AUTH_WEB_LOGIN_NOT_ALLOWED error in libpiano #174

Closed
funnelfiasco opened this Issue Nov 9, 2011 · 61 comments

Comments

Projects
None yet
@funnelfiasco

With pianobar 2011.11.09 on Fedora 16:

[1010 bcotton@sheldon ~/devel/pianobar ]$ pianobar
Welcome to pianobar (2011.11.09)! Press ? for a list of commands.
[?] Email: bcotton@gmail.com
[?] Password:
(i) Login... libpiano: Unknown error AUTH_WEB_LOGIN_NOT_ALLOWED in com.savagebeast.radio.api.protocol.xmlrpc.RadioXmlRpcException: 192.168.161.24|1320858149323|AUTH_WEB_LOGIN_NOT_ALLOWED
Error: Unknown.
[1011 bcotton@sheldon ~/devel/pianobar ]$

The previous pianobar release worked yesterday, and my account works through the Pandora website. I'm not sure where the IP address comes from, no such address exists on my system. I do have a virtualbox virtual interface, but it's on 192.168.122.0/24.

@East2West

This comment has been minimized.

Show comment Hide comment
@East2West

East2West Nov 9, 2011

I can confirm this error as well with the upgraded version.

I can confirm this error as well with the upgraded version.

@rateraide

This comment has been minimized.

Show comment Hide comment
@rateraide

rateraide Nov 9, 2011

This sounds like a scary error, looks like they made another update this morning.

This sounds like a scary error, looks like they made another update this morning.

@isaaclw

This comment has been minimized.

Show comment Hide comment
@isaaclw

isaaclw Nov 9, 2011

pianobar authenticated normally 20 minutes ago... this is a very recent change.

isaaclw commented Nov 9, 2011

pianobar authenticated normally 20 minutes ago... this is a very recent change.

@East2West

This comment has been minimized.

Show comment Hide comment
@East2West

East2West Nov 9, 2011

I wonder if it has to do with this method that is being sent from the web version

4342 101.353385 192.168.1.106 208.85.40.20 HTTP/XML POST /radio/xmlrpc/v33?rid=8905570P&method=canListen&arg1= HTTP/1.1

The response contains three fields, canListen (boolean), psn(empty value) psnLid (empty value)

I wonder if it has to do with this method that is being sent from the web version

4342 101.353385 192.168.1.106 208.85.40.20 HTTP/XML POST /radio/xmlrpc/v33?rid=8905570P&method=canListen&arg1= HTTP/1.1

The response contains three fields, canListen (boolean), psn(empty value) psnLid (empty value)

@ZigZagJoe

This comment has been minimized.

Show comment Hide comment
@ZigZagJoe

ZigZagJoe Nov 9, 2011

my client is still working fine - i suspect this is relating to [other clients] not using SSL for the auth call. i don't use canlisten, either, but i DO ssl it. Will check in a moment.

Confirmed: the issue is not fetching listener.authenticateListener over a SSL'd connection. Turned it off, got this error. Afaik, pianobar doesn't have support for SSL in its fetching library, so that would have to be fixed first.

my client is still working fine - i suspect this is relating to [other clients] not using SSL for the auth call. i don't use canlisten, either, but i DO ssl it. Will check in a moment.

Confirmed: the issue is not fetching listener.authenticateListener over a SSL'd connection. Turned it off, got this error. Afaik, pianobar doesn't have support for SSL in its fetching library, so that would have to be fixed first.

@isaaclw

This comment has been minimized.

Show comment Hide comment
@isaaclw

isaaclw Nov 9, 2011

ZigZagJoe: I'd be interested in a temporary workaround if you can explain how you disable ssl.
Edit: I guess that's actually "how to enable ssl"

isaaclw commented Nov 9, 2011

ZigZagJoe: I'd be interested in a temporary workaround if you can explain how you disable ssl.
Edit: I guess that's actually "how to enable ssl"

@ZigZagJoe

This comment has been minimized.

Show comment Hide comment
@ZigZagJoe

ZigZagJoe Nov 9, 2011

A short term fix would be bringing in curl or some such for the authentication call only, while promy adds SSL support to the pianobar fetch library. But there's no simple fix here, per se.

A short term fix would be bringing in curl or some such for the authentication call only, while promy adds SSL support to the pianobar fetch library. But there's no simple fix here, per se.

@timnovinger

This comment has been minimized.

Show comment Hide comment
@timnovinger

timnovinger Nov 9, 2011

I'm having this issue too after updating.

I'm having this issue too after updating.

