yeah, it works again! Thank you for your time.
Best regards, Caspar
Von: gpodder-bounce@xxxxxxxxxxxxx <gpodder-bounce@xxxxxxxxxxxxx> Im Auftrag von
thomas blanchard
Gesendet: Freitag, 6. März 2020 13:01
An: gpodder@xxxxxxxxxxxxx
Betreff: [gpodder] Re: ***UNCHECKED*** AW: Re: ignore invalid certificate
Update: I just successfully loaded that podcast using AntennaPod (same URL).
It must have been a temporary issue.
Thomas
Le ven. 6 mars 2020 à 12:58, thomas blanchard
<thomasfp.blanchard@xxxxxxxxx<mailto:thomasfp.blanchard@xxxxxxxxx>> a écrit :
Hello Caspar,
I can load that file perfectly fine in Firefox, can you confirm that the issue
persists? I suspect they had issues and fixed their certificate.
If the issue persists, it can be that the GPodder App is missing a root CA
(AddTrust External TTP Network) and/or that your OS / device is missing that
root CA. Which device are you using?
The certificate for me shows up with the following information fyi:
notBefore=Dec 23 00:00:00 2019 GMT
notAfter=Dec 22 23:59:59 2021 GMT
issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN =
Sectigo RSA Domain Validation Secure Server CA
subject=CN = *.podigee.io<http://podigee.io>
And the certificate chain is valid:
openssl s_client -connect
fazeinspruch.podigee.io:443<http://fazeinspruch.podigee.io:443>
CONNECTED(00000005)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN
= USERTrust RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN =
Sectigo RSA Domain Validation Secure Server CA
verify return:1
depth=0 CN = *.podigee.io<http://podigee.io>
verify return:1
---
Certificate chain
0 s:CN = *.podigee.io<http://podigee.io>
i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN =
Sectigo RSA Domain Validation Secure Server CA
1 s:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN =
Sectigo RSA Domain Validation Secure Server CA
i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN =
USERTrust RSA Certification Authority
2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN =
USERTrust RSA Certification Authority
i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust
External CA Root
3 s:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust
External CA Root
i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust
External CA Root
Thomas
Le jeu. 5 mars 2020 à 17:47, Dawo, Caspar <C.Dawo@xxxxxx<mailto:C.Dawo@xxxxxx>>
a écrit :
Hi,
I've got the same problem. Even deleting "s" from "https:" does not help. I get
this error message:
Einige Podcasts konnten nicht zur Liste hinzugefügt werden:
http://fazeinspruch.podigee.io/feed/mp3: ;<urlopen error [SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate
in certificate chain (_ssl.c:1056)>
I noticed that iTunes (which is not my favoured podcatcher) does download
episodes from these podcasts. Can gPodder be adjusted to this problem in any
way?
Viele Grüße
Caspar
Von: gpodder-bounce@xxxxxxxxxxxxx<mailto:gpodder-bounce@xxxxxxxxxxxxx>
<gpodder-bounce@xxxxxxxxxxxxx<mailto:gpodder-bounce@xxxxxxxxxxxxx>> Im Auftrag
von thomas blanchard
Gesendet: Mittwoch, 18. Dezember 2019 12:50
An: gpodder@xxxxxxxxxxxxx<mailto:gpodder@xxxxxxxxxxxxx>
Betreff: [gpodder] Re: ignore invalid certificate
Hello,
So tempering with SSL/TLS is a terrible idea imo. The risk is not around
downloading a podcast one doesn't want. The risk is with downloading
compromised files from an unknown source that will affect the security of your
device and the people you know.
For past examples:
https://fortune.com/2015/10/01/stagefright-android-vulnerability-song/
If a website is not able to maintain a valid TLS certificate (it's fairly easy
and even free now with Let's Encrypt), they should offer a non-TLS version. Try
first by changing the URL to http://your-podcast.website/etc.
Then try reaching out to the website in question so that they can fix this
issue.
What could be possible however is to allow a podcast to downgrade to HTTP if
HTTPS doesn't work.
Thomas
Le mar. 17 déc. 2019 à 22:28, Fourhundred Thecat
<400thecat@xxxxxx<mailto:400thecat@xxxxxx>> a écrit :
Hello,
when downloading podcasts over https or even subscribing to feed, when
the certificate is invalid gpodder fails with download error.
While it is good to know that certificate is invalid, I think there
should be an option to ignore invalid certificates.
Lets be realistic. What is gpodder protecting me from ?
A "man in the middle attack", where somebody tampers with my favorite
podcast and implants fake episode ?
Unlike web browser, gpodder is not used by people to manage e-banking,
or to file taxes.
Simply refusing to download from feed with invalid certificate is
overreaction, or perhaps even security theater.
I suggest, there should be a way to ignore invalid certificates.
In the meantime, If not, how can I circumvent it?
I am happy to change the python code, if necessary, if somebody can
point me to the right section.
thank you
Frankfurter Allgemeine Zeitung GmbH
Hellerhofstraße 2-4
60327 Frankfurt am Main
HRB 7344 . Amtsgericht Frankfurt am Main
Vorsitzender des Aufsichtsrats: Prof. Dr. Dr. Andreas Barner
Geschäftsführung: Thomas Lindner (Vorsitzender), Dr. Volker Breid
________________________________
Frankfurter Allgemeine Zeitung GmbH
Hellerhofstra�e 2-4
60327 Frankfurt am Main
HRB 7344 . Amtsgericht Frankfurt am Main
Vorsitzender des Aufsichtsrats: Prof. Dr. Dr. Andreas Barner
Gesch�ftsf�hrung: Thomas Lindner (Vorsitzender), Dr. Volker Breid
---------------------------------------------------------------------
