I see the same error on Mageia 5 beta (getting continuous updates) ans as per link below it also happens other distros. I have boinc 7.2.42 installed by Mageia package.

( I have over two hundred WCG results to upload and some are getting past deadline.
- While other projects like climateprediction and malariacontrol runs fine. )

For me it started some days ago: all World Community grid projects get on upload "self signed certificate in certificate chain" error (viewable after increasing the logging - for new readers see instructions at http://boinc.berkeley.edu/wiki/Client_configuration ).

I now searched and found your post here, but also this explantions and solutions: http://www.worldcommunitygrid.org/forums/wcg/viewthread?thread=15682

I do not have time to try just now, but see if this helps you and possibly add to that thread or here. And maybe inform the distro packager. I will try do the same later.


Besides, someone ougt to bost a bug agaisnt BOINC for showing "transient error" fooling the users to think it will probably solve itself!

Thnks for working through this and posting your step-by-step solution to get a good ca-bundle.crt in place. With your permission will substitute these in the linked FAQ.

Crowd Crunch On.

P.S. Mageia is most definitely a new Linux distro to me. Probably even more rare than FreeBSD in the distributed computing world.

You are exactly right. Replacing the ca-root-nss.crt file was the way to fix the issue. Unfortunately, for FreeBSD, the location of the certificate bundle is hard coded into the BOINC client via the libcurl.so library. I have to physically rename the /usr/local/share/cert/ca-root-nss.crt file everytime I want to use the BOINC version to communicate with WCG, and then rename the current version to surf the internet. Perhaps Firefox has a manual way to use the current certificate bundle with a different name while BOINC can use the old bundle with the hardcoded name. It isn't enough to just put the BOINC version in my data directory. The BOINC client ignores that file completely.

Of course the proper way would be to push it up to the Mozilla developers and tell them their certificate bundle doesn't work correctly with WCG, but I'm not sure how responsive they will be.

In either case, it is definitely not a user friendly process at all, and I'm very wary of using old certificates while on the internet. I'm not exactly sure how I'm going to proceed with this issue.

I've had contact over this with the BOINC developers.
The problem seems to be that the path to the certificate is only available at '/usr/local/share/cert/ca-root-nss.crt'. To get this to change, does need the package maintainer of BOINC for FreeBSD.

We haven't a clue who that is.
But reading the maintainer list, you either have to email ports at freebsd dot org, or more specific for this since it's a bug, freebsd-ports-bugs at FreeBSD dot org

Thanks all for your prompt attention to the matter.

I guess since there isn't a maintainer for the boinc-client port it will probably sit until someone decides to look into it. I would look into it but I don't have enough experience programming, just enough to hack (BS) my way through some simple errors that I can fix myself. At least the issue has been identified and a workaround has been established. Hopefully this will help others out if they run into this issue as well.