flokli
commented
1 month ago I can reproduce. The "Signing" animation is shown for a while, and then an error too:
The error message mentions dd-at-ria.ee not being reachable:
This hostname does not even have a DNS record.
I spotted https://github.com/open-eid/libdigidocpp/commit/2b5db855ba3ceb9bae1f11589ea1aea22bb7595a#diff-1e7de1ae2d059d21e1dd75d5812d5a34b0222cef273b7c3a2af62eb747f9d20aR25 changing the "Default TSA URL". Maybe they updated the URL in some places, but forgot updating elsewhere?
I found this URL in my qdigidoc settings too:
Changing it to the new URL unfortunately also didn't help, as it doesn't like the Digicert certificate.
Maybe unrelated, maybe not - I also see a 2024-08-13T23:10:20Z E [TSL.cpp:302] - TSL eu-lotl.xml signature is invalid in my logs.
This looks like an issue in the application itself / some config shipped somewhere, but nothing NixOS-specific. I propose opening an issue upstream in qdigidoc, maybe linking to here for context.
Hello,
please find below a bug report about the Nix package qdidgidoc:
Description
I can not sign any more since the 24.5 update.
Error message
Failed to sign container. Please check the access to signing services and network settings.
ASiC_E.cpp:371 Failed to sign container. Connect.cpp:95 Failed to connect to host: 'dd-at.ria.ee:80' DECODER routines:0 error:1E08010C:DECODER routines::unsupported BIO routines:0 error:10080002:BIO routines::system lib
Additional tests
I also checked if I am able to authenticate with https://web-eid.eu/ . Both, authentication and singing works.
Diagnostic output
For completeness, here my diagnostics output:
Locale: English / en_US.UTF-8
Application version: 4.5.1.0 (64 bit) OS: NixOS 24.05 (Uakari) (x86_64/x86_64) CPU: AMD Ryzen 5 PRO 4650U with Radeon Graphics Kernel: Linux 6.6.44 #1-NixOS SMP PREEMPT_DYNAMIC Sat Aug 3 06:54:42 UTC 2024 x86_64
Libraries: QT (5.15.14) OpenSSL build (OpenSSL 3.0.14 4 Jun 2024) OpenSSL current (OpenSSL 3.0.14 4 Jun 2024)
Arguments: qdigidoc4 Library paths: /run/wrappers/lib/qt- 5.15.14/plugins;/home/getreu/.local/share/flatpak/exports/lib/qt- 5.15.14/plugins;/var/lib/flatpak/exports/lib/qt- 5.15.14/plugins;/home/getreu/.nix-profile/lib/qt- 5.15.14/plugins;/nix/profile/lib/qt- 5.15.14/plugins;/home/getreu/.local/state/nix/profile/lib/qt- 5.15.14/plugins;/etc/profiles/per-user/getreu/lib/qt- 5.15.14/plugins;/nix/var/nix/profiles/default/lib/qt- 5.15.14/plugins;/run/current-system/sw/lib/qt- 5.15.14/plugins;/nix/store/h8m7pcd6d20jsx7hn81rsgkq0h884893-qtwayland- 5.15.14-bin/lib/qt- 5.15.14/plugins;/nix/store/vc9wklk5w3cskkymp52g7js83my4d9ch-qttools- 5.15.14-bin/lib/qt- 5.15.14/plugins;/nix/store/plix80gx31963j2qpsws7rid1gfr6cyn- qtdeclarative-5.15.14-bin/lib/qt- 5.15.14/plugins;/nix/store/h32d5q8ngcy68nddbw5vja3r316s20p3-qtsvg- 5.15.14-bin/lib/qt- 5.15.14/plugins;/nix/store/fbddznz5ln765jbl2i2mfnf8h7rkkmd9-qtbase- 5.15.14-bin/lib/qt- 5.15.14/plugins;/nix/store/h4li58h9pni11wigz8xldad9kgzc0q3c-qdigidoc- 4.5.1/bin URLs: CONFIG_URL: https://id.eesti.ee/config.json SID-PROXY-URL: https://dd-sid.ria.ee/v1 SIDV2-PROXY-URL: https://dd-sid.ria.ee/v1 SID-SK-URL: https://dd-sid.ria.ee/v1 SIDV2-SK-URL: https://dd-sid.ria.ee/v1 MID-PROXY-URL: https://dd-mid.ria.ee/mid-api MID-SK-URL: https://dd-mid.ria.ee/mid-api RPUUID: is set by default TSL_URL: https://ec.europa.eu/tools/lotl/eu-lotl.xml TSA_URL: http://dd-at.ria.ee/tsa SIVA_URL: https://siva.eesti.ee/V3/validate CDOC2: CDOC2-DEFAULT: false CDOC2-USE-KEYSERVER: true CDOC2-DEFAULT-KEYSERVER: ria-test
TSL signing certs: Patrick Kremer (Signature) European Commission European Commission JEROEN ARNOLD L RATHE APOSTOLOS APLADAS CONSTANTIN-ADRIAN CROITORU
TSL cache: EE.xml (65) eu-lotl-pivot-335.xml (335) eu-lotl-pivot-341.xml (341) eu-lotl.xml (343) g0xdp6w34ric1mdh8g7r0v8h85idkcg1-eu-lotl-pivot-300.xml (300)
Central Configuration:
Add a :+1: reaction to issues you find important.