Open bmacao opened 1 year ago
bmacao
commented
1 year ago Opensubtitles.com has a timeout issue as well:
opensubtitles.com: Search error: System.Threading.Tasks.TaskCanceledException: The request was canceled due to the configured HttpClient.Timeout of 30 seconds elapsing.
josdion
commented
1 year ago @bmacao Can you give a little more information, like the OS version, version of emby or jellyfin, version of subbuzz?
bmacao
commented
1 year ago Hi, should have given it right at the start, sorry bout that :)
Ubuntu 22.04 jellyfin 10.8.5 subbuzz 1.0.3.0
jonpas
commented
1 year ago Can confirm Podnapisi.NET SSL error on:
Currently running Jellyfin locally without SSL, but that shouldn't prevent accessing SSL services. Other providers function correctly.
Having Podnapisi.NET working would be really neat, as that's the provider with most Slovenian subtitles.
josdion
commented
1 year ago Seems like openssl can't verify the certificate from podnapisi.net
Can you run: curl -X GET https://www.podnapisi.net or openssl s_client -connect www.podnapisi.net:443 | grep error
jonpas
commented
1 year ago $ curl -X GET https://www.podnapisi.net
curl: (35) error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type
$ openssl s_client -connect www.podnapisi.net:443 | grep error
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = podnapisi.net
verify return:1
140087763469632:error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type:../ssl/t1_lib.c:1145:That happens on my server as well as on my local machine.
bmacao
commented
1 year ago Same error for me as @jonpas posted
josdion
commented
1 year ago There is a workaround setting CipherString = DEFAULT@SECLEVEL=0 in /etc/ssl/openssl.cnf. I wouldn't recommend it, but can't find better solution for now.
In openssl.cnf see to which section is pointing openssl_conf and in that section add ssl_conf = ssl_sect. After that add the following two sections
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
CipherString = DEFAULT@SECLEVEL=0Restart jellyfin.
bmacao
commented
1 year ago Sorry, not working at my end, still SSL error
josdion
commented
1 year ago @bmacao Can you try again with curl and openssl to see, if there is an error.
Also, if there is an error, try openssl s_client -connect www.podnapisi.net:443 -cipher DEFAULT@SECLEVEL=0 | grep error
Can you post the value of openssl_conf section from openssl.cnf
I test this on archlinux, so it may be different on ubuntu.
bmacao
commented
1 year ago 
My openssl_conf is as you have posted
josdion
commented
1 year ago @bmacao I didn't posted my openssl_conf , but here it is.
# Use this in order to automatically load providers.
openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
CipherString = DEFAULT@SECLEVEL=0Manage to get it working with additional config at openssl_conf:
( your settings still need to be applied )
... [ssl_default_sect] MinProtocol = TLSv1 CipherString = Default:@SECLEVEL=1 -> CipherString = Default:@SECLEVEL=0 ( change to 0 )
The pluggin is given SSL errors while searching subtitles on some providers (Podnapisi.NET), causing search to hang forever:
Search error: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:0A000172:SSL routines::wrong signature type --- End of inner exception stack trace --- at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, ReadOnlySpan
1 input, Byte[]& sendBuf, Int32& sendCount) at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteSslContext& context, ReadOnlySpan1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions) --- End of inner exception stack trace --- at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) --- End of inner exception stack trace --- at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request) at System.Threading.Tasks.TaskCompletionSourceWithCancellation1.WaitWithCancellationAsync(CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken) at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at Microsoft.Extensions.Http.Logging.LoggingHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at Microsoft.Extensions.Http.Logging.LoggingScopeHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken) at subbuzz.Helpers.Download.Get(String link, String referer, Dictionary2 post_params, CancellationToken cancellationToken, Int32 maxRetry) at subbuzz.Helpers.Download.GetStream(String link, String referer, Dictionary`2 post_params, CancellationToken cancellationToken, Int32 maxRetry) at subbuzz.Providers.PodnapisiNet.SearchUrl(String url, SearchInfo si, CancellationToken cancellationToken)