-
-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Certificate error with google.com and QtWebEngine #2319
Comments
This is when going to https://www.google.com/ I presume? What QtWebEngine version? I don't know a way to make it more verbose. |
This is on 5.6.2. The URL is exactly this one. It's very strange that only Google is affected -- I would've suspected DPI if the same URL wouldn't work with QtWebKit/curl (I also don't have any system-wide custom certificates installed). |
Can you try with a newer Qt, or with an older Chromium (Chromium 45) somehow? |
Tested with qutebrowser 0.9.1 and Qt 5.7.1. We still don't have 5.8 in tree... |
Oh, wait, that was stupid of me -- I have specified Qt 5.7.1 but still PyQt 5.6 :D. I'll report when 5.7 finishes compiling. I've searched a bit for any way to output more debug information but found none. Chromium also works okay. |
This may be hard to debug. Google servers different certificates depending on which server you hit and SNI information (or the absence thereof). |
An older PyQt shouldn't make any difference, as it's still the newer C++ code which will run underneath. QtWebEngine uses Chromium's network/certificate stack, independent of system certificates and OpenSSL. Can you please open a Qt issue about this (against the webengine component)? I don't think qutebrowser can do anything about this I'm afraid. |
@HolySmoke86 WebEngine uses BoringSSL which is AFAICS a from-scratch implementation. @The-Compiler Yep, will do after more investigation -- I also don't think qutebrowser is related. |
This issue: https://bugreports.qt.io/browse/QTBUG-52068
|
With the latest master, you can now start qutebrowser with |
@The-Compiler It was no luck with updated Qt earlier. I'll try this on master again with logging. |
That's the error I get with verbose mode (and Qt 5.7 -- we don't have 5.8 yet):
That's very strange -- I've looked in the mentioned file and it's just usual OpenSSL certificate verification. No idea what happens here... |
Still doesn't work with
The package is built from NixOS/nixpkgs#23724. |
I think this is something NixOS-specific and qutebrowser is not at
fault. If only I had an idea what happens...
…On 03/10/2017 11:29 PM, Nick Hu wrote:
Still doesn't work with
|qutebrowser v0.10.1 Git commit: Backend: QtWebKit CPython: 3.5.3 Qt:
5.7.1 PyQt: 5.8.1 sip: 4.19.1 colorama: no pypeg2: 2.15 jinja2: 2.9.5
pygments: 2.2.0 yaml: 3.12 cssutils: 1.0.1 $Id$ typing:
PyQt5.QtWebEngineWidgets: yes pdf.js: 1.7.225
(/nix/store/7j4hrnmbckzg60c4g35d4jcyjsmx70zv-pdfjs-1.7.225/build/pdf.js)
Webkit: 538.1 SSL: OpenSSL 1.0.2k 26 Jan 2017 Style: QFusionStyle
Platform: Linux-4.4.52-x86_64-with-glibc2.3.4, 64bit Frozen: False
Imported from
/nix/store/1c48xrigz07i0qr6r337sn4fyiwd35bp-qutebrowser-0.10.1/lib/python3.5/site-packages/qutebrowser
Qt library executable path:
/nix/store/vz7994rbd3s7hd8v8ykf1mxq1k1q3vwz-qtbase-5.7.1/libexec, data
path: /nix/store/vz7994rbd3s7hd8v8ykf1mxq1k1q3vwz-qtbase-5.7.1 OS
Version: --- /etc/os-release --- NAME=NixOS ID=nixos
VERSION="16.09.1821.0cb2838 (Flounder)"
VERSION_ID="16.09.1821.0cb2838" PRETTY_NAME="NixOS 16.09.1821.0cb2838
(Flounder)" Paths: data: /home/nick/.local/share/qutebrowser
system_data:
/nix/store/1c48xrigz07i0qr6r337sn4fyiwd35bp-qutebrowser-0.10.1/share/qutebrowser
download: /home/nick/Downloads runtime: /run/user/1000/qutebrowser
cache: /home/nick/.cache/qutebrowser config:
/home/nick/.config/qutebrowser |
The package is built from NixOS/nixpkgs#23724
<NixOS/nixpkgs#23724>.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#2319 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABHtGkOOYMVo3Pm8pFX1vZAmaymt_PrVks5rkbKpgaJpZM4MC7Vr>.
--
Nikolay.
|
NixOS uses libressl, right? libressl/portable#80 looks like it'd be related. |
Nope, we are still on OpenSSL (we have plans but nothing more). Also it's strange that only qutebrowser with QtWebEngine is affected (Chromium and QtWebKit run fine, and at least latter should use OpenSSL IIRC). |
For the record in case someone else gets this: this happens when QtWebEngine gets compiled with its internal BoringSSL as the SSL library. It uses system NSS when available, simply changing this fixes the problem |
@abbradar : I know that it is quite an old topic, but... can you argue a bit more? what do you mean when you say "simply changing this fixes the problem"?
|
With
--backend webengine
when visiting Google I get:and an error page with similar error. When using QtWebKit or going to other websites this problem doesn't surface (i.e. Github works).
I use NixOS and I'm almost sure this is problem with packaging, but I need an advice with debugging. Is there a way to make QtWebEngine more verbose?
qutebrowser 0.9.0
The text was updated successfully, but these errors were encountered: