Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED

[Buri]

• I have searched open and closed issues for duplicates.

---

Environment info

• Duplicati version: 2.0.5.1_beta_2020-01-18
• Operating system: OpenSUSE Tumbleweed 20200115
• Backend: OneDrive V2

Description

System.Net.Http.HttpRequestException: An error occurred while sending the request ---> System.Net.WebException: Error: TrustFailure (Authentication failed, see inner exception.) ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
  at /home/abuild/rpmbuild/BUILD/mono-5.20.1.19/external/boringssl/ssl/handshake_client.c:1132
  at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00038] in <31b8d277c2454dc993be2da433cb381b>:0 
  at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status, System.Boolean renegotiate) [0x000a1] in <31b8d277c2454dc993be2da433cb381b>:0 
  at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus,bool)
  at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in <31b8d277c2454dc993be2da433cb381b>:0 
  at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (System.Threading.CancellationToken cancellationToken) [0x000ff] in <31b8d277c2454dc993be2da433cb381b>:0 
  at Mono.Net.Security.AsyncProtocolRequest.StartOperation (System.Threading.CancellationToken cancellationToken) [0x0008b] in <31b8d277c2454dc993be2da433cb381b>:0 
   --- End of inner exception stack trace ---
  at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Boolean runSynchronously, Mono.Net.Security.MonoSslAuthenticationOptions options, System.Threading.CancellationToken cancellationToken) [0x00252] in <31b8d277c2454dc993be2da433cb381b>:0 
  at Mono.Net.Security.MonoTlsStream.CreateStream (System.Net.WebConnectionTunnel tunnel, System.Threading.CancellationToken cancellationToken) [0x00126] in <31b8d277c2454dc993be2da433cb381b>:0 
  at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x001ba] in <31b8d277c2454dc993be2da433cb381b>:0 
   --- End of inner exception stack trace ---
  at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x0021a] in <31b8d277c2454dc993be2da433cb381b>:0 
  at System.Net.WebConnection.InitConnection (System.Net.WebOperation operation, System.Threading.CancellationToken cancellationToken) [0x00141] in <31b8d277c2454dc993be2da433cb381b>:0 
  at System.Net.WebOperation.Run () [0x0009a] in <31b8d277c2454dc993be2da433cb381b>:0 
  at System.Net.WebCompletionSource`1[T].WaitForCompletion () [0x00094] in <31b8d277c2454dc993be2da433cb381b>:0 
  at System.Net.HttpWebRequest.RunWithTimeoutWorker[T] (System.Threading.Tasks.Task`1[TResult] workerTask, System.Int32 timeout, System.Action abort, System.Func`1[TResult] aborted, System.Threading.CancellationTokenSource cts) [0x000f8] in <31b8d277c2454dc993be2da433cb381b>:0 
  at System.Net.HttpWebRequest.EndGetResponse (System.IAsyncResult asyncResult) [0x00020] in <31b8d277c2454dc993be2da433cb381b>:0 
  at System.Threading.Tasks.TaskFactory`1[TResult].FromAsyncCoreLogic (System.IAsyncResult iar, System.Func`2[T,TResult] endFunction, System.Action`1[T] endAction, System.Threading.Tasks.Task`1[TResult] promise, System.Boolean requiresSynchronization) [0x0000f] in <38fbd3d4e2894475b64d58b53bf42d47>:0 
--- End of stack trace from previous location where exception was thrown ---

