KBFS timeouts when using 'disable-cert-pinning'

keybase / client

Keybase Go Library, Client, Service, OS X, iOS, Android, Electron

BSD 3-Clause "New" or "Revised" License

8.83k stars 1.22k forks source link

KBFS timeouts when using 'disable-cert-pinning' #25402

Open jms1voalte opened 1 year ago

jms1voalte commented 1 year ago

I had to use the disable-cert-pinning option because the machine is behind an aggressive firewall which basically MITM-attacks all traffic. The GUI app seems to work, however as soon as I tried to cd more than two levels "deep" in a KBFS team folder, it started throwing "The read operation took too long and failed" errors over and over again.

Log ID: 700ae48f71c75cfd13c49e1c

Running 6.0.3-20221212202006+608e46df72 on macOS 13.1.

jms1voalte commented 1 year ago

ALSO ... I ran keybase fs uploads on the machine while this was happening and got the following error message:

▶︎ WARNING (CONN gregor a2a51d0a) Connection: error dialing transport: x509: certiticate signed by unknown authority
▶︎ WARNING (CONN gregor a2a51d0a) Connection: error dialing transport: x509: certiticate signed by unknown authority
▶︎ WARNING (CONN gregor a2a51d0a) Connection: error dialing transport: x509: certiticate signed by unknown authority

jms1voalte commented 1 year ago

FWIW I was finally able to talk with somebody in the Corporate IT department ... they added the domains keybase.io and keybaseapi.com to the "do not perform SSL inspection" list, and now Keybase is working as expected ... so for me specifically the problem no longer exists, but I do think it's worth digging into if other people are experiencing this.

So if anybody else is experiencing this, you may want to add a "me too" comment so the Keybase devs know this issue is still affecting people.