Community-edition: General certificate issue

https://github.com/saenzramiro/rambox/issues/459
https://github.com/saenzramiro/rambox/issues/458
https://github.com/saenzramiro/rambox/issues/457
https://github.com/saenzramiro/rambox/issues/456

Skype affected as well.

I can confirm - Skype's MS login is blocked, Facebook one works.

I have the same problems with Outlook 365 and skype

Because we didn't release any update for Rambox since 26 September, I think the massive invalid certification is related with services that all those services use. I know is weird, because they are all "serious" companies, but it happens. A few months ago, we have something similar with Kiwi IRC and the problem was related with Kiwi team ( #339 ).

Let's wait a few days and see if the problem is solved, and if is not, I will release a minor release removing that message or something similar.

Uhm but these services work just fine in the browser, just not in rambox.

Edit: removing certificate warning and opening users to man in the middle attack would not be wise decision.

I can confirm what rokups said.
Skype works normally from the web browser, while Rambox suddenly stopped working properly.

Ok, so I will investigate what's happening.

Franz seems to work fine, too.

Looks like issue caused by https://bugs.chromium.org/p/chromium/issues/detail?id=664177

Linkedin (via Custom Service https://www.linkedin.com/messaging) is also affected.

@ekerazha AFAIK, Franz don't let the user know there are certificates invalid.

Same issue with gitter.

Same issue with Yahoo! Mail and Yahoo! Messenger.

If it is what @pztrn said wouldnt releasing update with updated electron solve the issue? Would try myself but with given instructions it does not build..

Hi,

Just for up to date info, on my side yahoo, office365 have this issue and kwirc show only blank page.

The same problem with Spype

I am having the Certificate warning issues on Voxer, MightyText, HootSuite, and Slack. I wasn't clear from this issue post whether a solution had been arrived at or not.

I will release a minor release tomorrow fixing the Certificate warning.

Great, looking forward for new release ^_^.

I was getting this with Gitter the last time I tried, just activated the service again after the 0.4.5 update and it's working perfectly now. :) Thanks @saenzramiro.

Electron 1.4.12's fix seems interesting ;)

http://electron.atom.io/blog/2016/12/09/certificate-transparency-fix

@bundyo, excuse my ignorance here, but I'm not sure what you find interesting about it.. They just updated the libcc library to a version that doesn't have that problem.

Hello
Same problem on Skype

Version: 0.4.5
Platform: linux (x64)
Electron: 1.4.7
Chromium: 53.0.2785.143
Node: 6.5.0

Yup problem is back. We need electron update.

@ZaLiTHkA, did you check the issue it fixes and why it warranted separate update? Also that's why 0.4.5 failed again. :)

+1 problem is back

Same here for all services

@saenzramiro you had a chance to do bunch of merges but not a new build? Please do not neglect this. People are depending on rambox for their communications and periodically we are cut out for multiple days. This is not cool at all. There should be some kind of time-based release schedule updating electron at least so we do not get hit with certificate timebomb.

Hello team, I can't even access to the mySms logon page et get same error popup. Doesn't work even when I enable the option "trust invalid certificate".

Might be a good idea to mention that if you are incredibly reliant on this 'free' software, the best way to support the project is to donate some money!

Continuing in https://github.com/saenzramiro/rambox/issues/573

Although the economic value of open source software does not just come from financial donations, I certainly _do_ donate money to open source projects. But I generally do it after using a particular tool for a long time. I've only recently started using Rambox, and while I appreciated it, when it worked, that's a sentiment quickly nullified when critical defects aren't addressed. While donating is voluntary, _so, too, is contributing_, so I think we all hugely appreciate your effort to this cause. But it _is_ strange and disappointing to see that the maintainers aren't jumping on this issue, to make a new version available to users. (Is this just not an issue for everyone? I really don't understand why this would not be your first priority, even when donations aren't pouring in.) And doing regular merges of other things just _does_ feel strange, while some of us are clicking our way through never-ending certification warnings. So, with the utmost respect for all you've done for this open source project, I ask you: _would you please make a new version available?_

For 25 people complaining, you have perhaps 100 users uninstalling it just because of this problem with certificates. And the more we wait for a solution, the more you lose users.

I love Rambox and use it every single day. Please, just do something to prevent the problem in the future, thanks @saenzramiro :S

+1 skype zoho

+1 skype, also have problems with some certs on messenger!

+1

+1 skype
slack and whatsapp are working

Same problème on several services.
I'd take a version that doesn't beep and block, but just silently refuses to load those resources.

The certificate for the service are fine for me,
BUT it looks like the error comes from displaying a Tumblr or cloudfront or other service in a service
Example: I'm on Slack and there is a tumblr GIF posted, the https of Tumblr pops up a certif warning because it is not the Slack one ?
If not then it's that the CA root validation system is getting corrupt somehow ? What are you using ?

I know the main developers are probably busy working on Rambox 1.0, which by the sneak previews they gave us is looking like it'll be great. But can we not look at switching Electron in the current version. It's not something I've played with before, otherwise I'd probably have a go at it myself. According to http://electron.atom.io/blog/2016/12/09/certificate-transparency-fix version 1.4.12 doesn't have this recurring issue. Hopefully they're not just ignoring the warnings.
Update: Just read the details and it looks like whilst the proper fix is determined, Chromium have patched it to "fail-open" rather than "fail-closed". Which hopefully means that a proper fix is still coming. Even so, Electron 1.4.12 would solve our current issues, which are quickly making Rambox unusable. It's free software, there's not much preventing a large swathe of users from just walking away and never coming back.

Electron was updated two days ago. All we need is a freakin new build/version bump.

I am still getting Certificate error for Riot.

Hum, not the first to complain, no much news. I guess I will take a look at Franz again. Too bad :/

@rokups @twinklebob if you know how to build a node app like this and update electron could you take a look here ?
https://github.com/saenzramiro/rambox/wiki/DEPLOYMENT

+1

Yep this issue is back on my side as well, one week without updates.

Please update to version 0.5.3!

Solved with latest Update ! Thanks ! <3 <3 <3

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.