Closed Zero3K closed 4 months ago
I have no idea.
"This error occurs when the SSL layer is unable to negotiate a secure connection. This can happen when, as you said, the certificate is expired." or "A security device is decrypting and encrypting the SSL packet, therefore causing the "SSL_connect error (5)" error."
Also check out https://stackoverflow.com/questions/23479376/openssl-ssl-accept-error-5.
Would more debug output in the error message help? Such as showing the certificate's info, if its being re-encrypted, if a certificate is missing.
I don't even know where to begin, honestly.
Try adding system proxy support so I can use Fiddler Classic to see if it shows anything interesting.
I have already gone over this. If Fiddler Classic sets up a server on port 443 (a proxy is made up of a server AND a client- the client connects to official Discord backend and the server is for this program to connect to) - just use https://127.0.0.1 for the API URL.
It's too difficult to get Fiddler Classic to forward requests to its port to Discord's CDN server. By the way, Fiddler Classic is available at https://www.telerik.com/fiddler/fiddler-classic.
Then don't forward requests to Discord's CDN server. API and CDN are two different things, you need to forward the API.
It's not the API server that is having the issue. It's the CDN server that is having the issue displaying images.
And its also difficult to do the same for the API URL.
How about trying a different SSL library since you won't add the ability for it to use the HTTPS proxy set by Internet Options? And I also just got a new SSL error of 0x1 when trying to view a channel.
How do you know that there are people that tried changing the SSL Library that is being used?
I was informed personally by them.
I was informed personally by them.
Did they have any luck?
Yes, but they had to disable the unused QR code dialog feature to make it work. AFAIK, wolfSSL and BoringSSL should work.
I am interested in trying a build of Discord Messenger that uses either of them or mbedTLS.
I guess you won't try that.
Hopefully someone else can do that and make a PR.
Still nothing that you want to try?
Nope. Please do not continue sending messages to this issue.
@Zero3K I believe you may want to try the latest build. I've modified some settings in the HTTP client. I was able to mitigate "SSL connection failed" errors on Windows 2000 by reducing the thread count used by the HTTP client. Let me know if you still get these issues.
It's weird that it's now not happening all of the time. I wonder if it is possible to have it keep trying to get the image until it gets a 404 or similar error.
It's good.
It might be possible but I'm kind of lazy to tackle that. I'll tackle it if it becomes an actual problem.
I am using a DrayTek Vigor2927 router with its WCF function being used.
I don't know how to make it reproduceable for you.
EDIT: It only happens when viewing images in the channel. Clicking on the image that doesn't load causes the image to show properly in the window that pops up.
I wonder why it only happens when viewing images, etc. in the channel.
Make sure you are using V1.04 or the latest artifact - in the meantime I have fixed a similar "SSL connection failed" issues on Windows 2000.
I am using the latest artifact. The SSL connection failed (with an HTTP error code of -1 and SSL error code of 0x5) errors are still happening. Is there any difference in regards to connecting to the server between the code used for the message viewer/etc. when compared to the code used for the viewer of images when clicking on them?
No. Now, I'm pretty sure it's your internet connection. Just to confirm though, could you download and run the latest artifact when it's done building?
Anyway, yes there is a difference, but it's just fetching the image with a particular size from the same url.
0x80000000 is not a valid error code. Actually it's 0x80000000 | 0x00000000
which is actually what I was looking for. It looks like ERR_get_error()
is returning zero after SSL_get_error()
returns SSL_ERROR_SYSCALL
.
Here's the code the generates this code:
template <typename U>
bool ssl_connect_or_accept_nonblocking(socket_t sock, SSL *ssl,
U ssl_connect_or_accept,
time_t timeout_sec,
time_t timeout_usec) {
int res = 0;
while ((res = ssl_connect_or_accept(ssl)) != 1) {
auto err = SSL_get_error(ssl, res);
switch (err) {
case SSL_ERROR_WANT_READ:
if (select_read(sock, timeout_sec, timeout_usec) > 0) { continue; }
break;
case SSL_ERROR_WANT_WRITE:
if (select_write(sock, timeout_sec, timeout_usec) > 0) { continue; }
break;
default: break;
}
// To debug an issue, setting a global:
g_latestSSLError = err;
if (err == SSL_ERROR_SYSCALL) {
g_latestSSLError = 0x80000000 | ERR_get_error(); // hope that OpenSSL doesn't set that 31st bit
}
return false;
}
return true;
}
Try with this next artifact. It's going to show a more detailed log. Press CTRL-C on every message box that shows up and paste it here. Yes, you can do that, here's what it looks like:
---------------------------
---------------------------
Yo, you're seeing the hacky handler for SSL_ERROR_SYSCALL. You're about to see the result of ERR_get_error().
---------------------------
OK
---------------------------
^ in reference to:
I screwed it up even worse, try this artifact instead.
Maybe https://stackoverflow.com/a/46603531 will help.
Given that the error occurs in ssl_connect_or_accept_nonblocking
, I don't think it manged to actually read anything. But, I've increased the recv buffer size, so try again.
It almost worked out. I see that more images are loading but not all.
Same?
Yes.
https://stackoverflow.com/questions/64041863/how-to-use-ssl-read-and-ssl-accept-on-non-blocking https://stackoverflow.com/questions/28508374/ssl-connect-for-non-blocking-socket https://stackoverflow.com/questions/68387278/error-1-when-attempting-to-accept-a-non-blocking-openssl-socket-accepting-twic https://stackoverflow.com/questions/38937900/c-openssl-fails-to-perform-handshake-when-accepting-in-non-blocking-mode-what
What is the latest commit for?
It disables the use of I/O completion ports for Asio. I/O Completion Port APIs are not implemented in Windows 9x, which I was trying to haggle to make work, but without luck.
Okay.
Are any of the links I recently posted helpful or not?
I don't think so, sorry.
That's not good. Maybe you can just try implementing the retrying like I mentioned earlier.
EDIT: I read that the 0x5 error might be because my router is re-encrypting the encrypted content, using a cipher that it doesn't recognize, or is sending bad data.
Maybe adding a log file dump on a SSL error will help find the cause.
a8a6d56 probably isn't going to do anything to solve this issue, but it does solve an architectural problem.
It fixed the issue.