You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After upgrading system libraries (including OpenSSL) and re-compiling RetroShare, previously unproblematic connections to friends all fail with the following error (no debugging enabled):
(Wed Feb 3 18:00:29 2021 Z: pqisslzone, lvl: 0): pqissl::SSL_Connection_Complete()
Issues with SSL Connect(-1)!
RetVal(-1) -> SSL Error: SSL_ERROR_SSL
+ ERR Error: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
pqissl::Extract_Failed_SSL_Certificate() FAILED Connection due to Security Issues
(Wed Feb 3 18:00:29 2021 Z: pqisslzone, lvl: 0): pqissl::Extract_Failed_SSL_Certificate() Peer Didnt Give Cert
pqissl::Extract_Failed_SSL_Certificate() ERROR Peer Didn't Give Us Certificate
(Wed Feb 3 18:00:29 2021 Z: pqisslzone, lvl: 0): pqissl::SSL_Connection_Complete() -> calling reset()
When looking at the network traffic, the TLS interaction is as follows:
No. Time Source Destination Protocol Length Info
1537 29.291590780 <me> <friend> TLSv1.2 339 Client Hello
1586 29.866800930 <friend> <me> TLSv1.2 2202 Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done
1588 29.892898417 <me> <friend> TLSv1.2 73 Alert (Level: Fatal, Description: Certificate Expired)
By the way, the certificate presented by the server has both notAfter and notBefore set to 1970-01-01 (for anonymization purposes, I think).
Could it be that the updated OpenSSL version changed some of the (internal) certificate verification handling routines?
The above friend (who is not having trouble connecting to other friends) is using OpenSSL 1.0.2n.
Debian had recently increased the security level of the handshake. RS master takes care of it, but it's not the case of 0.6.5. It's also possible that the "certificate expired" is a problem in your SSL libraries, which would be new as well.
I think I had been running my previous RetroShare build on v1.1.1h, so if the issue is with the OpenSSL library itself (and not some setting or something else related), it probably just came with 1.1.1i.
After upgrading system libraries (including OpenSSL) and re-compiling RetroShare, previously unproblematic connections to friends all fail with the following error (no debugging enabled):
When looking at the network traffic, the TLS interaction is as follows:
By the way, the certificate presented by the server has both notAfter and notBefore set to 1970-01-01 (for anonymization purposes, I think).
Could it be that the updated OpenSSL version changed some of the (internal) certificate verification handling routines?
The above friend (who is not having trouble connecting to other friends) is using OpenSSL 1.0.2n.
My RetroShare/system version info is as follows:
The text was updated successfully, but these errors were encountered: