-
Notifications
You must be signed in to change notification settings - Fork 910
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication failure: Out of memory [$25 awarded] #915
Comments
To add, I get the reported error regardless of whether the server is running 1.9.0 or 1.10.0. Server log: Sun Dec 8 07:50:20 2019 Sun Dec 8 07:50:50 2019 ----Certificate accepted on client side at this point.---- Sun Dec 8 07:50:55 2019 |
Well, are you out of memory? |
@samhed, nope. I haven't had a chance to look through the source - is the MacOS TigerVNC client ultimately a Java application? It's awkward that an OOM error exception is propagating up the system as an authentication failure. |
It is not a java application.
On Sun, Dec 8, 2019 at 1:41 PM radonish ***@***.***> wrote:
Nope. I haven't had a chance to look through the source - is the MacOS
TigerVNC client ultimately a Java application?
It's awkward that an OOM error exception is propagating up the system as
an authentication failure.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#915?email_source=notifications&email_token=AB45M3N73GQ4NBSTA42WWVLQXU5UVA5CNFSM4JW2PSMKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEGHGDAQ#issuecomment-562979202>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB45M3ODLCWN3TTAW6H7PFTQXU5UVANCNFSM4JW2PSMA>
.
--
Sent from Gmail Mobile
|
More information; I was able to try with macOS Sierra tonight: Any help is appreciated. |
macOS 10.15.2 results in the same failure. I do get a warning about the certificate being signed by an unknown authority prior to the failure (I say yes to the "Do you want to save it and continue?" question). Does that shed any light? (Also updated the original post according to the bug report template.) |
What certificate? That sounds more like the remote server’s cert. Are you
using x509 secType? The dmg is signed with an apple developer certificate.
On Wed, Dec 11, 2019 at 11:08 PM radonish ***@***.***> wrote:
macOS 10.15.2 results in the same failure.
I do get a warning about the certificate being signed by an unknown
authority prior to the failure (I say yes to the "Do you want to save it
and continue?" question). Does that shed any light?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#915?email_source=notifications&email_token=AB45M3I7SAO3RA6TIZPTGBTQYG2LPA5CNFSM4JW2PSMKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEGVMVGA#issuecomment-564841112>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB45M3J3G7L7EFKCAQK6IV3QYG2LPANCNFSM4JW2PSMA>
.
--
Sent from Gmail Mobile
|
@bphinz, yes, it is the remote server's cert. I am using x509 secType. Thanks |
Hi, @radonish Asked me to post my answer which I posted on other thread because it will help here as well. Below are the steps that were posted by @gsmurray Further Testing Reveals that the following Method will allow the Application to open:
|
Thank you for posting your details, @tarun-dholariya. To be clear, you had success with 1.10.80? His steps on #881 from October referenced 1.9.80. Also, what TigerVNC server version are you connecting to from your Mac? Thanks |
Oh right. To clarify Do not download 1.9.80. (which is not available on the link anyway) Thanks @radonish for pointing that out. about VNC server version, let me find out. |
@radonish Thanks. |
Thank you, @tarun-dholariya! I will post a follow up tonight. |
Hmm. There’s no reason that 1.10.0 should be showing that problem if it
was fixed back in 1.9.80. Please let me know if you are still seeing it.
-brian
On Fri, Dec 13, 2019 at 2:59 PM radonish ***@***.***> wrote:
Thank you, @tarun-dholariya <https://github.com/tarun-dholariya>! I will
post a follow up tonight.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#915?email_source=notifications&email_token=AB45M3K3LYKTH3RNCUQ5SW3QYPSPXA5CNFSM4JW2PSMKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEG3C2NA#issuecomment-565587252>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB45M3MTKB3L6A4S6CPIWEDQYPSPXANCNFSM4JW2PSMA>
.