@Sharpie Sharpie referenced this issue in Homebrew/legacy-homebrew Nov 9, 2011

Closed

Pianobar needs to be updated to 2011.11.09-dev #8523

@clarkewd

This comment has been minimized.

Show comment Hide comment
@clarkewd

clarkewd Nov 9, 2011

Forgive me for my ignorance, but how do I get from 2011.11.09 to 2011.11.09-dev? (using homebrew?)

clarkewd commented Nov 9, 2011

Forgive me for my ignorance, but how do I get from 2011.11.09 to 2011.11.09-dev? (using homebrew?)

@isaaclw

This comment has been minimized.

Show comment Hide comment
@isaaclw

isaaclw Nov 9, 2011

I already have that version:
isaac@pogo:~/Downloads/pianobar$ ./pianobar
Welcome to pianobar (2011.11.09-dev)! Press ? for a list of commands.
[?] Email: ******
[?] Password:
(i) Login... libpiano: Unknown error AUTH_WEB_LOGIN_NOT_ALLOWED in com.savagebeast.radio.api.protocol.xmlrpc.RadioXmlRpcException: 192.168.160.233|1320865031646|AUTH_WEB_LOGIN_NOT_ALLOWED
Error: Unknown.

isaaclw commented Nov 9, 2011

I already have that version:
isaac@pogo:~/Downloads/pianobar$ ./pianobar
Welcome to pianobar (2011.11.09-dev)! Press ? for a list of commands.
[?] Email: ******
[?] Password:
(i) Login... libpiano: Unknown error AUTH_WEB_LOGIN_NOT_ALLOWED in com.savagebeast.radio.api.protocol.xmlrpc.RadioXmlRpcException: 192.168.160.233|1320865031646|AUTH_WEB_LOGIN_NOT_ALLOWED
Error: Unknown.

@isaaclw

This comment has been minimized.

Show comment Hide comment
@isaaclw

isaaclw Nov 9, 2011

Oh... Sharpie wasn't actually saying that that's the fix... His comment was just an automatic reference since he mentioned this ticket in the other ticket.

That's confusing.

isaaclw commented Nov 9, 2011

Oh... Sharpie wasn't actually saying that that's the fix... His comment was just an automatic reference since he mentioned this ticket in the other ticket.

That's confusing.

@gtsafas

This comment has been minimized.

Show comment Hide comment
@gtsafas

gtsafas Nov 9, 2011

pianobar::master ✔ $ pianobar gtsafas@george 14:06:57
Welcome to pianobar (2011.11.09-dev)! Press ? for a list of commands.
[?] Email:
[?] Password:
(i) Login... libpiano: Unknown error AUTH_WEB_LOGIN_NOT_ALLOWED in com.savagebeast.radio.api.protocol.xmlrpc.RadioXmlRpcException: 192.168.160.233|1320865572764|AUTH_WEB_LOGIN_NOT_ALLOWED
Error: Unknown.

gtsafas commented Nov 9, 2011

pianobar::master ✔ $ pianobar gtsafas@george 14:06:57
Welcome to pianobar (2011.11.09-dev)! Press ? for a list of commands.
[?] Email:
[?] Password:
(i) Login... libpiano: Unknown error AUTH_WEB_LOGIN_NOT_ALLOWED in com.savagebeast.radio.api.protocol.xmlrpc.RadioXmlRpcException: 192.168.160.233|1320865572764|AUTH_WEB_LOGIN_NOT_ALLOWED
Error: Unknown.

@r4

This comment has been minimized.

Show comment Hide comment
@r4

r4 Nov 9, 2011

I can confirm the error on Arch Linux as well.

http://paste.pocoo.org/show/505407/

r4 commented Nov 9, 2011

I can confirm the error on Arch Linux as well.

http://paste.pocoo.org/show/505407/

@PromyLOPh

This comment has been minimized.

Show comment Hide comment
@PromyLOPh

PromyLOPh Nov 9, 2011

Owner

pianobar has experimental SSL support in the tls branch. Please give it a try.

Owner

PromyLOPh commented Nov 9, 2011

pianobar has experimental SSL support in the tls branch. Please give it a try.

@justinrainbow

This comment has been minimized.

Show comment Hide comment
@justinrainbow

justinrainbow Nov 9, 2011

Having a different error on the tls branch Network error: TLS handshake failed.

Having a different error on the tls branch Network error: TLS handshake failed.

@bpowers

This comment has been minimized.

Show comment Hide comment
@bpowers

bpowers Nov 9, 2011

same with tls branch:

(i) Login... Network error: TLS handshake failed.

bpowers commented Nov 9, 2011

same with tls branch:

(i) Login... Network error: TLS handshake failed.

@Asmundr

This comment has been minimized.

