I just launched the Dekstop app from their Debian apt repository. It says "Something went wrong! Failed to connect to server." and then the Debug Log contains stuff such as:
Not if you're behind my corporate proxy, unfortunately. I set the HTTPS_PROXY environment variable properly (which is annoying -- other apps are able to deal with the proxy transparently) so that I stop getting 407 errors, and then I get:
info: caused by: [35] SSL connect error (schannel: next InitializeSecurityContext failed: Unknown error
(0x80092012) - The revocation function was unable to check revocation for the certificate.)
I've tried various fixes from the (still open) github issues: set some config setting to prevent the cert revocation check (only works for cargo, not rustup) and installing the cert from static.github.com (doesn't fix the issue at all).
EDIT: I was actually able to workaround this, finally, based on this github desktop issue[0]. It involves registry hackery and disabling cert validation in SCHANNEL which is not ideal (and I will be reverting it once rust is installed). I certainly don't have the mentioned Russian crypto library installed on my machine, so I have no idea what could be ultimately causing cert revocation check to fail on my machine...
hey, I tried to get the app (full disclosure we're building something in the same general ballpark - still very different), either way I was really curious to try it out but it sent me to this:
app.fetching.io uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)
(just thought you might want to know)
If you don't mind sharing the error you encountered (screenshot?) feel free to drop me an email - address in my profile. I just got the SSL via Namecheap a few days back, I haven't had issues with them before, but I'm by no means an expert on certs, and may have set up something wrongly.
Cert chain is incorrect basically and the browser is fetching intermediate certs to try to make it work.
Most of the issues Qualys points out on blog.pinboard.in are not present on pinboard.in itself, so I presume there's a difference in config there that would be a good place to start. They're also running on different versions of Debian (squeeze v. wheezy, which ship different OpenSSLs) which accounts for some of the variance.
Also, as Qualys notes, disable RC4 ciphers on pinboard.in and you're in pretty good shape.
It looks like the server is slightly misconfigured, it isn't serving the required intermediate certificate[1].
Desktop browsers are smart enough to find the intermediate certificate and then verify the chain, but technically I don't think this is part of the spec.
2. After going to https://worldself.com I am greeted with a "login page" and a note that this is available on stores. But what does the app actually do? I'm not going to download it to just find out.
FetchError: request to https://textsecure-service.whispersystems.org/v1/config failed, reason: unable to verify the first certificate
reply