You are not logged in.

#1 2014-07-30 17:39:42

Dave Cohen
Member
Registered: 2008-09-27
Posts: 126

Unacceptable TLS certificate when browsing with uzbl

Trying to browse a website with uzbl, I'm getting an error "Unacceptable TLS certificate."

The site in question has a cert from startssl.com.  And visiting https://startssl.com gives the exact same error.

After some searching and man paging, I was under the impression the solution would be

a) Get the appropriate .crt file (from https://www.startssl.com/certs/)

b) Copy .crt file(s) to /usr/local/share/ca-certificates

c) Run update-ca-certificates

I've tried the above steps with both the ca.crt file and ca-bundle.crt file found on https://www.startssl.com/certs.  But no luck.  Uzbl still gives the same error.  Can anyone tell me how to get uzbl past this error?

Thanks.

Offline

#2 2014-07-30 17:51:32

Dave Cohen
Member
Registered: 2008-09-27
Posts: 126

Re: Unacceptable TLS certificate when browsing with uzbl

Update, partial solution.

I've found that I can visit a site in another browser, chromium for instance.  There, I can click the padlock icon to get certificate information and export the site's certificate.

The resulting certificate I can place in /usr/local/share/ca-certificates.  Then, I run update-ca-certificates.  And then I restart uzbl and it is able to browse the website in question.

This works for the specific website in question.  So I can do it for https://startssl.com, and then I have to repeat the process for my test site which has a cert from startssl.com.  What I'd like is to tell uzbl to trust all sites certified by startssl.  Otherwise I'll need to repeat this cert export process too many times.  Is there a way to do this?

Offline

#3 2014-10-21 21:35:56

Smartsasse
Member
Registered: 2014-10-21
Posts: 6

Re: Unacceptable TLS certificate when browsing with uzbl

I installed uzbl-browser a couple of days ago only to realize that it was very old and some things didn't seem to work as expected so deleted it and unneccesary repositories and installed uzbl-git from AUR instead and me also is having some problem.

Seen to your specific problem about TLS certificate which appeared for every https site I visited I looked at the /.config/uzbl/config file and saw that it tried to load the file "/etc/ssl/certs/ca-bundle.crt" which doesn't exist for me. And also the row above it said "set ssl_policy fail" which I think is the new "ssl_verify" that is listed in the old documentation.

So what I did was comment the row which loaded the file and changed the other file to "set ssl_policy ignore".

Now everything about that works great, don't know if it's secure enough anymore dough.

For me the following row gets printed like onces for every time the browser loads a new page:
(uzbl-core:????): GLib-GObject-CRITICAL **: g_closure_unref: assertion 'closure->ref_count > 0' failed

And sometimes the following rows:
(uzbl-core:????) GLib-GObject-WARNING **: The property SoupSession:ssl-ca-file is deprecated and shouldn't be used anymore. It will be removed in a future version.
** Message: PROP_TIMELINE_PROFILING_ENABLED has been deprecated

Having ???? being row-numbers like 2412, 2769, 2771

Do you also have these outputs or are they part of something else that's just wrong for me?

Mostly I think that the default files I got when installing was just wrong about some things and some configuration is just needed to get it to work. For example did the config file use a variable UZBL_PREFIX which was set to "/usr/local" but all the files where lying under "/usr".

I haven't had very much time to check my own problems out get, only a couple of hours today, so will continue looking for a solution. Maybe I just installed it wrong from the AUR or something. I'm kind of new to both Arch and Linux, have tried Arch and Ubuntu before but that with a DE and nearly all my programs where graphical and more used programs like nautilus and firefox instead of ranger and uzbl. I really like it here but I hope I'll take the time to get something awesome working. Now I'm just trying Arch out in Virtual Box so I can install it for real later where I don't need to mess up the installation. tongue

/Sasse

Offline

#4 2016-04-13 05:08:02

iago
Member
Registered: 2016-04-11
Posts: 2

Re: Unacceptable TLS certificate when browsing with uzbl

After building I had this error, which was solved by changing the path to the certificate bundle. Search for the text ssl_ca_file in the file  ~/.config/uzbl/config and change to:

set ssl_ca_file /etc/ssl/cert.pem
set ssl_policy fail

Last edited by iago (2016-04-13 05:08:26)

Offline

#5 2016-04-13 14:54:52

WorMzy
Forum Moderator
From: Scotland
Registered: 2010-06-16
Posts: 11,783
Website

Re: Unacceptable TLS certificate when browsing with uzbl

Thanks for sharing your solution. I'm going to go ahead and close this old thread now.

Closing.


Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

Board footer

Powered by FluxBB