Show comment Hide comment
@Asmundr

Asmundr Nov 9, 2011

TLS branch works here
running Arch Linux i686

Asmundr commented Nov 9, 2011

TLS branch works here
running Arch Linux i686

@clarkewd

This comment has been minimized.

Show comment Hide comment
@clarkewd

clarkewd Nov 9, 2011

Would it be possible to add some notes on how to build for OS X in the install file? I'm getting this error:

ld: symbol(s) not found for architecture i386
collect2: ld returned 1 exit status
make: *** [pianobar] Error 1

Seems like I had this in the past and fixed it, but I don't remember what I did now.

clarkewd commented Nov 9, 2011

Would it be possible to add some notes on how to build for OS X in the install file? I'm getting this error:

ld: symbol(s) not found for architecture i386
collect2: ld returned 1 exit status
make: *** [pianobar] Error 1

Seems like I had this in the past and fixed it, but I don't remember what I did now.

@PromyLOPh

This comment has been minimized.

Show comment Hide comment
@PromyLOPh

PromyLOPh Nov 9, 2011

Owner

There’s no proxy support yet. Therefore the handshake fails.

Owner

PromyLOPh commented Nov 9, 2011

There’s no proxy support yet. Therefore the handshake fails.

@isaaclw

This comment has been minimized.

Show comment Hide comment
@isaaclw

isaaclw Nov 9, 2011

I've installed libcurl3-gnutls-dev, which helps with building the tls branch, but I'm still having troubles compiling...

isaaclw commented Nov 9, 2011

I've installed libcurl3-gnutls-dev, which helps with building the tls branch, but I'm still having troubles compiling...

@snixon

This comment has been minimized.

Show comment Hide comment
@snixon

snixon Nov 9, 2011

Confirmed TLS branch working on Ubuntu 11.10 amd64: With a previously working pianobar

Instructions:
git clone -b tls https://github.com/PromyLOPh/pianobar.git
sudo apt-get install libgnutls-dev
cd pianobar
make
sudo make install

snixon commented Nov 9, 2011

Confirmed TLS branch working on Ubuntu 11.10 amd64: With a previously working pianobar

Instructions:
git clone -b tls https://github.com/PromyLOPh/pianobar.git
sudo apt-get install libgnutls-dev
cd pianobar
make
sudo make install

@PromyLOPh

This comment has been minimized.

Show comment Hide comment
@PromyLOPh

PromyLOPh Nov 9, 2011

Owner

Poor man’s proxy support: https://gist.github.com/1352755

Would it be possible to add some notes on how to build for OS X in the install file?

There is a note about OS X in INSTALL.

Owner

PromyLOPh commented Nov 9, 2011

Poor man’s proxy support: https://gist.github.com/1352755

Would it be possible to add some notes on how to build for OS X in the install file?

There is a note about OS X in INSTALL.

@babyhuey23

This comment has been minimized.

Show comment Hide comment
@babyhuey23

babyhuey23 Nov 9, 2011

I have libgnutls-dev installed but I am getting the error:
undefined reference to `gnutls_certificate_set_verify_function'
when I try to compile

I have libgnutls-dev installed but I am getting the error:
undefined reference to `gnutls_certificate_set_verify_function'
when I try to compile

@isaaclw

This comment has been minimized.

Show comment Hide comment
@isaaclw

isaaclw Nov 9, 2011

            src/libwaitress/waitress.o src/libezxml/ezxml.o -lao -lpthread -lm \
            -lfaad -lmad -lgnutls -o pianobar
src/libwaitress/waitress.o: In function`WaitressFetchCall':
waitress.c:(.text+0xcae): undefined reference to `gnutls_certificate_set_verify_function'

Hopefully I didn't minimize it too much.
libgnutls-dev, libcurl4-gnutls-dev are both installed (ubuntu 11.04 amd)

isaaclw commented Nov 9, 2011

            src/libwaitress/waitress.o src/libezxml/ezxml.o -lao -lpthread -lm \
            -lfaad -lmad -lgnutls -o pianobar
src/libwaitress/waitress.o: In function`WaitressFetchCall':
waitress.c:(.text+0xcae): undefined reference to `gnutls_certificate_set_verify_function'

Hopefully I didn't minimize it too much.
libgnutls-dev, libcurl4-gnutls-dev are both installed (ubuntu 11.04 amd)

@clarkewd

This comment has been minimized.

