
Issuer Name
C (Country):    US
O (Organization):    VeriSign, Inc.
OU (Organizational Unit):    VeriSign Trust Network
OU (Organizational Unit):    Terms of use at https://www.verisign.com/rpa (c)10
CN (Common Name):    VeriSign Class 3 Secure Server CA - G3
Issued Certificate
Version:    3
Serial Number:    06 FE 7A 77 26 29 96 80 A8 29 22 92 70 B5 07 4F
Not Valid Before:    2015-02-19
Not Valid After:    2015-10-19
Certificate Fingerprints
SHA1:    F3 4D EF 81 76 18 DF 3F 28 94 A4 8E D0 3C AE B1 B1 66 1C BE
MD5:    FB 21 9E 65 13 33 D7 58 2A 58 A5 A1 5D FC 03 CA
Public Key Info
Key Algorithm:    RSA
Key Parameters:    05 00
Key Size:    2048
Key SHA1 Fingerprint:    AB 1E 20 9E A0 F7 9B 1F AC 05 DF 85 C4 52 C3 50 54 CF 3F D8
Public Key:    30 82 01 0A 02 82 01 01 00 9D B3 8A 0C 5E C4 CF A8 04 82 02 F3 63 64 2F A7 10 A1 7E 8E E2 1C 2D EA AC 62 AD B2 1C 46 A9 33 D2 98 76 17 57 5E DE F1 63 06 81 7A 2A 35 FA 15 4F BE CE 97 4D D4 EB 17 41 44 37 7E 13 9A 30 70 2E ED 1C DA ED F1 D8 16 AC 01 09 A6 2A 7B DB 89 2A 91 C6 DF C6 33 D4 DC B0 A0 A5 CF 30 32 BF A8 F6 CA D8 D6 E4 3C 96 34 AA 95 AE F7 E3 A3 A9 F1 F1 D6 3B 02 B9 51 7E EB 3B 1D 9C 51 F4 BD 85 52 01 1B A0 E9 E9 C4 DA 2E BB F7 B5 2F 8B 64 AD 58 20 87 1B DA F9 5A 45 30 58 9F 07 8A 93 E0 56 69 20 50 DD 80 EE 32 D8 40 22 91 81 31 51 07 60 A9 DF 96 0B B2 B7 E0 CB FF EA 09 0F ED 52 56 45 A6 46 52 81 FD E5 24 AB 1E 39 C3 C0 68 9D 1B 9D 04 15 8B A2 97 4A 6E 3B 5D 45 97 A3 D4 6E 51 82 35 AA 88 0E 0E D9 B1 B8 89 EA 93 0E 3C 3A 83 D8 A5 2E 5C 8F F8 44 16 B1 4F 96 2F F8 E6 D5 B8 DE 37 02 03 01 00 01
Subject Alternative Names
DNS:    cloudfront.net
DNS:    *.cloudfront.net
Critical:    No
Basic Constraints
Certificate Authority:    No
Max Path Length:    Unlimited
Critical:    No
Key Usage
Usages:    Digital signature
Key encipherment
Critical:    Yes
Extended Key Usage
Allowed Purposes:    Server Authentication
Client Authentication
Critical:    No
Extension
Identifier:    2.5.29.32
Value:    30 5C 30 5A 06 0A 60 86 48 01 86 F8 45 01 07 36 30 4C 30 23 06 08 2B 06 01 05 05 07 02 01 16 17 68 74 74 70 73 3A 2F 2F 64 2E 73 79 6D 63 62 2E 63 6F 6D 2F 63 70 73 30 25 06 08 2B 06 01 05 05 07 02 02 30 19 1A 17 68 74 74 70 73 3A 2F 2F 64 2E 73 79 6D 63 62 2E 63 6F 6D 2F 72 70 61
Critical:    No
Extension
Identifier:    2.5.29.35
Value:    30 16 80 14 0D 44 5C 16 53 44 C1 82 7E 1D 20 AB 25 F4 01 63 D8 BE 79 A5
Critical:    No
Extension
Identifier:    2.5.29.31
Value:    30 22 30 20 A0 1E A0 1C 86 1A 68 74 74 70 3A 2F 2F 73 64 2E 73 79 6D 63 62 2E 63 6F 6D 2F 73 64 2E 63 72 6C
Critical:    No
Extension
Identifier:    1.3.6.1.5.5.7.1.1
Value:    30 49 30 1F 06 08 2B 06 01 05 05 07 30 01 86 13 68 74 74 70 3A 2F 2F 73 64 2E 73 79 6D 63 64 2E 63 6F 6D 30 26 06 08 2B 06 01 05 05 07 30 02 86 1A 68 74 74 70 3A 2F 2F 73 64 2E 73 79 6D 63 62 2E 63 6F 6D 2F 73 64 2E 63 72 74
Critical:    No
Signature
Signature Algorithm:    SHA1 with RSA
Signature Parameters:    05 00
Signature:    5E 96 BC 15 03 0C F5 42 75 A8 9E 58 45 FC 59 BA FB B2 8F 41 D0 28 89 65 4C 2A 3C 4C 52 54 14 20 D3 B6 FB AF 9C 76 2F 87 61 FB AF 11 9C F2 87 A0 4D 1F 2C 90 82 25 B6 24 37 24 EC 75 78 8D 6C FA 49 7C 4A 9D 50 45 C5 23 C1 FB AF AD 4F 24 4B 7F 54 05 D1 31 16 53 ED 56 49 5C 7D D0 40 75 31 D7 4D 68 58 D5 8D 2F BD 65 6A 5E 52 2F F9 E6 1A 9C 9E 00 5D AC C2 BA 40 40 83 F3 FB BD BF FE C1 76 07 14 8D 9B 80 47 0E 31 B6 05 88 59 53 5A 80 FF A0 93 D5 1A CC 65 F0 AE 3D 12 2E C9 7A 58 3F E7 3A 06 40 88 4E 67 4C 5D 96 49 3B 9C 34 BD F4 87 A6 0C 78 2C 95 69 DA 64 82 B3 DF 8B EE D7 EB 87 CE FB C6 AD E8 E3 1D 10 64 EF 29 2C 28 13 F2 15 A7 3C 35 78 A7 F6 DB 22 DC D3 B3 2E 09 1E 05 4E 10 19 3A D6 17 8C 6F B5 E7 D5 55 29 06 01 3D 87 16 FE F7 3A 53 65 D4 55 DE B1 C0 4E 6C 96 98 E4