  at System.Net.Http.HttpClientHandler.SendAsync (System.Net.Http.HttpRequestMessage request, System.Threading.CancellationToken cancellationToken) [0x0041d] in <572320c70de4456d9cab263902c82b02>:0 
   --- End of inner exception stack trace ---
  at System.Net.Http.HttpClientHandler.SendAsync (System.Net.Http.HttpRequestMessage request, System.Threading.CancellationToken cancellationToken) [0x00478] in <572320c70de4456d9cab263902c82b02>:0 
  at System.Net.Http.HttpClient.SendAsyncWorker (System.Net.Http.HttpRequestMessage request, System.Net.Http.HttpCompletionOption completionOption, System.Threading.CancellationToken cancellationToken) [0x000ca] in <572320c70de4456d9cab263902c82b02>:0 
  at Duplicati.Library.Utility.Utility.Await[T] (System.Threading.Tasks.Task`1[TResult] task) [0x00007] in <b0ec73cdc8b845289fe2e9bdf696ccd0>:0 
  at Duplicati.Library.Backend.MicrosoftGraphBackend.SendRequest[T] (System.Net.Http.HttpRequestMessage request) [0x0000c] in <bb7d2bee5c1d4df7bb7eb32377b4c40c>:0 
  at Duplicati.Library.Backend.MicrosoftGraphBackend.SendRequest[T] (System.Net.Http.HttpMethod method, System.String url) [0x00008] in <bb7d2bee5c1d4df7bb7eb32377b4c40c>:0 
  at Duplicati.Library.Backend.MicrosoftGraphBackend.Get[T] (System.String url) [0x00006] in <bb7d2bee5c1d4df7bb7eb32377b4c40c>:0 
  at Duplicati.Library.Backend.MicrosoftGraphBackend.Test () [0x00017] in <bb7d2bee5c1d4df7bb7eb32377b4c40c>:0 
  at Duplicati.Server.WebServer.RESTMethods.RemoteOperation.TestConnection (System.String url, Duplicati.Server.WebServer.RESTMethods.RequestInfo info) [0x000b7] in <c5f097a49c0a4f1fb0f93cf3f5f218b1>:0 
  at Duplicati.Server.WebServer.RESTMethods.RemoteOperation.POST (System.String key, Duplicati.Server.WebServer.RESTMethods.RequestInfo info) [0x00094] in <c5f097a49c0a4f1fb0f93cf3f5f218b1>:0 
  at Duplicati.Server.WebServer.RESTHandler.DoProcess (Duplicati.Server.WebServer.RESTMethods.RequestInfo info, System.String method, System.String module, System.String key) [0x00289] in <c5f097a49c0a4f1fb0f93cf3f5f218b1>:0 

Steps to reproduce

1. Create new backup with OneDrive as a target
2. Test connection or any other action

[ts678]

Did this ever work? If not, FAQ: Security has some debug steps from Mono Project. It looks like the mono certificate store (it doesn't use the system store directly...) isn't set up, so verify of remote certificate fails.

[Buri]

It did work flawlessly for about half a year.

However, it is working as of now again, so it might have been expired certificate on MS side. Closing for now.

[carbolymer]

I'm experiencing the same issue with backblaze.

One or more errors occurred. (Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED at /build/mono/src/mono/external/boringssl/ssl/handshake_client.c:1132 (Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED at /build/mono/src/mono/external/boringssl/ssl/handshake_client.c:1132) (One or more errors occurred. (Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED at /build/mono/src/mono/external/boringssl/ssl/handshake_client.c:1132)))

However this works without any error:

csharp -e 'new System.Net.WebClient ().DownloadString ("https://api.backblazeb2.com")'

I've tried cert-sync /etc/ssl/certs/ca-certificates.crt - but no difference.

Any hints what might be wrong?

EDIT:
It seems to be duplicati-monitoring.com fault:

