Amiga.org
Amiga News and Community Announcements => Amiga News and Community Announcements => Amiga Software News => Topic started by: chris on December 12, 2017, 10:21:16 AM
-
Vince has set up the CI server to build the OS3.5+ version of NetSurf (Reaction frontend).
Please test these builds and let me know if something is not working as expected.
http://ci.netsurf-browser.org/builds/amigaos3/
NB: SSL is currently broken. If somebody knows how to fix OpenSSL let me know! Error is here: http://bugs.netsurf-browser.org/mantis/view.php?id=2583
-
Great news
-
Chris two lattest versions gives me timeouts when I try to surf web. Can't get past start screen.
Some earlier versions had this same problem, but this time it gives timouts faster.
-
An attempt to build NetSurf with gcc6: http://www.cy2.uk/tmp/netsurf_os3-gcc6.lha
I'm getting a 80000005 "divide by zero" error, but I'm not sure if that's just UAE being rubbish.
SSL is still broken regardless.
-
An attempt to build NetSurf with gcc6: http://www.cy2.uk/tmp/netsurf_os3-gcc6.lha
I'm getting a 80000005 "divide by zero" error, but I'm not sure if that's just UAE being rubbish.
SSL is still broken regardless.
Coud you disable ssl? Any way it will make things slower. Is it possible to disable it manually?
-
Coud you disable ssl? Any way it will make things slower. Is it possible to disable it manually?
Probably, but given it doesn't work it's effectively disabled anyway. A web browser without SSL is pretty useless these days.
-
SSL gives errors and crash browser. It opened a window wich asked me to accept certifigates manually and then crashed.
-
SSL gives errors and crash browser. It opened a window wich asked me to accept certifigates manually and then crashed.
SSL comes up with an error saying "unable to fetch document" in all current versions.
If the certificate window is coming up you're trying to access a site with an invalid certificate (I assume this is in an old version). If it crashes at that point I need to fix that but I'm not interested in doing so until SSL actually works, especially as chances are it's fixed already.
AmiSSL builds and works OK for 68k using the same version of OpenSSL so it must be a relatively simple thing to fix, just needs somebody who knows what they are doing to have a look at it.
Actually a libopenssl which is just a wrapper for AmiSSL would probably be fine too.
-
It happened here in amiga.org. It was http connection wich was forwared to unworking https address/certifigate https://amiga.org
It shouldn't autoforward to https if site is not asking to it.
-
It happened here in amiga.org. It was http connection wich was forwared to unworking https address/certifigate https://amiga.org
It shouldn't autoforward to https if site is not asking to it.
It doesn't redirect unless the site asks, and that certificate *is* invalid as it's issued to http://www.amiga.org. You should be using http://www.amiga.org - without the www. is broken, and it used to bring up a page saying so.
Working on OS4 without redirecting, forcing to https brings up the certificate error but doesn't crash. I'll check it on OS3 when/if SSL is working again.
-
It randomly asks accept or reject certifigate. It happened here and amigaworld.net
I'm prety sure that these sites doesn't use certifigates for anything.Both sites has broken certifigate.
-
It randomly asks accept or reject certifigate. It happened here and amigaworld.net
I'm prety sure that these sites doesn't use certifigates for anything.Both sites has broken certifigate.
If you put https:// then they will be using a certificate, or at least trying to.
-
If you put https:// then they will be using a certificate, or at least trying to.
That's the point, I don't put https
-
That's the point, I don't put https
Then it's a problem with the website configuration, as it's either redirecting you or some page elements are being served over SSL (or the OS3 build of NetSurf is completely broken, which it is in parts).
-
Then it's a problem with the website configuration, as it's either redirecting you or some page elements are being served over SSL (or the OS3 build of NetSurf is completely broken, which it is in parts).
Both amiga.org and Amigaworld.net? Hard to believe?
-
Both amiga.org and Amigaworld.net? Hard to believe?
Common owner.... but I've never seen them redirect to https on any browser, including NetSurf. Maybe deleting your cache will fix it?
-
Common owner.... but I've never seen them redirect to https on any browser, including NetSurf. Maybe deleting your cache will fix it?
Cache deleted. Amiga.org was OK, but amigaworld.net asked accept morph.zone certificate??
