Backend connection problem via TOR

[campilator]

Backend connection problem via TOR

Recently (around May 13) wasabi started to have problems with connection to backend.
TOR was configured to use bridges (via torrc file), everything was working fine before since last year.
Also TOR is working fine itself, as i see some peers connected and "tor is running" status.
Clearnet (TOR off) connection to backend is working fine.

Possible problem

Quick googling with text of error from logs
"The remote certificate is invalid because of errors in the certificate chain: RevocationStatusUnknown, OfflineRevocation"
shows that the problem is something related with certificate and/or certification center.
Maybe this is something related with backend certificate for a TOR hostname.
Can't say exactly, currently there is no clear options implemented in wasabi to view the backend certificate or error details, beside logs.
Probably there should be some option to view/verify the backend certificate to debug this case.

Operating System

Windows

Logs

This message is repeated every 30 seconds

2023-05-16 07:17:14.613 [54] ERROR	WasabiSynchronizer.Start (248)	System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: RevocationStatusUnknown, OfflineRevocation
   at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
   at WalletWasabi.Tor.Socks5.TorTcpConnectionFactory.UpgradeToSslAsync(TcpClient tcpClient, String host, CancellationToken cancellationToken)
   at WalletWasabi.Tor.Socks5.TorTcpConnectionFactory.ConnectAsync(String host, Int32 port, Boolean useSsl, INamedCircuit circuit, CancellationToken cancellationToken)
   at WalletWasabi.Tor.Socks5.TorTcpConnectionFactory.ConnectAsync(Uri requestUri, INamedCircuit circuit, CancellationToken cancellationToken)
   at WalletWasabi.Tor.Socks5.Pool.TorHttpPool.CreateNewConnectionAsync(Uri requestUri, INamedCircuit circuit, CancellationToken cancellationToken)
   at WalletWasabi.Tor.Socks5.Pool.TorHttpPool.ObtainFreeConnectionAsync(Uri requestUri, ICircuit circuit, CancellationToken token)
   at WalletWasabi.Tor.Socks5.Pool.TorHttpPool.SendAsync(HttpRequestMessage request, ICircuit circuit, CancellationToken cancellationToken)
   at WalletWasabi.Tor.Http.TorHttpClient.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at WalletWasabi.Tor.Http.TorHttpClient.SendAsync(HttpMethod method, String relativeUri, HttpContent content, CancellationToken cancellationToken)
   at WalletWasabi.WebClients.Wasabi.WasabiClient.GetSynchronizeAsync(uint256 bestKnownBlockHash, Int32 count, Nullable`1 estimateMode, CancellationToken cancel)
   at WalletWasabi.Services.WasabiSynchronizer.<>c__DisplayClass62_0.<<Start>b__0>d.MoveNext()

Wasabi Version

Current, 2.0.3.0

[yahiheb]

Take a look at this issue #9415 where a user faced the same problem and solved it by keeping the client running for a few hours until it managed to connect to the backend.

[campilator]

Thanks for the comment, i already tried to leave the client running all day long in hope it would fix somehow.
But unfortunately this did not helps.

[MaxHillebrand]

Maybe kill Tor in the task manager? Wasabi will automatically restart it.

[yahiheb]

@kiminuo Can you take a look at this issue?

[campilator]

What i have already done without any effect:

• wait until it connects by some miracle
• kill tor a few times in a task manager
• update tor to the latest version manually

What is working at moment is replacing backend URL in config.json from previous wasabi version:

"MainNetBackendUri": "http://wasabiukrxmkdgve5kynjztuovbg43uxcbcxn6y2okcrsg7gb6jdmbad.onion/"

[kiminuo]

"MainNetBackendUri": "http://wasabiukrxmkdgve5kynjztuovbg43uxcbcxn6y2okcrsg7gb6jdmbad.onion/"

This URI is working. Which one is the one that does not work please?

[kiminuo]

• update tor to the latest version manually

I'm confused. Wasabi Wallet comes with bundled Tor version. Have you upgraded the bundled version?

[kiminuo]

If one wants to go a step further, one may try to delete Tor's state data (I believe it's in C:\Users\<user>\AppData\Roaming\tor). I would try to remove it and let Tor get the new state data.

[campilator]

I also already tried to delete completely tor's data state (sorry, forget to say that in "what did not helps").
And to describe how i updated wasabi bundled tor - downloaded tor-expert-bundle-12.5a4-windows-x86_64.tar.gz from torproject, and replaced tor.exe, tor-gencert.exe, pluggable_transports/obfs4proxy.exe binaries. Everything seems to be working fine as usual when using Wasabi version 2.0.2.0 backend *.onion URI.

