Connect to aria2 server failed with self-signed certificate via HTTPS/WSS

[sci-42ver]

Describe the bug A clear and concise description of what the bug is.

• I think it can't import self-signed certificate created by (modified mainly based on this tutorial )

  openssl rand -base64 32
  # remove the last '=' from the generated token 
  
  MSYS_NO_PATHCONV=1 openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -sha256 -keyout  $ARIA2C/aria2.pem -out  $ARIA2C/aria2.pem -subj "/C=example/ST=example/L=example/O=example/OU=example/CN=example/emailAddress=example@gmail.com"
  
  openssl pkcs12 -export -out $ARIA2C/aria2.pfx -in $ARIA2C/aria2.pem -name "Aria2 Certificate" -password pass:

• aria log with errors

 [INFO] [HttpServerCommand.cc:272] CUID#33 - Error occurred while reading HTTP request

Exception: [SocketCore.cc:1018] errorCode=1 SSL/TLS handshake failure: Error: An unknown error occurred while processing the certificate.

• developer tools console output

POST https://localhost:9600/jsonrpc net::ERR_CERT_AUTHORITY_INVALID angular-packages-1.6.10.min.js:formatted:3191 

To Reproduce Steps to reproduce the behavior:

1. Go to 'AriaNg setting '

2. change port to my customized port in conf rpc-listen-port=9600

   my aria2.conf

   daemon=true
   log=D:\aria_config\aria2.log
   log-level=debug
   console-log-level=notice
   
   auto-save-interval=30
   dir=D:\aria_config
   file-allocation=falloc
   continue=true
   max-concurrent-downloads=20
   max-connection-per-server=16
   min-split-size=1M
   split=20
   
   save-session=D:\aria_config\aria2.session
   save-session-interval=60
   
   enable-rpc=true
   pause=false
   rpc-allow-origin-all=true
   rpc-listen-all=true
   rpc-save-upload-metadata=true
   event-poll=select
   rpc-listen-port=9600
   rpc-secure=true
   rpc-secret=test
   rpc-certificate=D:\Applications\Scoop\apps\aria2\1.36.0-1\aria2.pfx
   listen-port=51413
   follow-torrent=mem
   follow-metalink=mem
   enable-dht=true
   dht-listen-port=51413
   dht-file-path=D:\aria_config\dht.dat
   dht-file-path6=D:\aria_config\dht6.dat
   
   bt-enable-lpd=true
   enable-peer-exchange=true
   bt-request-peer-speed-limit=1M
   peer-id-prefix=-example-
   
   user-agent=Transmission/2.92
   seed-ratio=2.0
   seed-time=120
   force-save=true
   bt-seed-unverified=false
   bt-force-encryption=true
   bt-save-metadata=true

3. Click on 'https' / 'wws'

4. Scroll down to 'token' change to my customized token test based on

   rpc-secret=test

5. See error

Expected behavior A clear and concise description of what you expected to happen.

• aria status connected

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [Microsoft Windows Version 21H2 (OS Build 19044.1415)]

• Browser [

Vivaldi	5.0.2497.35 (Stable channel) (64-bit)
Revision	4d8d501b3fc052c66885c54abb3d4f7202fed5f0
OS	Windows 10 Version 21H2 (Build 19044.1415)
JavaScript	V8 9.6.180.22
User Agent	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.137 Safari/537.36
Command Line	"C:\Users\czg\AppData\Local\Vivaldi\Application\vivaldi.exe" --flag-switches-begin --enable-gpu-rasterization --enable-quic --enable-features=LensRegionSearch,SendTabToSelfManageDevicesLink,SendTabToSelfWhenSignedIn --flag-switches-end --origin-trial-disabled-features=CaptureHandle --save-page-as-mhtml

• extension Version [ from chrome extension store ; the latest 1.5.5]

• aria2c version

  $ aria2c.exe -v
  aria2 version 1.36.0
  Copyright (C) 2006, 2019 Tatsuhiro Tsujikawa
  
  ** Configuration **
  Enabled Features: Async DNS, BitTorrent, Firefox3 Cookie, GZip, HTTPS, Message Digest, Metalink, XML-RPC, SFTP
  Hash Algorithms: sha-1, sha-224, sha-256, sha-384, sha-512, md5, adler32
  Libraries: zlib/1.2.11 expat/2.4.1 sqlite3/3.36.0 GMP/6.2.1 c-ares/1.17.2 libssh2/1.9.0
  Compiler: mingw-w64 8.0.0 (alpha) / gcc 10-win32 20210110
   built by  x86_64-pc-linux-gnu
   targeting x86_64-w64-mingw32
   on        Aug 21 2021 17:37:16
  System: Windows 6.2 (x86_64) (6.2)

Additional context Add any other context about the problem here.

