search

Treferwynd / transmission-remote-gtk

Automatically exported from code.google.com/p/transmission-remote-gtk
GNU General Public License v2.0
0 stars 0 forks source link

SSL Connection Problems #267

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Attempt to connect to a ssl reverse proxied transmission daemon

Result

Error: SSL peer certificate or SSH remote key was not okay

What version of the product are you using? On what operating system?
Transmission-remote-gtk 1.1.1
Arch Linux

Please provide any additional information below.
Key type is rsa.

I am inclined to believe that this is an issue with transmission-remote-gtk 
because I have no problem connecting using transmission-remote-cli and 
transmission remote for android.

This is the output of curl -v --insecure:

* Connected to brett.compy.ca (192.168.1.100) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*    subject: C=US; ST=Florida; L=Gainesville; O=None; CN=Brett; 
emailAddress=brenels@gmail.com
*    start date: 2014-09-04 05:25:58 GMT
*    expire date: 2015-09-04 05:25:58 GMT
*    issuer: C=US; ST=Florida; L=Gainesville; O=None; CN=Brett; 
emailAddress=brenels@gmail.com
*    SSL certificate verify result: self signed certificate (18), continuing 
anyway.
> GET /transmission/rpc HTTP/1.1
> User-Agent: curl/7.37.1
> Host: brett.compy.ca
> Accept: */*
> 
< HTTP/1.1 401 Unauthorized
< Date: Fri, 05 Sep 2014 23:14:59 GMT
* Server Transmission is not blacklisted
< Server: Transmission
< WWW-Authenticate: Basic realm="Transmission"
< Content-Length: 43
< Content-Type: text/html; charset=ISO-8859-1
< 
* Connection #0 to host brett.compy.ca left intact
<h1>401: Unauthorized</h1>Unauthorized User%

Original issue reported on code.google.com by BreN...@gmail.com on 5 Sep 2014 at 11:16

GoogleCodeExporter commented 9 years ago 
Hi,

SSL works OK for me (and has for a while), but there are a few recent reports 
of SSL validation failing, so I'm sure something is wrong. Perhaps it depends 
on the openssl or libcurl version.

Please could you let me know what openssl, libcurl, transmission-remote-gtk and 
distribution you are using?

I'll try to reproduce this and fix it soon.

Original comment by a...@eth0.org.uk on 15 Sep 2014 at 8:43

GoogleCodeExporter commented 9 years ago 
Noticed you've already mentioned: arch, trg 1.1.1, curl 7.37.1

thanks

Original comment by a...@eth0.org.uk on 15 Sep 2014 at 8:48

GoogleCodeExporter commented 9 years ago 
Had the same error message on Ubuntu vivid. The certificate is valid for the 
host. When connecting with `gnutls-cli` I noticed

> *** Non fatal error: A TLS warning alert has been received.
> *** Received alert [112]: The server name sent was not recognized

After that it validates the certificate and connects. As this was the default 
vhost on my apache server, I had not specified a `ServerName` in the config. 
Adding the appropriate `ServerName` to the configuration fixed it.

Original comment by eckho...@gmail.com on 27 Apr 2015 at 8:53

GoogleCodeExporter commented 9 years ago 
What is the appropriate servername and which configuration file?

Original comment by murdr...@gmail.com on 17 Jun 2015 at 2:16