After that going baack to amiga.org was impossible, though I only waited about 2 minits.
-
Tested it again, amiga.org OK -> aminet.net OK -> amigaworld.net certifigate error morph.zone - > amigans.net certifiaget error paypal.com??
Maybe ssl should be disabled until it works again? Other hand, nobody use 68k netsurf for any serious stuf, so maybe ssl is just not needed?
-
Tested it again, amiga.org OK -> aminet.net OK -> amigaworld.net certifigate error morph.zone - > amigans.net certifiaget error paypal.com??
Ok, the certificate errors are likely because OpenSSL doesn't work properly.
Maybe ssl should be disabled until it works again? Other hand, nobody use 68k netsurf for any serious stuf, so maybe ssl is just not needed?
Given it's beta, it can stay broken until somebody* fixes it.
* Most probably me, given that nobody else appears to have the slightest interest in looking at it.
-
For what it is worth...
* the certificate used on amigaworld.net expired 1582 days ago
* the certificate used on amiga.org it is not even issued to amiga.org, nor contain amiga.org as alternate name
* the certificate used on amigans.net is issued to and signed by localhost.localdomain
Any sane browse will explicitly _not work_ with the above domains.
These *three* domains show all signs of being run by amateurs :)
(I'm sure the list will grow)
Please use some real-life, well-maintained and functional domains/sites for testing TLS/SSL.
-
@kolla
just as an FYI.... if you see anything around the site that needs fixing -- especially from a security point of view -- please PM @amigakit to let matthew know. thanks!
-- eliyahu
-
For what it is worth...
* the certificate used on amigaworld.net expired 1582 days ago
* the certificate used on amiga.org it is not even issued to amiga.org, nor contain amiga.org as alternate name
* the certificate used on amigans.net is issued to and signed by localhost.localdomain
Any sane browse will explicitly _not work_ with the above domains.
These *three* domains show all signs of being run by amateurs :)
(I'm sure the list will grow)
Please use some real-life, well-maintained and functional domains/sites for testing TLS/SSL.
Check pictures, it was asking morph.zone and paypal.com certifikates. I'm prety sure tahat earlier it asked amiga.org and amigaworld.net certifigates. I can't understat how / it decided to ask those paypal / morph certifigates.
-
Check pictures, it was asking morph.zone and paypal.com certifikates.
Yes... I am guessing missing CA certificates installed in/for your browser.
I'm prety sure tahat earlier it asked amiga.org and amigaworld.net certifigates. I can't understat how / it decided to ask those paypal / morph certifigates.
It asks for those because there is content on the amigaworld.net page from those pages - like the https://library.morph.zone/logo.png on the amigaworld.net article regarding MorphOS 3.10 release, and a paypal logo under "Support us!" on the amigans.net page. Nothing magic here.
-
@kolla
just as an FYI.... if you see anything around the site that needs fixing -- especially from a security point of view -- please PM @amigakit to let matthew know. thanks!
-- eliyahu
Really? You expect me and others to remember this?
No, I don't go there - the site owners should get the feces together - this stuff is rudimentary and obvious. I have earlier tried to use the "contact us" that is linked to at the bottom of this page, without seeing any response nor action. I have also tried using the addresses specified in whois ("Tech Email: contact@a-eon.com") in futile attempts at reporting issues regarding fubar DNS etc. (http://amigaworld.net/modules/newbb/viewtopic.php?mode=viewtopic&topic_id=452&forum=7&start=380&viewmode=flat&order=0#761384) which led to absolutely nothing - if these obvious contact points don't work, then "amateurs" is a fitting description IMO.
-
i think a decent browser behaviour today would be to (decently) warn the user the site was not secure and navigate towards it nevertheless. im using different browers across my systems and all they do moreless the same, as chrome atm, they mention the handicap.
-
@kolla
just as an FYI.... if you see anything around the site that needs fixing -- especially from a security point of view -- please PM @amigakit to let matthew know. thanks!
-- eliyahu
lets not delude us. the sites are as good as unmaintained, thats sure. about as much as moobuny once was. and they are probably about as secure. who cares. free world.. and such. lets just not act as if there was any staff to take actions. let alone anyone qualified to do that. even though people here claim to hold positions in it industry.