search

Stieneee / mumble-discord-bridge

A simple voice bridge between Mumble and Discord.
MIT License
148 stars 16 forks source link

x509: certificate is not valid for any names #27

Open Brottweiler opened 2 years ago

Brottweiler commented 2 years ago

This is most likely a PEBKAC since I am probably not understanding the instructions correctly, so here's my issue.

I've gotten the CID, GID and bot token and I can start the bridge fine with mumble-insecure set to true. But when I run it with it set to false, it won't connect;

2021/11/24 21:30:59 To Discord Jitter Buffer:  50  ms
2021/11/24 21:30:59 To Mumble Jitter Buffer:  50  ms
2021/11/24 21:30:59 Discord Bot Connected
2021/11/24 21:30:59 Discord bot looking for command !mumble-discord
2021/11/24 21:30:59 CREATE event registered
2021/11/24 21:30:59 bridge starting in constant mode
2021/11/24 21:30:59 Attempting to join Discord voice channel
2021/11/24 21:31:00 Discord Voice Connected
2021/11/24 21:31:00 Attempting to join Mumble
2021/11/24 21:31:00 x509: certificate is not valid for any names, but wanted to match ???
2021/11/24 21:31:01 Bridge died

I did try generate a certificate (which is optional it says) but it doesn't work still. I replaced the mumble address with question marks.

stryan commented 2 years ago

That sounds like an issue with your Mumble host certificate; can you verify that the certificate on your mumble host has the host as its CommonName or SAN? I.e. if the ??? was "mumble.example.com" then the certificate would have "mumble.example.com" as either the CommonName or a SubjectAlternativeName.

Brottweiler commented 2 years ago

@stryan I am not really sure what CommonName or SAN is, but when I view the info of the server and the "Certificate Chain Details", it does say 

Issued by:
Common Name: Murmur Autogenerated Certificate v2

You are correct that the address is mumble.example.com.

stryan commented 2 years ago

Ah, you're using the Mumble generated certificate. The auto-generated certificate doesn't actually know what you're calling your server so it doesn't have the right names on it.

I don't think Murmur has a way of automatically generating an actual trusted certificate for your server, though I'm not at home to verify this. So if you're not providing one manually through the

sslCert=cert.pem
sslKey=key.pem

options in Murmur.ini, you'll probably need to use the -mumble-insecure option to connect.

If you want to use the server outside of small-scale or testing purposes, you can grab a free certificate from Let's Encrypt. That will work without the -mumble-insecure option

as a side-note; I do suspect this problem will keep coming up for others. I might take a look at adding some kind of TOFU-style system to the bridge for auto-generated and self-signed certificates. I know Gumble uses something similar for self-signed certs.

Brottweiler commented 2 years ago

I am using this on a very small scale basis (or testing) so that's not a problem really. Thanks for your support, and yeah I think this issue might come up to more people.