[BUG] Cannot create tls connector: invalid peer certificate: BadEncoding

erebe / wstunnel

Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available

Other

3.16k stars 287 forks source link

[BUG] Cannot create tls connector: invalid peer certificate: BadEncoding #234

Closed PabloGirol closed 1 month ago

PabloGirol commented 2 months ago

Describe the bug While executing wstunnel a BadEncoding error appears while parsing certificates

To Reproduce I dont know how to reproduce it at this exact moment

Expected behavior Should create a tunnel with any address given to it as a client

Screenshots imagen

Desktop (please complete the following information):

OS: Windows 11
Browser Firefox v123
Version

Additional context It never works, my language and region is Spanish/Spain and I've recompiled with different certificates encoding and I could not make it work

erebe commented 2 months ago

Would you mind sharing the certificate of the server ?

with https://stackoverflow.com/questions/7885785/using-openssl-to-get-the-certificate-from-a-server so i can take a look at it ?

alou-S commented 2 months ago

@erebe One of my "clients" has the exact same error occurring on his PC. But I can't reproduce it myself on Windows or Linux, and none of my other clients report the same issue. I can provide a backtrace if needed but here is the reply of openssl s_client -connect ${WSTUNNEL_SERVER_IP}:${PORT} -showcerts

openssl.log

If anything else is required please do ask (Note that the server is using the build straight from the releases page and not using any custom certs)

erebe commented 2 months ago

Woud you mind trying this pre-release https://github.com/erebe/wstunnel/releases/tag/v9.2.4 and let me know if it fix your issue.

My guess is that there is an invalid certificate in the system store of the host/machine.

alou-S commented 1 month ago

Should that be used on the client too? Hosting the server with that didn't fix the client's error.

erebe commented 1 month ago

it should be used client side yes, sorry. On the server it will not change anything

PabloGirol commented 1 month ago

Would you mind sharing the certificate of the server ?

I don't know why this would be useful, as this happens with either the server active or not.

I tried the prerelease you mentioned and the tunnel now seems to work, the error is still there but it wont keep wstunnel from running

And yeah, your theory is correct as it seems, my windows, somehow, has an invalid certificate in the system store imagen

erebe commented 1 month ago

Would you mind sharing the certificate of the server ?

I don't know why this would be useful, as this happens with either the server active or not.

I read too quickly the issue :see_no_evil:

The fix is released in version 9.2.4 https://github.com/erebe/wstunnel/releases/tag/v9.2.4