[FFmpeg-devel] SSL certificate for ffmpeg.org website is not valid anymore
Boris Pek
tehnick-8 at yandex.ru
Mon Jul 10 13:53:02 EEST 2017
Hi there,
I am not sure where bug-reports about your web-site should be sent to,
so I am writing here. Please CC me in replies, I am not subscribed.
Recently in my Debian Sid (unstable) system I have faced with problem
of downloading of tarballs from https://ffmpeg.org/releases/ using wget
command line tool. For example:
$ LC_ALL=C wget -v https://ffmpeg.org/releases/ffmpeg-3.3.2.tar.xz
--2017-07-03 16:54:21-- https://ffmpeg.org/releases/ffmpeg-3.3.2.tar.xz
Resolving ffmpeg.org (ffmpeg.org)... 79.124.17.100
Connecting to ffmpeg.org (ffmpeg.org)|79.124.17.100|:443... connected.
ERROR: The certificate of 'ffmpeg.org' is not trusted.
ERROR: The certificate of 'ffmpeg.org' hasn't got a known issuer.
ERROR: The certificate of 'ffmpeg.org' was signed using an insecure algorithm.
Yes, command line option "--no-check-certificate" may be used in this case,
but I have tried to find the root of problem and have found that ffmpeg.org
uses SSL certificate from StartCom Ltd. which is not trusted certification
authority for now.
Latest news about this topic:
https://groups.google.com/a/chromium.org/forum/#!topic/net-dev/FKXe-76GO8Y
Older news:
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html
Other links:
https://bugs.chromium.org/p/chromium/issues/detail?id=685826
https://bugzilla.mozilla.org/show_bug.cgi?id=1309707
Consider switching to another certification authority in the nearest future.
For example, you may use free service from Let's Encrypt, which is very simple
in use and quite good automated.
Please forward this email to people who maintain your website, if they are
not subscribed to this mailing list.
Best regards,
Boris
More information about the ffmpeg-devel
mailing list