Show comment Hide comment
@clarkewd

clarkewd Nov 9, 2011

@PromyLOPh - thanks. it is in https://raw.github.com/PromyLOPh/pianobar/tls/INSTALL but not in https://raw.github.com/PromyLOPh/pianobar/master/INSTALL

I was looking at the wrong one. Any reason a note for OS X is not in the master too?

clarkewd commented Nov 9, 2011

@PromyLOPh - thanks. it is in https://raw.github.com/PromyLOPh/pianobar/tls/INSTALL but not in https://raw.github.com/PromyLOPh/pianobar/master/INSTALL

I was looking at the wrong one. Any reason a note for OS X is not in the master too?

@PromyLOPh

This comment has been minimized.

Show comment Hide comment
@PromyLOPh

PromyLOPh Nov 9, 2011

Owner
>= gnutls-2.10.0 is required. Which version do you have installed?
Owner

PromyLOPh commented Nov 9, 2011

>= gnutls-2.10.0 is required. Which version do you have installed?
@clarkewd

This comment has been minimized.

Show comment Hide comment
@clarkewd

clarkewd Nov 9, 2011

Successful build on OS X, but TLS handshake fails.

brew install gnutls
git clone -b tls https://github.com/PromyLOPh/pianobar.git
cd pianobar/
make clean && make CFLAGS="-O2 -DNDEBUG -W64"


Welcome to pianobar (2011.11.09-dev)! Press ? for a list of commands.
(i) Login... Network error: TLS handshake failed.

clarkewd commented Nov 9, 2011

Successful build on OS X, but TLS handshake fails.

brew install gnutls
git clone -b tls https://github.com/PromyLOPh/pianobar.git
cd pianobar/
make clean && make CFLAGS="-O2 -DNDEBUG -W64"


Welcome to pianobar (2011.11.09-dev)! Press ? for a list of commands.
(i) Login... Network error: TLS handshake failed.
@r4

This comment has been minimized.

Show comment Hide comment
@r4

r4 Nov 9, 2011

I'm failing on the handshake as well.

r4 commented Nov 9, 2011

I'm failing on the handshake as well.

@lsuchocki

This comment has been minimized.

Show comment Hide comment
@lsuchocki

lsuchocki Nov 9, 2011

Fix for my "TLS handshake failed"

Defaults to finding CA root certificates in:
/etc/ssl/certs/ca-certificates.crt

If your is in a different directory, add a ~/.config/pianobar/config option to something like this:

tls_ca_path = /etc/pki/tls/certs/ca-bundle.crt

Fix for my "TLS handshake failed"

Defaults to finding CA root certificates in:
/etc/ssl/certs/ca-certificates.crt

If your is in a different directory, add a ~/.config/pianobar/config option to something like this:

tls_ca_path = /etc/pki/tls/certs/ca-bundle.crt

@PromyLOPh

This comment has been minimized.

Show comment Hide comment
@PromyLOPh

PromyLOPh Nov 9, 2011

Owner

Please use the branch tls-emergency or apply the patch posted above if you’re behind a proxy.

edit: Ah, yes. That’s another possible point of failure, lsuchocki.

Owner

PromyLOPh commented Nov 9, 2011

Please use the branch tls-emergency or apply the patch posted above if you’re behind a proxy.

edit: Ah, yes. That’s another possible point of failure, lsuchocki.

@amoffat

This comment has been minimized.

Show comment Hide comment
@amoffat

amoffat Nov 9, 2011

i made https://github.com/amoffat/pypandora so i'm looking at the issue as well. i'm experiencing the same error, but just from a quick glance, it looks like pandora removed the authenticateListener method and added a createListener method, which doesn't return xml, but an xml string embedded in json (i think, i can't remember). it looks like the authentication token to use pandora is embedded in this xml

i think what we need is the xml that createListener sends out (before encryption), and to parse the returning data to extract the token

amoffat commented Nov 9, 2011

i made https://github.com/amoffat/pypandora so i'm looking at the issue as well. i'm experiencing the same error, but just from a quick glance, it looks like pandora removed the authenticateListener method and added a createListener method, which doesn't return xml, but an xml string embedded in json (i think, i can't remember). it looks like the authentication token to use pandora is embedded in this xml

i think what we need is the xml that createListener sends out (before encryption), and to parse the returning data to extract the token

@isaaclw

This comment has been minimized.

Show comment Hide comment
@isaaclw

isaaclw Nov 9, 2011

updating to tls 2.12 fixes my compile issue.
Once I get a chance I'll figure out how to set up sid (http://packages.debian.org/sid/libgnutls-dev) for this package. For now I just added sid, and did an update on this specific package, then removed sid.

isaaclw commented Nov 9, 2011

updating to tls 2.12 fixes my compile issue.
Once I get a chance I'll figure out how to set up sid (http://packages.debian.org/sid/libgnutls-dev) for this package. For now I just added sid, and did an update on this specific package, then removed sid.

