Delivery-Date: Wed, 02 Jul 2014 10:56:59 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 26C4B1E0C83
	for <archiver@seul.org>; Wed,  2 Jul 2014 10:56:57 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id D07B92FB01;
	Wed,  2 Jul 2014 14:56:50 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id DA7E22E73A
 for <tor-talk@lists.torproject.org>; Wed,  2 Jul 2014 14:49:41 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Vdue9THJHN7h for <tor-talk@lists.torproject.org>;
 Wed,  2 Jul 2014 14:49:41 +0000 (UTC)
Received: from s65.web-hosting.com (s65.web-hosting.com [199.188.204.174])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id B91402E56D
 for <tor-talk@lists.torproject.org>; Wed,  2 Jul 2014 14:49:41 +0000 (UTC)
Received: from [8.25.197.25] (port=54419
 helo=tw-172-25-129-248.office.twttr.net)
 by server65.web-hosting.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128)
 (Exim 4.82) (envelope-from <garth@tunnel19.com>)
 id 1X2Lqs-000BtJ-5L; Wed, 02 Jul 2014 10:49:38 -0400
Message-ID: <53B41C01.2010407@tunnel19.com>
Date: Wed, 02 Jul 2014 07:49:37 -0700
From: Garth Patil <garth@tunnel19.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Roman Mamedov <rm@romanrm.net>, tor-talk@lists.torproject.org
References: <53B3029F.8000907@tunnel19.com> <20140702101610.4dd37ec8@natsu>
In-Reply-To: <20140702101610.4dd37ec8@natsu>
X-Enigmail-Version: 1.6
X-AntiAbuse: This header was added to track abuse,
 please include it with any abuse report
X-AntiAbuse: Primary Hostname - server65.web-hosting.com
X-AntiAbuse: Original Domain - lists.torproject.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - tunnel19.com
X-Get-Message-Sender-Via: server65.web-hosting.com: authenticated_id:
 garth@tunnel19.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Subject: Re: [tor-talk] StartCom certs untrusted
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Huzzah! That was the problem (hadn't attached the root and intermediate
CA certs). Thanks for your help.

On 7/1/14, 9:16 PM, Roman Mamedov wrote:
> On Tue, 01 Jul 2014 11:49:03 -0700
> Garth Patil <garth@tunnel19.com> wrote:
> 
>> Hi,
>> I'm using Tor Browser 3.6.2-MacOS. I have a site that uses a free class
>> 1 SSL cert from StartCom <https://www.startssl.com/>. Recent versions of
>> Chrome and Firefox don't seem to have this problem, but Tor Browser
>> gives the untrusted error. Is there a reason this CA isn't included?
> 
> I've just tested with TBB on Windows, and it does recognize such certs
> properly. Which website are you talking about? Post the URL if it's not
> sensitive. Maybe they don't attach StartCom's intermediate certs (as I think
> StartCom's instructions recommend to do).
> 
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