• brief aria debug info log

  • use wss ； although with error but can download the torrent . it's weird 🧐

  errorCode=1 SSL/TLS handshake failure: Error: The client and server cannot communicate, because they do not possess a common algorithm.

[sci-42ver]

• I tested websocket(safe) on http://ariang.mayswind.net/latest/#!/settings/ariang

  the following log pasted from vim with set nu in the mintty

  ( my PC always stutter when vscode open the a little big log ) so it may has ^M at the end.

  • this is aria info log

  33 Exception: [SocketCore.cc:1018] errorCode=1 SSL/TLS handshake failure: Error: The client and server cannot communicate, because they do not possess a co    mmon algorithm.^M
  34 (80090331)
  35 2022-01-09 01:39:53.990614 [INFO] [HttpListenCommand.cc:77] RPC: Accepted the connection from 127.0.0.1:7003.
  36 2022-01-09 01:39:54.181758 [INFO] [HttpListenCommand.cc:77] RPC: Accepted the connection from 127.0.0.1:7010.
  37 2022-01-09 01:39:54.197769 [INFO] [HttpServerCommand.cc:272] CUID#12 - Error occurred while reading HTTP request
  38 Exception: [SocketCore.cc:1018] errorCode=1 SSL/TLS handshake failure: Error: An unknown error occurred while processing the certificate.^M
  39 (80090327)

  • but then tls connected

   40 2022-01-09 01:39:54.208798 [INFO] [HttpListenCommand.cc:77] RPC: Accepted the connection from 127.0.0.1:7011.
   41 2022-01-09 01:39:54.227797 [INFO] [WinTLSSession.cc:788] WinTLS: connected with: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
   42 2022-01-09 01:39:54.227797 [INFO] [HttpServer.cc:186] HTTP Server received request
   43 GET /jsonrpc HTTP/1.1^M
   44 Host: 127.0.0.1:9600^M
   45 Connection: Upgrade^M
   46 Pragma: no-cache^M
   47 Cache-Control: no-cache^M
   48 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.137 Safari/537.36^M
   49 Upgrade: websocket^M
   50 Origin: http://ariang.mayswind.net^M
   51 Sec-WebSocket-Version: 13^M
   52 Accept-Encoding: gzip, deflate, br^M
   53 Accept-Language: zh-CN,zh;q=0.9,und;q=0.8,zh-Hans;q=0.7,en;q=0.6^M
   54 Sec-WebSocket-Key: dwUtlLV+ImrawlmOOTe8TA==^M
   55 Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits^M
    58 2022-01-09 01:39:54.228797 [INFO] [AbstractHttpServerResponseCommand.cc:117] CUID#13 - HttpServer: all response transmitted.
   59 2022-01-09 01:39:54.233797 [INFO] [rpc_helper.cc:103] Executing RPC method aria2.tellActive
   60 2022-01-09 01:39:54.233797 [INFO] [rpc_helper.cc:103] Executing RPC method aria2.getGlobalStat

  • maybe because of DHT & LPD

  150 2022-01-09 01:40:05.973672 [INFO] [rpc_helper.cc:103] Executing RPC method aria2.getGlobalOption
  151 2022-01-09 01:40:06.638609 [INFO] [rpc_helper.cc:103] Executing RPC method aria2.getGlobalStat
  152 2022-01-09 01:40:07.533284 [INFO] [rpc_helper.cc:103] Executing RPC method aria2.addTorrent
  153 2022-01-09 01:40:07.542283 [INFO] [RpcMethodImpl.cc:301] Uploaded torrent data was saved as D:/aria_config/073750871ebfc4615e3dfb160a360e9282e62cfa.torrent

  • after deleting dht & .aria2 websocket still work but it is based on bittorrent and dht ;it needs some time to build the DHT routing table

    • it may need Hyper-V Virtual Ethernet Adapterby

    identifying the IP address .