% csharp -e 'new System.Net.WebClient ().DownloadString ("https://duplicati-monitoring.com")'
System.Net.WebException: Error: TrustFailure (Authentication failed, see inner exception.) ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
  at /build/mono/src/mono/external/boringssl/ssl/handshake_client.c:1132
  at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00048] in <6804f42afa7e4ede9b2d3908165ddc6b>:0 
  at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status, System.Boolean renegotiate) [0x000da] in <6804f42afa7e4ede9b2d3908165ddc6b>:0 
  at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus,bool)
  at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in <6804f42afa7e4ede9b2d3908165ddc6b>:0 
  at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (System.Threading.CancellationToken cancellationToken) [0x000fc] in <6804f42afa7e4ede9b2d3908165ddc6b>:0 
   --- End of inner exception stack trace ---
  at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Boolean runSynchronously, Mono.Net.Security.MonoSslAuthenticationOptions options, System.Threading.CancellationToken cancellationToken) [0x00262] in <6804f42afa7e4ede9b2d3908165ddc6b>:0 
  at Mono.Net.Security.MonoTlsStream.CreateStream (System.Net.WebConnectionTunnel tunnel, System.Threading.CancellationToken cancellationToken) [0x0016a] in <6804f42afa7e4ede9b2d3908165ddc6b>:0 
  at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x001ba] in <6804f42afa7e4ede9b2d3908165ddc6b>:0 
   --- End of inner exception stack trace ---
  at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x0021a] in <6804f42afa7e4ede9b2d3908165ddc6b>:0 
  at System.Net.WebConnection.InitConnection (System.Net.WebOperation operation, System.Threading.CancellationToken cancellationToken) [0x00141] in <6804f42afa7e4ede9b2d3908165ddc6b>:0 
  at System.Net.WebOperation.Run () [0x0009a] in <6804f42afa7e4ede9b2d3908165ddc6b>:0 
  at System.Net.WebCompletionSource`1[T].WaitForCompletion () [0x00094] in <6804f42afa7e4ede9b2d3908165ddc6b>:0 
  at System.Net.HttpWebRequest.RunWithTimeoutWorker[T] (System.Threading.Tasks.Task`1[TResult] workerTask, System.Int32 timeout, System.Action abort, System.Func`1[TResult] aborted, System.Threading.CancellationTokenSource cts) [0x000f8] in <6804f42afa7e4ede9b2d3908165ddc6b>:0 
  at System.Net.HttpWebRequest.GetResponse () [0x00016] in <6804f42afa7e4ede9b2d3908165ddc6b>:0 
  at System.Net.WebClient.GetWebResponse (System.Net.WebRequest request) [0x00000] in <6804f42afa7e4ede9b2d3908165ddc6b>:0 
  at System.Net.WebClient.DownloadBits (System.Net.WebRequest request, System.IO.Stream writeStream) [0x000e6] in <6804f42afa7e4ede9b2d3908165ddc6b>:0 
  at System.Net.WebClient.DownloadDataInternal (System.Uri address, System.Net.WebRequest& request) [0x00061] in <6804f42afa7e4ede9b2d3908165ddc6b>:0 
  at System.Net.WebClient.DownloadString (System.Uri address) [0x00011] in <6804f42afa7e4ede9b2d3908165ddc6b>:0 
  at System.Net.WebClient.DownloadString (System.String address) [0x00008] in <6804f42afa7e4ede9b2d3908165ddc6b>:0 
  at <InteractiveExpressionClass>.Host (System.Object& $retval) [0x00006] in <f960522891e748acaecde7f75be5a000>:0 
  at Mono.CSharp.Evaluator.Evaluate (System.String input, System.Object& result, System.Boolean& result_set) [0x00038] in <1624f8f4b5124a3eb78b64afe9a0aace>:0 
  at Mono.CSharpShell.Evaluate (System.String input) [0x00000] in <f02cdd3a74474a01ba4f3cc438222cdd>:0 

[r-darwish]

https://github.com/KSP-CKAN/CKAN/wiki/SSL-certificate-errors#removing-expired-lets-encrypt-certificates

These instructions seems to have resolved the issue for me. This is probably not an issue with Duplicati but I'm posting it here in case anyone else experience the same thing.

[duplicatibot]

This issue has been mentioned on Duplicati. There might be relevant details there:

https://forum.duplicati.com/t/http-send-report-errors-duplicati-monitoring/13157/50