I noticed no certificate on install.
My firewall also caught it. I had to allow.
Same true for the plug-in container.
>> Important to fix this issue!!
Thx
27.7.1 has no security certificate!
Moderator: trava90
Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
-
Nightbird
- Lunatic
- Posts: 279
- Joined: 2016-07-18, 21:12
Re: 27.7.1 has no security certificate!
Diversity is key.
Those who forget the past are doomed to repeat it.
Those who forget the past are doomed to repeat it.
-
dark_moon
Re: 27.7.1 has no security certificate!
You can and should always check the checksum and GPG signature before start the binary
-
gulf-of-mexico
Re: 27.7.1 has no security certificate!
When the Pale Moon browser says "an update is available" it downloads a file named "update" to Pale Moon / updates folder to be installed the next time the browser restarts.
Is there a place where the checksum for this update file is published to compare with before confirming to "allow" to update?
It's different than the installer or zip file checksums published on the website.
Is there a place where the checksum for this update file is published to compare with before confirming to "allow" to update?
It's different than the installer or zip file checksums published on the website.
Last edited by gulf-of-mexico on 2018-01-19, 02:38, edited 2 times in total.
-
gulf-of-mexico
Re: 27.7.1 has no security certificate!
I think I was too wordy above.
Where can I find the SHA-256 for the update file which Pale Moon x64 downloads to
/Users/username/AppData/Local/Moonchild Productions/Pale Moon/Pale Moon/updates/0/update.mar (44,279,651 bytes)
Where can I find the SHA-256 for the update file which Pale Moon x64 downloads to
/Users/username/AppData/Local/Moonchild Productions/Pale Moon/Pale Moon/updates/0/update.mar (44,279,651 bytes)
-
gulf-of-mexico
Re: 27.7.1 has no security certificate!
How do you check the checksum for the update.mar file Pale Moon downloads when an update is available?dark_moon wrote:You can and should always check the checksum and GPG signature before start the binary
-
dark_moon
Re: 27.7.1 has no security certificate!
I dont. I only can check the binarys from website.gulf-of-mexico wrote:How do you check the checksum for the update.mar file Pale Moon downloads when an update is available?dark_moon wrote:You can and should always check the checksum and GPG signature before start the binary
If the updater check the files before starting the upgrade? I dont know. Only Moonchild knows
-
Moonchild
- Pale Moon guru
- Posts: 35650
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: 27.7.1 has no security certificate!
The internal updater file is already hash checked when it is downloaded. The update method is secure:
- The browser sends an https request to the update server (so no MitM rewriting is possible)
- The update server responds with a manifest file that includes both SHA256 and exact file size of the update file, as well as the URL of the update file
- The browser downloads the update file, and any mismatch in size or SHA256 will reject it
Last edited by Moonchild on 2018-01-21, 10:06, edited 1 time in total.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
gulf-of-mexico
Re: 27.7.1 has no security certificate!
Excellent. Much appreciated.Thank you.
Last edited by gulf-of-mexico on 2018-01-22, 01:23, edited 1 time in total.