Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to use TLS connection with glib-networking 2.64.3 #251

Closed
SilverRainZ opened this issue Jun 1, 2020 · 2 comments · Fixed by #252
Closed

Unable to use TLS connection with glib-networking 2.64.3 #251

SilverRainZ opened this issue Jun 1, 2020 · 2 comments · Fixed by #252

Comments

@SilverRainZ
Copy link
Member

SilverRainZ commented Jun 1, 2020

  • ArchLinux

  • Srain 1.1-git@0.1408.a6b5596

  • GLib 1.2.10-14

  • GTK3 1:3.24.20-1

glib-networking 2.64.2-1

Anything goes well except this warning:

(srain:1916358): GLib-Net-WARNING **: 13:16:38.927: GTlsClientConnection certificate verification will fail because its server-identity property is NULL. Fix your application!

glib-networking 2.64.3-1

[WARN on_accept_certificate] Certificate error: bad-identity
[ ERR on_connect_fail] Connect failed: 无法接受的 TLS 证书

conclusion

According to glib-networking's doc:

If the G_TLS_CERTIFICATE_BAD_IDENTITY flag is set in “validation-flags”, this object will be used to determine the expected identify of the remote end of the connection; if “server-identity” is not set, or does not match the identity presented by the server, then the G_TLS_CERTIFICATE_BAD_IDENTITY validation will fail.

But it is not correctly implemented before 2.64, it just print a "Fix your application" but not fail the connection, In 2.64.3 it is fixed, but breaks srain :'(

ref: https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135

@SilverRainZ SilverRainZ added the bug label Jun 1, 2020
@SilverRainZ SilverRainZ added this to the 1.3 milestone Jun 1, 2020
@SilverRainZ SilverRainZ self-assigned this Jun 1, 2020
@SilverRainZ SilverRainZ changed the title GTlsClientConnection certificate verification will fail because its server-identity property is NULL Unable to use TLS connection with glib-networking 2.64.3 Jun 1, 2020
@ShadowRZ
Copy link

ShadowRZ commented Jun 1, 2020

  • Termux
  • Srain 1.1-git@0.1.a6b5596
  • Glib 2.64.3-1
  • glib-networking 2.62.4
  • GTK3 3.24.18-3
(srain.out:13511): GLib-GIO-DEBUG: 18:48:36.476: GSocketClient: Address enumeration succeeded
(srain.out:13511): GLib-GIO-DEBUG: 18:48:36.478: GSocketClient: Starting TCP connection attempt
(srain.out:13511): GLib-GIO-DEBUG: 18:48:36.728: GSocketClient: Timeout reached, trying another enumeration
(srain.out:13511): GLib-GIO-DEBUG: 18:48:36.729: GSocketClient: Starting new address enumeration
(srain.out:13511): GLib-GIO-DEBUG: 18:48:36.729: GSocketClient: Address enumeration succeeded
(srain.out:13511): GLib-GIO-DEBUG: 18:48:36.730: GSocketClient: Starting TCP connection attempt
(srain.out:13511): GLib-GIO-DEBUG: 18:48:36.898: GSocketClient: TCP connection successful
(srain.out:13511): GLib-GIO-DEBUG: 18:48:36.898: GSocketClient: Starting application layer connection
(srain.out:13511): GLib-GIO-DEBUG: 18:48:36.899: GSocketClient: Connection successful!
(srain.out:13511): GLib-GIO-DEBUG: 18:48:36.920: _g_io_module_get_default: Found default implementation gnutls (GTlsBackendGnutls) for ‘gio-tls-backend’
[WARN on_accept_certificate] Certificate error: bad-identity
[ ERR on_connect_fail] Connect failed: Unacceptable TLS certificate
[INFO srn_server_state_transfrom] Server freenode: SRN_SERVER_STATE_CONNECTING + SRN_SERVER_ACTION_CONNECT_FAIL -> SRN_SERVER_STATE_RECONNECTING

@SilverRainZ
Copy link
Member Author

@ShadowRZ It is a side effect of an upstream bug fix, I will fix it soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants