search

iotaledger / firefly

The official IOTA and Shimmer wallet
https://firefly.iota.org
Apache License 2.0
481 stars 102 forks source link

[Bug]: Firefly cannot connect to Private Tangle with Self-Signed Certificate #2111

Closed sikhness closed 10 months ago

sikhness commented 2 years ago

Issue description

I have a private tangle set up (using the one-click-tangle utility) and have created a new Developer profile within Firefly (1.3.2), when I try to connect to my private tangle which has a self-signed certificate (since HTTP is not supported), I get the following error: ClientError: error sending request for url (https://localhost:14266/api/v1/info): error trying to connect: invalid peer certificate contents: invalid peer certificate: UnknownIssuer. I've already added the certificate to my Operating System certificate store as I'm able to hit the HTTPS node endpoint via the web browser, however Firefly does not seem to accept the Operating System certificate store.

Expected behaviour

Firefly should connect to the node and allow me to commit transactions.

Actual behaviour

Firefly fails with a ClientError: error sending request for url (https://localhost:14266/api/v1/info): error trying to connect: invalid peer certificate contents: invalid peer certificate: UnknownIssuer error

Can the issue reliably be reproduced?

Yes

Steps to reproduce the issue

  1. Create a private tangle
  2. Create an SSL reverse-proxy using a self-signed certificate
  3. Connect Firefly to reverse-proxy to connect to private tangle (error occurs)

Diagnostics

Firefly v1.3.2
Language: en
Currency: CAD
Node selection: Manual
Platform: win32
Platform Version: 10.0.19042
Platform Architecture: x64
CPU Count: 12
Total Memory: 32093.8 MB
Free Memory: 23906.6 MB

Errors

`ClientError: error sending request for url (https://localhost:14266/api/v1/info): error trying to connect: invalid peer certificate contents: invalid peer certificate: UnknownIssuer`

Duplicate declaration

Code of Conduct

rajivshah3 commented 2 years ago

however Firefly does not seem to accept the Operating System certificate store

This is a drawback of using rustls instead of rust-native-tls. We should instead expose a native-tls feature in iota.rs and wallet.rs so that we can support using the OS certificate store and TLS implementations instead

sikhness commented 2 years ago

@rajivshah3 is there any way to make Firefly accept my self-signed certificate at the moment? Is there a certificate store that it is referring to in the installation where I can import it into?

rajivshah3 commented 2 years ago

Unfortunately, I don't think there's anything you can do in the currently released versions of Firefly. We're going to look into native TLS support (which would use the OS certificate store), but we need to make some changes in our own libraries and some of our dependencies. I'll keep this issue updated with the progress of those changes

rajivshah3 commented 2 years ago

Related: https://github.com/iotaledger/iota-sdk/issues/56

marc2332 commented 11 months ago

Hey @sikhness we just released a new version of Firefly (v2.0.2 at the time of writing this). Could you give it a try and let us know if this issue is resolved? Thank you 😄 ✌️

begonaalvarezd commented 10 months ago

Closing issue due to inactivity, please update to the latest version and reopen the issue if the problem persist 🌷