@r4

This comment has been minimized.

Show comment Hide comment
@r4

r4 Nov 9, 2011

TLS handshake error still persists...

My config file.. http://paste.pocoo.org/show/505460/

r4 commented Nov 9, 2011

TLS handshake error still persists...

My config file.. http://paste.pocoo.org/show/505460/

@clarkewd

This comment has been minimized.

Show comment Hide comment
@clarkewd

clarkewd Nov 9, 2011

Working On OS X!!

//download the root certificates from some sketchy site I found in google:
wget -O ~/pianobar-cacert.pem http://curl.haxx.se/ca/cacert.pem

//add the path to the pianobar config file
echo "tls_ca_path = $HOME/pianobar-cacert.pem" >> ~/.config/pianobar/config

//install the dev tools
brew install gnutls

//clone the emergency branch
git clone -b tls-emergency https://github.com/PromyLOPh/pianobar.git
cd pianobar/
make clean && make CFLAGS="-O2 -DNDEBUG -W64"

//run pianobar from the current directory (just "pianobar" instead of "./pianobar" may fail if it is elsewhere in the path )
./pianobar

Welcome to pianobar (2011.11.09-dev)! Press ? for a list of commands.
(i) Login... Ok.
(i) Get stations... Ok.

clarkewd commented Nov 9, 2011

Working On OS X!!

//download the root certificates from some sketchy site I found in google:
wget -O ~/pianobar-cacert.pem http://curl.haxx.se/ca/cacert.pem

//add the path to the pianobar config file
echo "tls_ca_path = $HOME/pianobar-cacert.pem" >> ~/.config/pianobar/config

//install the dev tools
brew install gnutls

//clone the emergency branch
git clone -b tls-emergency https://github.com/PromyLOPh/pianobar.git
cd pianobar/
make clean && make CFLAGS="-O2 -DNDEBUG -W64"

//run pianobar from the current directory (just "pianobar" instead of "./pianobar" may fail if it is elsewhere in the path )
./pianobar

Welcome to pianobar (2011.11.09-dev)! Press ? for a list of commands.
(i) Login... Ok.
(i) Get stations... Ok.
@lordB8r

This comment has been minimized.

Show comment Hide comment
@lordB8r

lordB8r Nov 9, 2011

I don't know if it's just me, but brew can't find a formula for libgnutls-dev

lordB8r commented Nov 9, 2011

I don't know if it's just me, but brew can't find a formula for libgnutls-dev

@justinrainbow

This comment has been minimized.

Show comment Hide comment
@justinrainbow

justinrainbow Nov 9, 2011

Adding the cert http://curl.haxx.se/ca/cacert.pem works for me on OS X Lion. Thanks @clarkewd

Adding the cert http://curl.haxx.se/ca/cacert.pem works for me on OS X Lion. Thanks @clarkewd

@funnelfiasco

This comment has been minimized.

Show comment Hide comment
@funnelfiasco

funnelfiasco Nov 9, 2011

On Fedora 16, setting
tls_ca_path = /etc/ssl/certs/ca-bundle.crt

with the tls branch works.

On Fedora 16, setting
tls_ca_path = /etc/ssl/certs/ca-bundle.crt

with the tls branch works.

@bpowers

This comment has been minimized.

Show comment Hide comment
@bpowers

bpowers Nov 9, 2011

like @funnelfiasco, setting the cert path as @lsuchocki suggests fixes things for me!

bpowers commented Nov 9, 2011

like @funnelfiasco, setting the cert path as @lsuchocki suggests fixes things for me!

@randallsquared

This comment has been minimized.

Show comment Hide comment
@randallsquared

randallsquared Nov 9, 2011

Clarkewd's cacert solution worked for me, too, though I am using tls instead of tls-emergency, and just put "depends_on 'gnutls'" in the pianobar formula.

Clarkewd's cacert solution worked for me, too, though I am using tls instead of tls-emergency, and just put "depends_on 'gnutls'" in the pianobar formula.

@amoffat

This comment has been minimized.

Show comment Hide comment
@amoffat

amoffat Nov 9, 2011

i can confirm that authenticating to https fixes the problem, but it doesn't look like the pandora player on the website is doing only that.

pianobar and pypandora are authenticating at /radio/xmlrpc/vVERSION with a POST, but the pandora.com player is authenticating at /radio/jsonp with a GET. the fact that we're still able to auth at the old endpoint probably means that they're in the process of migrating authentication code, so just a heads up, i won't be surprised if it breaks again in the near future

amoffat commented Nov 9, 2011

i can confirm that authenticating to https fixes the problem, but it doesn't look like the pandora player on the website is doing only that.

pianobar and pypandora are authenticating at /radio/xmlrpc/vVERSION with a POST, but the pandora.com player is authenticating at /radio/jsonp with a GET. the fact that we're still able to auth at the old endpoint probably means that they're in the process of migrating authentication code, so just a heads up, i won't be surprised if it breaks again in the near future

@clarkewd

This comment has been minimized.

