Intiface CLI v0.4.5 includes wrong BouncyCastle.Crypto.dll assembly - Githubissues

intiface / intiface-cli-csharp

Command line interface for running an Intiface server

Other

2 stars 3 forks source link

Intiface CLI v0.4.5 includes wrong BouncyCastle.Crypto.dll assembly #8

Closed lockedmouse closed 5 years ago

lockedmouse commented 5 years ago

Intiface Desktop shows an error message when trying to start a server using secure websockets:

Command failed: C:\Program Files (x86)\IntifaceCLI\IntifaceCLI.exe --frontendpipe --stayopen --wssecureport 12346 --wscertfile C:\Users\...\AppData\Local\Intiface\cert.pem --wsprivfile C:\Users\...\AppData\Local\Intiface\privkey.pem --log Info

AggregateException was unhandled. One or more errors occurred.
---> System.Exception: Pem certificate C:\Users\...\AppData\Local\Intiface\cert.pem could not be loaded
---> System.Exception: The Method "ReadPemCertificateWithPrivateKey" has failed.
---> System.IO.FileLoadException: Could not load file or assembly "BouncyCastle.Crypto, Version=1.8.4.0, Culture=neutral, PublicKeyToken=0e99375e54769942" or one of its dependencies. The specified module could not be found.
[...]

It looks like the Windows release of Intiface CLI v0.4.5 comes bundled with version 1.8.5 of the BouncyCastle.Crypto.dll assembly.\ However, the Buttplug.Server.Connectors.WebsocketServer.dll library requires version 1.8.4 of that assembly.

As a workaround, users can get version 1.8.4 of BouncyCastle.Crypto.dll from bouncycastle.org and replace the file in the installation directory (C:\Program Files (x86)\IntifaceCLI).

Affected versions:

Intiface Desktop version: 14.0.0
Intiface Engine version: 0.4.5
OS: Windows 10

qdot commented 5 years ago

Oh no! I'll get this fixed ASAP. Really need to get more verification tests in for the system.

(BTW, the only reason you need to use secure websockets is if you're connecting to Intiface from Firefox. Chrome actually allows non-secure websockets from secure contexts as long as they're on localhost. Firefox can do that but it's behind a pref, and turns them on for all addresses :| )

qdot commented 5 years ago

Ok, it looks like the library I brought on in order to read PEM files is pinned to an old bouncycastle.

I'm just gonna roll back our BouncyCastle to 1.8.4 for now and call it good. Such is life trying to deal with self signed certificates across C# and node. :(

Expect a 0.4.6 release sometime in the next hour or so.

qdot commented 5 years ago

Ok. We've got a problem.

It looks like BouncyCastle pulled 1.8.4 completely from nuget. Of course, the tiny library with 3 GH stars I use for PEM/PKCS conversion hasn't updated, but since I already released the library, I can't backport now. So I either have to fork that library and release my own package, or switch to something else. I'd honestly love to dump that dependency, so I'm seeing what I can do, but this may take a little longer than planned.

qdot commented 5 years ago

Ok. Problem solved. Just removed a ton of (now unused, at least by me) self-signed cert generation code from the C#, which means we no longer rely on two different versions of BouncyCastle, and we now have less code! Yay!

Will close this once 0.4.6.0 is out.

qdot commented 5 years ago

All fixed! 0.4.6.0 is out, I tested it under IDv14 and it seems fine. Thanks again for the report!

lockedmouse commented 5 years ago

Thanks for the detailed explanation, glad I could help!