Last edited by hoschi (2015-06-25 12:36:39)

Offline

#2 2015-06-25 14:29:22

Spider.007
Member
Registered: 2004-06-20
Posts: 1,175

Re: [Epiphany] CSS and Images are not loaded on archlinux.org

Doesn't epiphany use the CA's from your arch-install? Does this work properly if you use curl on the cli?

Last edited by Spider.007 (2015-06-25 14:29:40)

Offline

#3 2015-06-25 15:33:27

hoschi
Member
From: Ulm (Germany)
Registered: 2008-11-03
Posts: 468

Re: [Epiphany] CSS and Images are not loaded on archlinux.org

The world isn't that simple sad

Genereally the base certificates are provides by ca-certificaes, but the actually used SSL/TLS implementation can be provided by NSS, OpenSSL or GNUTLS. Epiphany uses GNUTLS, which is provied through libsoup and glib-networking. Furthermore Epiphany has NSS as optional dependency, after a short look and the sourccode and some old comments from 2009 this allows the import of passwords from GECKO.

Here is a fine example why certificates are just "horror":
https://blogs.gnome.org/mcatanzaro/2015 … om-fiasco/

Oftern there is no "right" or "wrong", just "grey". The certificate system behind SSL/TLS is complicated and I personally consider it as broken by design, because the top of the chain forces you to trust others. Real trust requires mutual trust, PGP and the Web-of-Trust is an example (Archlinux is an example for it's usage).

Hoschi

// update
https://bugs.archlinux.org/task/45468

Last edited by hoschi (2015-06-25 15:53:43)

Offline

Board footer

Powered by FluxBB