Show comment Hide comment
@clarkewd

clarkewd Nov 9, 2011

had one typo earlier - use:

brew install gnutls

not

brew install libgnutls-dev

sorry about that

clarkewd commented Nov 9, 2011

had one typo earlier - use:

brew install gnutls

not

brew install libgnutls-dev

sorry about that

@lordB8r

This comment has been minimized.

Show comment Hide comment
@lordB8r

lordB8r Nov 9, 2011

confirmed it works now, thanks @clarkewd!

lordB8r commented Nov 9, 2011

confirmed it works now, thanks @clarkewd!

@daphenix

This comment has been minimized.

Show comment Hide comment
@daphenix

daphenix Nov 9, 2011

Yep, Fedora 15 got it working with the cert clarkewd found and tls-emergency as well. Thanks.

daphenix commented Nov 9, 2011

Yep, Fedora 15 got it working with the cert clarkewd found and tls-emergency as well. Thanks.

@mzilikazi

This comment has been minimized.

Show comment Hide comment
@mzilikazi

mzilikazi Nov 9, 2011

TLS branch working on Debian testing:

apt-cache policy libgnutls26 libgnutls-dev
libgnutls26:
Installed: 2.12.11-1
Candidate: 2.12.11-1
Version table:
*** 2.12.11-1 0
500 http://mirrors.xmission.com/debian/ testing/main i386 Packages
100 /var/lib/dpkg/status
2.8.6-1 0
500 http://mirrors.xmission.com/debian/ stable/main i386 Packages
libgnutls-dev:
Installed: 2.12.11-1
Candidate: 2.12.11-1
Version table:
*** 2.12.11-1 0
500 http://mirrors.xmission.com/debian/ testing/main i386 Packages
100 /var/lib/dpkg/status
2.8.6-1 0
500 http://mirrors.xmission.com/debian/ stable/main i386 Packages

TLS branch working on Debian testing:

apt-cache policy libgnutls26 libgnutls-dev
libgnutls26:
Installed: 2.12.11-1
Candidate: 2.12.11-1
Version table:
*** 2.12.11-1 0
500 http://mirrors.xmission.com/debian/ testing/main i386 Packages
100 /var/lib/dpkg/status
2.8.6-1 0
500 http://mirrors.xmission.com/debian/ stable/main i386 Packages
libgnutls-dev:
Installed: 2.12.11-1
Candidate: 2.12.11-1
Version table:
*** 2.12.11-1 0
500 http://mirrors.xmission.com/debian/ testing/main i386 Packages
100 /var/lib/dpkg/status
2.8.6-1 0
500 http://mirrors.xmission.com/debian/ stable/main i386 Packages

@clarkewd

This comment has been minimized.

Show comment Hide comment
@clarkewd

clarkewd Nov 9, 2011

Just so you know the "cert" that I found is a list of "CA root certificates" which are publicly available and usually come installed with web browsers. They are basically public keys for authorized SSL providers (or "certificate authorities (CA)", like Thwarte. The reason that pianobar was failing is because it didn't have the public keys for those certificate authorities and thus could not verify that the SSL connection to Pandora was not being MITM attacked. There is probably a more legitimate place to download the "CA root certificates" list that that site but that's the first place I found it. if you have a more legitimate source please share! :)

disclaimer: I didn't spent too much time checking the exact terminology when writing this post so if I've used a wrong term i apologize but just wanted to let everyone know a little more about what was going on.

Special thanks to PromyLOPh for creating the emergency branch and continuing to develop and quickly respond to issues.

clarkewd commented Nov 9, 2011

Just so you know the "cert" that I found is a list of "CA root certificates" which are publicly available and usually come installed with web browsers. They are basically public keys for authorized SSL providers (or "certificate authorities (CA)", like Thwarte. The reason that pianobar was failing is because it didn't have the public keys for those certificate authorities and thus could not verify that the SSL connection to Pandora was not being MITM attacked. There is probably a more legitimate place to download the "CA root certificates" list that that site but that's the first place I found it. if you have a more legitimate source please share! :)

disclaimer: I didn't spent too much time checking the exact terminology when writing this post so if I've used a wrong term i apologize but just wanted to let everyone know a little more about what was going on.

Special thanks to PromyLOPh for creating the emergency branch and continuing to develop and quickly respond to issues.

