Cannot download from Firefox.

Started by acrouzet, November 04, 2024, 19:02:21

Previous topic - Next topic

acrouzet

Trying to go to the main stable release download link on the site results in this warning from Firefox:

Any ideas on how to possibly fix/bypass this?

Saga Musix

I am able to connect to https://download.openmpt.org/ with Firefox just fine here. The fact that you were able to connect to the main website and this forum shows that it might have just been a temporary hiccup, but if the problem persists, please press the "Advanced..." button and take a screenshot of the additional information presented there. Also click on the "Show certificate" button you should be seeing there, and take a screenshot of that as well.

» No support, bug reports, feature requests via private messages - they will not be answered. Use the forums and the issue tracker so that everyone can benefit from your post.

acrouzet

#2
Looks like it could be a problem with my ISP? "Advanced" shows the following text:

Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for download.openmpt.org. The certificate is only valid for low-xdns.xfinity.com.
 
Error code: SSL_ERROR_BAD_CERT_DOMAIN

I tried clicking the link with a VPN on, and it downloads.

manx

Quote from: acrouzet on November 05, 2024, 00:34:26Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for download.openmpt.org. The certificate is only valid for low-xdns.xfinity.com.
 
Error code: SSL_ERROR_BAD_CERT_DOMAIN

If xfinity is your ISP, it looks like your ISP is man-in-the-middle-attacking your internet connection. As far as I know that might probably not be legal in the US (but I am not a US citizen and not really familiar in detail with the net neutrality, data protection, and security regulations in the US; and I am not a lawyer).

Quote from: acrouzet on November 05, 2024, 00:34:26I tried clicking the link with a VPN on, and it downloads.

If you trust your VPN provider more than your ISP (and the quoted attack is a good hint that that would be reasonable), this is a valid solution/work-around. Another would be using a different ISP (but that might be difficult or impossible depending on the market situation at your location).

I have no idea why xfinity would do what they are doing. I suggest you contact their support and ask for clarification and explanation, and possibly demand that they stop doing that. Firefox (rightfully so) prevented the interception of your connection.

Saga Musix

My guess would be that Xfinity is blocking that subdomain because some antivirus software falsely claims that some OpenMPT versions contain viruses. There is probably a way to turn off this "safe browsing" feature with your ISP, or tell your browser to use a different DNS server to avoid their nanny DNS server. In Firefox in particular, there's this setting you could try.

Apart from that, once again the only thing we can do is reporting those false positives - to antivirus vendors, to ISPs doing the blocking (though I doubt they will be able to do anything because they probably just get their data from a third party like Google Safebrowsing).
While I occasionally do this, I cannot dedicate my entire spare time to reporting false positives. As I already mentioned in the linked thread, everyone in the OpenMPT community can help us by uploading the various packages available from https://download.openmpt.org/archive/ to https://www.virustotal.com/ and check if they are reported as malicious - and if they are, figure out how to contact the antivirus vendor in question and ask the software to be whitelisted. If we get this done for enough OpenMPT versions, we might able to get off those pesky "safe browsing" blocklists.
» No support, bug reports, feature requests via private messages - they will not be answered. Use the forums and the issue tracker so that everyone can benefit from your post.