--
Sent from Gmail Mobile
|
@tarun-dholariya @bphinz, unfortunately I still get an error with 1.10.80. To be clear, I do not have to do steps 3 and 4 as you did, @tarun-dholariya - I simply hit "open anyway" and retry to successfully launch TigerVNC Viewer. I still end up with the cryptic "Authentication failure: Out of memory" failure, however. Client log: Fri Dec 13 18:26:17 2019 Fri Dec 13 18:26:18 2019 Fri Dec 13 18:26:19 2019 |
@bphinz, do you have a 1.9.80 nightly build macOS version you could send my way? It would be another interesting data point. My latest test is on a brand new iMac with macOS Catalina on it - I'm at a loss as to what is special about my configuration. Thanks |
No, unfortunately not. I checked the S3 bucket and all of the 1.9.80
builds are gone.
…On Sat, Dec 14, 2019 at 10:25 PM radonish ***@***.***> wrote:
@bphinz <https://github.com/bphinz>, do you have a 1.9.80 nightly build
macOS version you could send my way? It would be another interesting data
point. My latest test is on a brand new iMac with macOS Catalina on it -
I'm at a loss as to what is special about my configuration.
Thanks
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#915?email_source=notifications&email_token=AB45M3IKJQRC4X62SJN4RDLQYWPTDA5CNFSM4JW2PSMKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEG4QL5A#issuecomment-565773812>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB45M3LSSN3BQVZXR6TDE7TQYWPTDANCNFSM4JW2PSMA>
.
|
Another data point: I installed TigerVNC 1.10.0 via Homebrew and see the same problem. Given that I'm running into this problem with a very vanilla, non-customized macOS system, I'm left thinking that this cryptic "Authentication failure: Out of memory" failure is due to a server-side configuration that is exposing a client-side bug. If folks could post more detail about how they've configured/started the TigerVNC server I would appreciate it. |
I'm skeptical that it will fix this problem, but could you please try the latest nightly build? I updated the underlying gnutls library and fixed a minor linker issue in the macOS build. |
@bphinz, I appreciate the thought - I gave it a try but unfortunately it does fail in the same way. I'm working on getting a development environment set up on the Mac so I can debug. Thank you |
I'm not familiar with the TigerVNC code or the gnutls library, but the issue to me appears to be with the interface to gnutls_x509_crt_export() within common/rfb/CSecurityTLS.cxx. Based on the TigerVNC code, my best guess is that the developer was first calling gnutls_x509_crt_export() with a NULL output buffer in an attempt to get the minimum buffer size required to store the certificate, knowing GNUTLS_E_SHORT_MEMORY_BUFFER would be returned. The second call, I assume, would then actually store the certificate in the non-NULL buffer. Please see the proof-of-concept patch attached; the other noise in the patch are changes I made to get it to build on macOS using the compiler noted below. This fixed the issue for me. $ /Library/Developer/CommandLineTools/usr/bin/c++ --version Thanks |
I've created 2 pull requests:
Thanks |
Dear all, had the same issue and was not understanding most o the above. But solved the problem as follows:
So somehow 1.10.0 (and 1.10.1) fail in the generation of the "x509_savedcerts.pem" file .. once its there - no problem. Also, when providing the path to the cert in the vncviewer security options: no problem as well! Maybe that helps is debugging it? |
I think that is just because you already have the exception save in that case so you're avoiding the broken code. Not sure how this ever worked, but it should be fixed as of dbad687. Thanks for helping out. |
@radonish, feel free to claim the bounty if you want as you did the leg work on this issue. |
When I attempt to connect to the TigerVNC server using TigerVNC viewer 1.10.0 I get an error "Authentication failure: Out of memory".
I was previously using TigerVNC 1.9.0 viewer successfully and upgraded to 1.10.0 to get past the macOS security warning associated with 1.9.0.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A successful connection is established, as it was with TigerVNC Viewer 1.9.0.
Client (please complete the following information):
Server (please complete the following information):
Thank you
The $25 bounty on this issue has been claimed at Bountysource.
The text was updated successfully, but these errors were encountered: