Issue with showing certain images

[Zero3K]

[iProgramMC]

I have no idea.

[Zero3K]

"This error occurs when the SSL layer is unable to negotiate a secure connection. This can happen when, as you said, the certificate is expired." or "A security device is decrypting and encrypting the SSL packet, therefore causing the "SSL_connect error (5)" error."

Also check out https://stackoverflow.com/questions/23479376/openssl-ssl-accept-error-5.

[Zero3K]

Would more debug output in the error message help? Such as showing the certificate's info, if its being re-encrypted, if a certificate is missing.

[iProgramMC]

I don't even know where to begin, honestly.

[Zero3K]

Try adding system proxy support so I can use Fiddler Classic to see if it shows anything interesting.

[iProgramMC]

I have already gone over this. If Fiddler Classic sets up a server on port 443 (a proxy is made up of a server AND a client- the client connects to official Discord backend and the server is for this program to connect to) - just use https://127.0.0.1 for the API URL.

[Zero3K]

It's too difficult to get Fiddler Classic to forward requests to its port to Discord's CDN server. By the way, Fiddler Classic is available at https://www.telerik.com/fiddler/fiddler-classic.

[iProgramMC]

Then don't forward requests to Discord's CDN server. API and CDN are two different things, you need to forward the API.

[Zero3K]

It's not the API server that is having the issue. It's the CDN server that is having the issue displaying images.

[Zero3K]

And its also difficult to do the same for the API URL.

[Zero3K]

How about trying a different SSL library since you won't add the ability for it to use the HTTPS proxy set by Internet Options? And I also just got a new SSL error of 0x1 when trying to view a channel.

[Zero3K]

How do you know that there are people that tried changing the SSL Library that is being used?

[iProgramMC]

I was informed personally by them.

[Zero3K]

I was informed personally by them.

Did they have any luck?

[iProgramMC]

Yes, but they had to disable the unused QR code dialog feature to make it work. AFAIK, wolfSSL and BoringSSL should work.

[Zero3K]

I am interested in trying a build of Discord Messenger that uses either of them or mbedTLS.

[Zero3K]

I guess you won't try that.

[Zero3K]

Hopefully someone else can do that and make a PR.

[Zero3K]

Still nothing that you want to try?

[iProgramMC]

Nope. Please do not continue sending messages to this issue.

[iProgramMC]

@Zero3K I believe you may want to try the latest build. I've modified some settings in the HTTP client. I was able to mitigate "SSL connection failed" errors on Windows 2000 by reducing the thread count used by the HTTP client. Let me know if you still get these issues.

[Zero3K]

[Zero3K]

It's weird that it's now not happening all of the time. I wonder if it is possible to have it keep trying to get the image until it gets a 404 or similar error.

[iProgramMC]

It's good.

It might be possible but I'm kind of lazy to tackle that. I'll tackle it if it becomes an actual problem.

[Zero3K]

I am using a DrayTek Vigor2927 router with its WCF function being used.

[Zero3K]

I don't know how to make it reproduceable for you.

EDIT: It only happens when viewing images in the channel. Clicking on the image that doesn't load causes the image to show properly in the window that pops up.

[Zero3K]

I wonder why it only happens when viewing images, etc. in the channel.

[iProgramMC]

Make sure you are using V1.04 or the latest artifact - in the meantime I have fixed a similar "SSL connection failed" issues on Windows 2000.

[Zero3K]

I am using the latest artifact. The SSL connection failed (with an HTTP error code of -1 and SSL error code of 0x5) errors are still happening. Is there any difference in regards to connecting to the server between the code used for the message viewer/etc. when compared to the code used for the viewer of images when clicking on them?

[iProgramMC]

No. Now, I'm pretty sure it's your internet connection. Just to confirm though, could you download and run the latest artifact when it's done building?

Anyway, yes there is a difference, but it's just fetching the image with a particular size from the same url.

[Zero3K]

https://github.com/openssl/openssl/issues/18785

[iProgramMC]

0x80000000 is not a valid error code. Actually it's 0x80000000 | 0x00000000 which is actually what I was looking for. It looks like ERR_get_error() is returning zero after SSL_get_error() returns SSL_ERROR_SYSCALL.

Here's the code the generates this code:

template <typename U>
bool ssl_connect_or_accept_nonblocking(socket_t sock, SSL *ssl,
                                       U ssl_connect_or_accept,
                                       time_t timeout_sec,
                                       time_t timeout_usec) {
  int res = 0;
  while ((res = ssl_connect_or_accept(ssl)) != 1) {
    auto err = SSL_get_error(ssl, res);
    switch (err) {
    case SSL_ERROR_WANT_READ:
      if (select_read(sock, timeout_sec, timeout_usec) > 0) { continue; }
      break;
    case SSL_ERROR_WANT_WRITE:
      if (select_write(sock, timeout_sec, timeout_usec) > 0) { continue; }
      break;
    default: break;
    }
    // To debug an issue, setting a global:
    g_latestSSLError = err;
    if (err == SSL_ERROR_SYSCALL) {
      g_latestSSLError = 0x80000000 | ERR_get_error(); // hope that OpenSSL doesn't set that 31st bit
    }
    return false;
  }
  return true;
}

[iProgramMC]

Try with this next artifact. It's going to show a more detailed log. Press CTRL-C on every message box that shows up and paste it here. Yes, you can do that, here's what it looks like:

---------------------------

---------------------------
Yo, you're seeing the hacky handler for SSL_ERROR_SYSCALL. You're about to see the result of ERR_get_error().
---------------------------
OK   
---------------------------

^ in reference to:

[iProgramMC]

I screwed it up even worse, try this artifact instead.

[Zero3K]

[Zero3K]

Maybe https://stackoverflow.com/a/46603531 will help.

[iProgramMC]

Given that the error occurs in ssl_connect_or_accept_nonblocking, I don't think it manged to actually read anything. But, I've increased the recv buffer size, so try again.

[Zero3K]

It almost worked out. I see that more images are loading but not all.

[iProgramMC]

Same?

[Zero3K]

Yes.

[Zero3K]

https://stackoverflow.com/questions/64041863/how-to-use-ssl-read-and-ssl-accept-on-non-blocking https://stackoverflow.com/questions/28508374/ssl-connect-for-non-blocking-socket https://stackoverflow.com/questions/68387278/error-1-when-attempting-to-accept-a-non-blocking-openssl-socket-accepting-twic https://stackoverflow.com/questions/38937900/c-openssl-fails-to-perform-handshake-when-accepting-in-non-blocking-mode-what

[Zero3K]

What is the latest commit for?

[iProgramMC]

It disables the use of I/O completion ports for Asio. I/O Completion Port APIs are not implemented in Windows 9x, which I was trying to haggle to make work, but without luck.

[Zero3K]

Okay.

[Zero3K]

Are any of the links I recently posted helpful or not?

[iProgramMC]

I don't think so, sorry.

[Zero3K]

That's not good. Maybe you can just try implementing the retrying like I mentioned earlier.

EDIT: I read that the 0x5 error might be because my router is re-encrypting the encrypted content, using a cipher that it doesn't recognize, or is sending bad data.

[Zero3K]

Maybe adding a log file dump on a SSL error will help find the cause.

[iProgramMC]

a8a6d56 probably isn't going to do anything to solve this issue, but it does solve an architectural problem.

[Zero3K]

It fixed the issue.