URI in Wasabi version 2.0.3.0 config.json that is currently having problems via TOR:

"MainNetBackendUri": "https://api.wasabiwallet.io/"

[kiminuo]

So what would happen if you open, eg, https://api.wasabiwallet.io/api/v4/btc/batch/synchronize?bestKnownBlockHash=00000000000003c74da8f009d0a7e11754dc774611bddcc0524fa7a9c3e8d13d&maxNumberOfFilters=10000&estimateSmartFeeMode=Conservative in your Tor Browser (if you have it installed). It might tell you more details about why you can't connect to that URI. I would try:

1. Open Tor Browser
2. F12 to open the developer web tools
3. Open URI: https://api.wasabiwallet.io/api/v4/btc/batch/synchronize?bestKnownBlockHash=00000000000003c74da8f009d0a7e11754dc774611bddcc0524fa7a9c3e8d13d&maxNumberOfFilters=10000&estimateSmartFeeMode=Conservative

-> see what is going on with the request in the dev tools window.

[campilator]

I tried to use TOR browser (configured with the same bridge as used for wasabi) to open that link, seems that there is no errors.
No certificate errors or whatever. Just normal data output. Strange.

{"filtersResponseState":0,"filters":[],"bestHeight":789997,"ccjRoundStates":[{"signerPubKeys":["02bc2f092ce41ecb67b3ae9e2eef97b42fd25cc9460ab2144e16b3e2433c4fa095","03ef6c15b2ca2f5823732d1c06260bc6ffd63b3c22e602dfac367d673d8c2afa2e","0209ad4b7db60b2900b7b408f786f96505779509dfa7927f534d199c04452f0af8","03189b7a404a944f79b712b232fc90fd75936bcca24b7255975a03252d8a2569ba","035ca2d7bfc6a1117f909868cf565646f22e77c4a3dda232a4133200913b4549e6","03789084d1f53d9c4c9ea0823a4b0cb9a9d5b312d563a0cb7cfa9a2aae02c5b2ce","02946501d9e0c1fc1b98b6f76021ddab3b4b7bac4fc5d54909ad73ec387a9f501d","02dfea03164b07b85190a74208e58e95b53a3b87c64b094db173999380909b34ef","03a31d1d11ee507dd35712596bd36bf646c01dcbc52bbc6b078cd339b887d4256b","02d57f2fb068ea9f795b31a197c320034f984f3603e174da0e6d61b890b06b1774","02015a3a71ae1ffffa5e691ccd8f96f5199987cace391ab91679b122b31f40bcda"],"rPubKeys":[{"n":25349401,"r":"02416bbbf406adc18636c943afe0fa2dc2abf11276c06608e2a4cdb85c4204c0c7"},{"n":25349402,"r":"02740b78ac74912b210e76eea7c6de83f5ae4a3f954a2041b47aa3f5d3743f449b"},{"n":25349403,"r":"021bc0a36294e76bd05173d25797c2fcdd96009e813489afb62d63e72c0e2b0f6a"},{"n":25349404,"r":"03c4338670628ab45aeb893542c7f3fbb70d88a77e0422227402d1abd8661c0ee4"},{"n":25349405,"r":"02c5c17f69e472676288c3bd46721854f833d142f395c49130c980fa26f5f78646"},{"n":25349406,"r":"0268373f73f2a925463c2ba5a0869bf8f2d79ae67cd7f24575322b4a62e7909067"},{"n":25349407,"r":"03e9849a2512e868d7189a8d4fd9cdaa814fa454ccf28a736711fb5f002c35dc11"},{"n":25349408,"r":"033c6722fb13d99517ae2576c20d9d94e32984d8b26c2461482cb3ce99f9d63e51"},{"n":25349409,"r":"039459f052673bcb8e0c55c1f45606f5afd8f3bc34d4ed4d2990a724d2c8af8a24"},{"n":25349410,"r":"035ea454f222208a71cfb4ba42b01ae4170351848ff41bab3d82409a6d7f27782d"},{"n":25349411,"r":"025f96daf164db521fd9e6b33ae8dada152497e5194225f62245a2f903864d0387"}],"mixLevelCount":11,"phase":"InputRegistration","denomination":"0.10470447","inputRegistrationTimesout":"05/16/2023 16:22:06 +00:00","registeredPeerCount":8,"requiredPeerCount":100,"maximumInputCountPerPeer":7,"registrationTimeout":60,"feePerInputs":1409,"feePerOutputs":694,"coordinatorFeePercent":0.003,"roundId":56338,"successfulRoundCount":33899}],"allFeeEstimate":{"type":1,"isAccurate":true,"estimations":{"2":111,"3":107,"18":45,"36":22,"432":7,"1008":2}},"exchangeRates":[{"ticker":"USD","rate":27050.06}],"unconfirmedCoinJoins":[]}

[kiminuo]

So it might be the case that .NET itself cannot resolve that URI. I'm not sure if there is a cache for .NET that can be deleted. Just an idea. I'm not really sure what is happening here.

[campilator]

Checked today with "MainNetBackendUri": "https://api.wasabiwallet.io/" and seems like the issue has gone!
The backend connection is working via TOR with default config now.
But tt would be good to have some way to debug this in future.