After I upgraded boinc from 5.10.45 to 6.2.15, it refused to communicate with the "World Community Grid" project server. Reproducible: Didn't try Steps to Reproduce: 1. Emerge boinc-5.10.45 2. Attach to project "World Community Grid" 3. Upgrade to boinc-6.2.15 I had to manually download the file 'ca-bundle.crt' from http://boinc.berkeley.edu/trac/browser/trunk/boinc/curl/ca-bundle.crt?format=raw and copy it to '/var/lib/boinc' to get it work again. In fact there already existed a softlink '/var/lib/boinc/ca-bundle.crt' pointing to '/etc/ssl/certs/ca-certificates.crt'. Perhaps this file should be updated when emerging boinc. Additional information at the top of this page: http://boinc.berkeley.edu/trac/wiki/Error/Scheduler%20request%20failed Portage 2.1.4.5 (default-linux/x86/2007.0/desktop, gcc-4.3.2, glibc-2.8_p20080602-r0, 2.6.25-gentoo-r8 i686) ================================================================= System uname: 2.6.25-gentoo-r8 i686 Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz Timestamp of tree: Fri, 05 Dec 2008 19:18:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p33 dev-java/java-config: 1.3.7, 2.1.6 dev-lang/python: 2.5.2-r7 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.4.6-r1 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r2 sys-devel/automake: 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1-r1 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=core2 -pipe -fomit-frame-pointer -msse4.1" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -march=core2 -pipe -fomit-frame-pointer -msse4.1" DISTDIR="/distfiles/" FEATURES="ccache distlocks fixpackages metadata-transfer parallel-fetch sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="de_DE.utf8" LC_ALL="de_DE.utf8" LINGUAS="de" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/desktop-effects /usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X acl acpi alsa arts avahi bash-completion berkdb cairo cdr cli cracklib crypt cups dbus dri dvd dvdr dvdread eds emboss encode evo fam firefox flac fortran gdbm gif gnome gpm gstreamer gtk hal hvm iconv ipv6 isdnlog jpeg kerberos ldap mad midi mikmod mp3 mpeg mudflap ncurses nls nptl nptlonly ogg opengl openmp pae pam pcre pdf perl png pppd python qt3support quicktime readline reflection sdl session snmp spell spl ssl svg tcpd tiff truetype unicode vorbis win32codecs x86 xml xorg xv zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de" USERLAND="GNU" VIDEO_CARDS="nvidia vesa" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created attachment 174381 [details] Error message from boinc Error message from boinc when trying to connect to the "World Community Grid" project server.
I have exactly the same problem. I am attempting to fix by doing a "update-ca-certificates --verbose --fresh" since the ca-bundle.crt is quite old if you get it from the below mentioned boinc link and if I understand correctly ca-bundel.crt is supposed to be all the certs you (not just boinc) care about. I have no evidence yet that my method works because boinc has not tried to access World Community Grid yet. However, I can verify that using Jan's ca-bundle.crt (from boinc) does work.
(In reply to comment #2) Well, that didn't take long. Conclusion: my method does NOT work. Specifically, I am using the current stable certs: tjasse ~ # eix -I ca-certificates [I] app-misc/ca-certificates Available versions: 20080514-r2 ~20080809 Installed versions: 20080514-r2(11:38:06 08/17/08) Homepage: http://packages.debian.org/sid/ca-certificates Description: Common CA Certificates PEM files Message (even after update of ca-certificates with 20080514-r2): 06-Dec-2008 17:28:17 [World Community Grid] Sending scheduler request: Requested by project. Requesting 6940 seconds of work, reporting 1 completed tasks 06-Dec-2008 17:28:19 [---] Project communication failed: attempting access to reference site 06-Dec-2008 17:28:21 [---] Internet access OK - project servers may be temporarily down. 06-Dec-2008 17:28:22 [World Community Grid] Scheduler request failed: Peer certificate cannot be authenticated with known CA certificates
I hit the same problem. I'm not too keen on downloading a raw list of CA certificates from a web page - that's a good way to install a dodgy certificate if ever there was, so I tried upgrading the ca-certificates package to the latest ~x86 version. That works - after a restart, boinc uploads/communicates happily.
(In reply to comment #4) > I hit the same problem. > I'm not too keen on downloading a raw list of CA certificates from a web page - > that's a good way to install a dodgy certificate if ever there was, > so I tried upgrading the ca-certificates package to the latest ~x86 version. > That works - after a restart, boinc uploads/communicates happily. > I can report that updating to the latest unstable ebuild from ca-certificates works. Maybe there should be some dependency in boinc for that package?
Fixed in the tree. Depencency for ca-certificates updated.