@daphenix

This comment has been minimized.

Show comment Hide comment
@daphenix

daphenix Nov 9, 2011

Ah thanks for the info clarkewd. I swear I learn something new everyday. And I would also like to give thanks to PromyLOPh. Awesome Job!

daphenix commented Nov 9, 2011

Ah thanks for the info clarkewd. I swear I learn something new everyday. And I would also like to give thanks to PromyLOPh. Awesome Job!

@rdj

This comment has been minimized.

Show comment Hide comment
@rdj

rdj Nov 9, 2011

Tweaked the head :tag in the pianobar formula to install through homebrew:

https://gist.github.com/1353258

rdj commented Nov 9, 2011

Tweaked the head :tag in the pianobar formula to install through homebrew:

https://gist.github.com/1353258

@patrickhenry14

This comment has been minimized.

Show comment Hide comment
@patrickhenry14

patrickhenry14 Nov 9, 2011

Still getting the libpiano: Unknown error AUTH_WEB_LOGIN_NOT_ALLOWED in com.savagebeast.radio.api.protocol.xmlrpc.RadioXmlRpcException: 192.168.161.24|1320858149323|AUTH_WEB_LOGIN_NOT_ALLOWED
using the tls-emergency branch.

Still getting the libpiano: Unknown error AUTH_WEB_LOGIN_NOT_ALLOWED in com.savagebeast.radio.api.protocol.xmlrpc.RadioXmlRpcException: 192.168.161.24|1320858149323|AUTH_WEB_LOGIN_NOT_ALLOWED
using the tls-emergency branch.

@arturo-c

This comment has been minimized.

Show comment Hide comment
@arturo-c

arturo-c Nov 9, 2011

Awesome thanks @clarkewd @PromyLOPh, I have recently become addicted to pianobar and wasn't ready to give it up. :)

arturo-c commented Nov 9, 2011

Awesome thanks @clarkewd @PromyLOPh, I have recently become addicted to pianobar and wasn't ready to give it up. :)

@bpowers

This comment has been minimized.

Show comment Hide comment
@bpowers

bpowers Nov 10, 2011

Just to be clear @daphenix and any other Fedora users, you shouldn't need to pull down a list of root CAs, in the pianobar config (~/.config/pianobar/config) simply set:

tls_ca_path = /etc/pki/tls/certs/ca-bundle.crt

as @lsuchocki mentioned.

bpowers commented Nov 10, 2011

Just to be clear @daphenix and any other Fedora users, you shouldn't need to pull down a list of root CAs, in the pianobar config (~/.config/pianobar/config) simply set:

tls_ca_path = /etc/pki/tls/certs/ca-bundle.crt

as @lsuchocki mentioned.

@clarkewd

This comment has been minimized.

Show comment Hide comment
@clarkewd

clarkewd Nov 10, 2011

@patrickhenry14 try launching using ./pianobar while in the directory where you compiled instead of pianobar. i think your running an old version because path is overriding the newly compiled one.

@bpowers - yes, unfortunately I don't think the bundle is included on OS X :)

@patrickhenry14 try launching using ./pianobar while in the directory where you compiled instead of pianobar. i think your running an old version because path is overriding the newly compiled one.

@bpowers - yes, unfortunately I don't think the bundle is included on OS X :)

@aaronott

This comment has been minimized.

Show comment Hide comment
@aaronott

aaronott Nov 10, 2011

anyone else get the error
waitress.c:(.text+0xfeb): undefined reference to `gnutls_certificate_set_verify_function'
collect2: ld returned 1 exit status
make: *** [pianobar] Error 1

when doing the make? I'm on Ubuntu 10.10.

I solved this for me by commenting out that line in the waitress.c file, and doing a make clean && make

https://gist.github.com/1353970

<script src="https://gist.github.com/1353970.js?file=gistfile1.txt"></script>

anyone else get the error
waitress.c:(.text+0xfeb): undefined reference to `gnutls_certificate_set_verify_function'
collect2: ld returned 1 exit status
make: *** [pianobar] Error 1

when doing the make? I'm on Ubuntu 10.10.

I solved this for me by commenting out that line in the waitress.c file, and doing a make clean && make

https://gist.github.com/1353970

<script src="https://gist.github.com/1353970.js?file=gistfile1.txt"></script>
@gtsafas

This comment has been minimized.

Show comment Hide comment
@gtsafas

gtsafas Nov 10, 2011

@rdj I manually compiled and was able to get this to work with the tls branch.

What would the command to install via brew be? I tried upgrade but it did not seem to work.

gtsafas commented Nov 10, 2011

@rdj I manually compiled and was able to get this to work with the tls branch.

