Update cacert.pem to latest version

[nicksavov]

Source: http://curl.haxx.se/ca/cacert.pem

[wilsonge]

Same should be patched https://github.com/joomla-framework/http/blob/master/src/Transport/cacert.pem

[nicksavov]

Done:
joomla-framework/http#6

Thanks!

[wilsonge]

👍

[nicksavov]

Let's see which team is quicker at merging :P

[mbabker]

Now that's no fair. It's physically impossible for one person to click two merge buttons at once :-P

[nicksavov]

:D Thanks Michael!

[ryandemmer]

I"m not 100% sure about this, but since the Joomla 3.3.4 update, which included this cacert update, The Joomla Update Manager and Install From Web are generating certificate errors:

SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

This is when attempting to download a zip file from Amazon S3, in this case specifically - https://jce2.s3.amazonaws.com/updates/com_jce_243.zip

When the URL for the update is changed to a Windows Azure blob - https://jce.blob.core.windows.net/updates/com_jce_243.zip - no errors are generated and the extension installs.

This comment was created with the J!Tracker Application at http://issues.joomla.org/.

[nicksavov]

Hi Ryan,

All I did was grab the latest file from http://curl.haxx.se/ca/cacert.pem (the official source) and use it instead.

Could you check that the issue doesn't occur in 3.3.3? It might just be a coincidence that you're getting this now after 3.3.4's release (not saying that's the case, but worth checking).

[brianteeman]

I just tried install from web on 3.3.3 and 3.3.4 with the url that you said wasnt working using google chrome on osx and I had no issue

This comment was created with the J!Tracker Application at http://issues.joomla.org/.

[nicksavov]

Thanks Brian!

By the way, I think it's dependent on the server environment that Joomla is installed on.

If the latest certificate (of the server hosting the file) isn't in libraries/joomla/http/transport/cacert.pem and the server (that's downloading the file) doesn't have it either, the error will trigger.

However, if the server that's downloading the file does have the certificate, it won't trigger.

The best thing to do, if possible, is contribute the updated certificate to the cacert.pem source:
http://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

However, I don't know where we could do that and if Mozilla even accepts contributions for it.

[brianteeman]

Quite right I forgot that.

On 25 September 2014 20:05, Nick Savov notifications@github.com wrote:

Thanks Brian!

By the way, I think it's dependent on the server environment that Joomla
is installed on.

If the latest certificate (of the server hosting the file) isn't in
libraries/joomla/http/transport/cacert.pem and the server (that's
downloading the file) doesn't have it either, the error will trigger.

However, if the server that's downloading the file does have the
certificate, it won't trigger.

The best thing to do, if possible, is contribute the updated certificate
to the cacert.pem source:

http://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt

However, I don't know where we could do that and if Mozilla even accepts
contributions for it.

—
Reply to this email directly or view it on GitHub
#4296 (comment).

Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
http://brian.teeman.net/