intermittent updater failures on Win64 (Error 19)
When testing updates from Tor Browser 8.0a8 (ESR52) to the 8.0a9 release candidate (ESR60), Kathy and I encountered a failure when trying to update a Win64 browser that was using an obfs4 transport. The error was 19 (CERT_VERIFY_ERROR). We cannot reproduce this error on other platforms, and the mar file signature does in fact seem to be correct.
When testing with the same mar file and running updater.exe manually via a CMD shell, we saw the same error. However, after several attempts the update succeeded. It seems to fail about 4/5 of the time. Georg pointed out that this sounds a lot like a problem that was reported on tor-talk a earlier this year:
https://lists.torproject.org/pipermail/tor-talk/2018-January/043930.html
Note that this is a bug in our ESR52-based Tor Browser; we will need to determine if the bug still exists in an ESR60-based browser (and look for the cause).