What would the command to install via brew be? I tried upgrade but it did not seem to work.

@bear24rw

This comment has been minimized.

Show comment Hide comment
@bear24rw

bear24rw Nov 10, 2011

TLS branch is confirmed working for me on Gentoo

TLS branch is confirmed working for me on Gentoo

@PromyLOPh

This comment has been minimized.

Show comment Hide comment
@PromyLOPh

PromyLOPh Nov 10, 2011

Owner

Thanks everyone for testing. If you encounter any bugs in the tls-emergency branch open a new issue, please. I’ll merge the branch into master and package a new release this weekend.

Owner

PromyLOPh commented Nov 10, 2011

Thanks everyone for testing. If you encounter any bugs in the tls-emergency branch open a new issue, please. I’ll merge the branch into master and package a new release this weekend.

@PromyLOPh PromyLOPh closed this Nov 10, 2011

@derwolfe

This comment has been minimized.

Show comment Hide comment
@derwolfe

derwolfe Nov 10, 2011

Confirm on Fedora 15 - use yum install gnutls-devel, add the cert path to ~/.config/pianobar/config, remake.

Confirm on Fedora 15 - use yum install gnutls-devel, add the cert path to ~/.config/pianobar/config, remake.

@Hypnopompia

This comment has been minimized.

Show comment Hide comment
@Hypnopompia

Hypnopompia Nov 10, 2011

On Ubuntu 10.04 using libgnutls-dev 2.8.6-1 I also had to comment out the gnutls_certificate_set_verify_function line in waitress.c to get it to compile, but it works now. Thanks!

On Ubuntu 10.04 using libgnutls-dev 2.8.6-1 I also had to comment out the gnutls_certificate_set_verify_function line in waitress.c to get it to compile, but it works now. Thanks!

@r4

This comment has been minimized.

Show comment Hide comment
@r4

r4 Nov 10, 2011

tls-emergency branch works on arch linux

r4 commented Nov 10, 2011

tls-emergency branch works on arch linux

@ip2k

This comment has been minimized.

Show comment Hide comment
@ip2k

ip2k Nov 10, 2011

tls-emergency branch works for me on Ubuntu 11.11 without doing anything else besides installing libgnutls-dev. I had to put 'dev=hw:1' into my /etc/libao.conf to get output working on my 2nd sound card. I'm using ALSA. The root CA path for Ubuntu 11.11 is /etc/ssl/certs/ca-certificates.crt, but I didn't need to specify this anywhere.

ip2k commented Nov 10, 2011

tls-emergency branch works for me on Ubuntu 11.11 without doing anything else besides installing libgnutls-dev. I had to put 'dev=hw:1' into my /etc/libao.conf to get output working on my 2nd sound card. I'm using ALSA. The root CA path for Ubuntu 11.11 is /etc/ssl/certs/ca-certificates.crt, but I didn't need to specify this anywhere.

@jcmuller

This comment has been minimized.

Show comment Hide comment
@jcmuller

jcmuller Nov 11, 2011

Contributor

Actually, OSX users: the root certificates are bundled with the system, you just need to pull them out. Open Keychain Access, select "System Roots". I selected all the entries (cmd-a), then "File" > "Export Items...". Selected the .cer option, and saved the file. Pointed my pianobar config to that file, and, provided that I'm using the tls-emergency branch, and that I upgraded gnutls (using homebrew) to 2.12.12, pianobar works again!

Hope this helps, and avoids having to download the certificate file from that site...

Contributor

jcmuller commented Nov 11, 2011

Actually, OSX users: the root certificates are bundled with the system, you just need to pull them out. Open Keychain Access, select "System Roots". I selected all the entries (cmd-a), then "File" > "Export Items...". Selected the .cer option, and saved the file. Pointed my pianobar config to that file, and, provided that I'm using the tls-emergency branch, and that I upgraded gnutls (using homebrew) to 2.12.12, pianobar works again!

Hope this helps, and avoids having to download the certificate file from that site...

@hunner hunner referenced this issue in nega0/pianobarfly Nov 12, 2011

Closed

AUTH_WEB_LOGIN_NOT_ALLOWED #10

@gchaix

This comment has been minimized.

Show comment Hide comment
@gchaix

gchaix Apr 11, 2012

Adding "tls_ca_path = /etc/ssl/certs/ca.crt" to my config on Ubuntu 12.04 resolved the "TLS handshake failed" issue.

gchaix commented Apr 11, 2012

Adding "tls_ca_path = /etc/ssl/certs/ca.crt" to my config on Ubuntu 12.04 resolved the "TLS handshake failed" issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment