Hi,
torbrowser-install-11.0.6_en-US.exe [32-bit] - Out of date sig.
Virustotal;
-VirusTotal
Screen grab of cert hosted @ share.riseup.net
http://aco6injncogk3siaubyh5sterx7w5pocqdrm7mna7u4wuukscgnqpeid.onion/#SaPbdSEXVHxGLcgMMHbmDg
Hi,
torbrowser-install-11.0.6_en-US.exe [32-bit] - Out of date sig.
Virustotal;
-VirusTotal
Screen grab of cert hosted @ share.riseup.net
http://aco6injncogk3siaubyh5sterx7w5pocqdrm7mna7u4wuukscgnqpeid.onion/#SaPbdSEXVHxGLcgMMHbmDg
@Tig7, can you verify the signature as described in: How can I verify Tor Browser’s signature?
This can very well be a false positive by the anti-virus/anti-malware software. (ref. https://support.torproject.org/tbb/antivirus-false-positive/)
Thanks for the reply @ championquizzer ,
I can’t verify the signature as described in your link, atm.
The SHA-256 for the .exe matches up though @https://dist.torproject.org/torbrowser/11.0.6/sha256sums-signed-build.txt
The problem is the out of date certificate (see screen grab link above).
Not running any anti-virus/anti-malware software, btw.
Thanks for your help.
Where are you seeing this certificate? Thanks!
Have a look here in the x509 Certificates section:
Name The Tor Project, Inc.
Issuer DigiCert EV Code Signing CA (SHA2)
Valid From 2017-04-04 00:00:00
Valid To 2020-06-04 12:00:00
Algorithm sha256RSA
Thumbprint 29643B7AC0003D8A882F8A4A6E064110D96B980B
Serial Number 0F 62 2E F3 1D 0F 1E F9 4E 52 0D BD 7A 43 E5 8C
I see. Thanks, @atari .
I am afraid, I am not familiar with this, but will bring this to the attention of the Applications Team.
Thanks, @championquizzer and @atari .
@championquizzer
Any feedback from the Applications Team, as I’m unable to update to 11.0.6 until the expired certificate in the digital signature of the installer is addressed.
Thanks.
@Tig7, thank you for reporting! The Applications team is aware of the issue and working to have this resolved (cc @boklm).
The issue is being tracked on our bug tracker, here: Re-sign 11.0.6 and 11.5a4 windows builds (#40434) · Issues · The Tor Project / Applications / tor-browser-build · GitLab
Hi! Sorry for the delay in fixing this. New .exe files signed with the new certificate have now been uploaded to Index of /torbrowser/11.0.6.
And the next release will be signed with the correct certificate too.
This topic was automatically closed 2 hours after the last reply. New replies are no longer allowed.