    [LpdMessageReceiver.cc:119] LPD message received infohash=b26c81363ac1a236765385a     702aec107a49581b5, port=51413 from 172.23.240.1
     200 2022-01-09 02:09:31.509988 [INFO] [AsyncNameResolverMan.cc:82] CUID#38 - Resolving hostname torrent.ubuntu.com
     201 2022-01-09 02:09:31.516978 [INFO] [AbstractCommand.cc:816] CUID#38 - Name resolution complete: torrent.ubuntu.com -     > 91.189.95.21
     202 2022-01-09 02:09:31.516978 [INFO] [HttpInitiateConnectionCommand.cc:123] CUID#38 - Connecting to 91.189.95.21:443

    

      1005 2022-01-09 02:13:47.001420 [INFO] [DownloadCommand.cc:242] CUID#38 - The download for one segment completed success     fully.
      1006 2022-01-09 02:13:47.001420 [INFO] [DefaultPieceStorage.cc:483] The download was complete.
      1007 2022-01-09 02:13:47.001420 [INFO] [DownloadEngine.cc:315] Pool socket for 91.189.95.21(443)
      1008 2022-01-09 02:13:47.001420 [INFO] [DefaultBtAnnounce.cc:353] No peers6 received.
      1009 2022-01-09 02:13:47.001420 [INFO] [PeerInitiateConnectionCommand.cc:77] CUID#41 - Connecting to 172.23.240.1:51413

      1056 2022-01-09 02:13:48.059740 [INFO] [SimpleBtMessage.cc:56] CUID#41 - To: 172.23.240.1:51413 handshake peerId=-czg-1-     1-%18y%D8_%FBE%22%5B%87%BC%12, reserved=0000000000100004
      1057 2022-01-09 02:13:48.059740 [INFO] [SimpleBtMessage.cc:56] CUID#168 - To: 172.23.240.1:8875 handshake peerId=-czg-1-     1-%18y%D8_%FBE%22%5B%87%BC%12, reserved=0000000000100005

    • I checked the aria2 source code and search by Googleing but no detailed description about Pool socket and peers6

    I really want know what the two terms mean ? 🧐

    [DownloadEngine.cc:315] Pool socket for 91.189.95.21(443)
    1085 2022-01-09 02:13:48.672884 [INFO] [DefaultBtAnnounce.cc:353] No peers6 received.

    • the following Found socket may be indicating websocket is working

    in https no this log info

    [DownloadEngine.cc:449] Found socket for 91.189.95.21(443)

• I found both https and wws have

    33 Exception: [SocketCore.cc:1018] errorCode=1 SSL/TLS handshake failure: Error: The client and server cannot commun       icate, because they do not possess a common algorithm.^M
    34 (80090331)
    35 2022-01-09 02:50:31.865686 [INFO] [HttpListenCommand.cc:77] RPC: Accepted the connection from 127.0.0.1:8610.
    36 2022-01-09 02:50:31.875715 [INFO] [HttpServerCommand.cc:272] CUID#11 - Error occurred while reading HTTP request
        37 Exception: [SocketCore.cc:1018] errorCode=1 SSL/TLS handshake failure: Error: An unknown error occurred while processing the certificate.^M
    38 (80090327)
    39 2022-01-09 02:50:31.875715 [INFO] [HttpListenCommand.cc:77] RPC: Accepted the connection from 127.0.0.1:8612.
    40 2022-01-09 02:50:31.883710 [INFO] [WinTLSSession.cc:788] WinTLS: connected with: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  362 Exception: [SocketCore.cc:1243] errorCode=1 Failed to receive data, cause: An existing connection was forcibly closed by the remote host.^M 

  [INFO] [BtLeecherStateChoke.cc:211] Leecher state, 1 choke round started

  • so what algorithm do aria use? how do I check that?

  • why certificate error then connected ? 🧐

  • forcibly closed by the remote host may be caused by what ? how to check by log or browser console ,etc?

  • what does 1 choke round mean ?

[alexhua]

Solution: import your self-signed certificate into system as root CA.