search

keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.
902 stars 36 forks source link

Keybase not working #4233

Open blairarthur1 opened 5 months ago

blairarthur1 commented 5 months ago

unable to send messages, receiving error message Screenshot 2024-01-11 100507

logston commented 5 months ago

Looks like new cert that was not yet baked into the app: Screenshot 2024-01-13 at 10 40 45 AM

$ openssl s_client -showcerts -servername api-0.core.keybaseapi.com -connect api-0.core.keybaseapi.com:443                                                                                                                                  
Connecting to 54.165.80.228                                                                                                                                                                                                                    
CONNECTED(00000007)                                                                                                                                                                                                                            
depth=0 CN=api-0.core.keybaseapi.com, O=Keybase, OU=Keybase LLC, L=NYC, ST=NY, C=US                                                                                                                                                            
verify error:num=20:unable to get local issuer certificate                                                                                                                                                                                     
verify return:1                                                                                                                                                                                                                                
depth=0 CN=api-0.core.keybaseapi.com, O=Keybase, OU=Keybase LLC, L=NYC, ST=NY, C=US                                                                                                                                                            
verify error:num=21:unable to verify the first certificate                                                                                                                                                                                     
verify return:1                                                                                                                                                                                                                                
depth=0 CN=api-0.core.keybaseapi.com, O=Keybase, OU=Keybase LLC, L=NYC, ST=NY, C=US                                                                                                                                                            
verify return:1                                                                                                                                                                                                                                
---                                                                                                                                                                                                                                            
Certificate chain                                                                                                                                                                                                                              
 0 s:CN=api-0.core.keybaseapi.com, O=Keybase, OU=Keybase LLC, L=NYC, ST=NY, C=US                                                                                                                                                               
   i:C=US, ST=NY, L=New York, O=Keybase LLC, OU=Cert Authority, CN=keybase.io/emailAddress=ca@keybase.io                                                                                                                                       
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256                                                                                                                                                                                       
   v:NotBefore: Dec 31 20:08:16 2023 GMT; NotAfter: Dec 30 20:08:16 2025 GMT                                                                                                                                                                   
-----BEGIN CERTIFICATE-----                                                                                                                                                                                                                    
MIIGFDCCA/ygAwIBAgIJAM4AZ8iVxn2RMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD                                                                                                                                                                               
VQQGEwJVUzELMAkGA1UECBMCTlkxETAPBgNVBAcTCE5ldyBZb3JrMRQwEgYDVQQK                                                                                                                                                                               
EwtLZXliYXNlIExMQzEXMBUGA1UECxMOQ2VydCBBdXRob3JpdHkxLjAsBgNVBAMM                                                                                                                                                                               
JWtleWJhc2UuaW8vZW1haWxBZGRyZXNzPWNhQGtleWJhc2UuaW8wHhcNMjMxMjMx                                                                                                                                                                               
MjAwODE2WhcNMjUxMjMwMjAwODE2WjB0MSIwIAYDVQQDDBlhcGktMC5jb3JlLmtl
eWJhc2VhcGkuY29tMRAwDgYDVQQKDAdLZXliYXNlMRQwEgYDVQQLDAtLZXliYXNl
IExMQzEMMAoGA1UEBwwDTllDMQswCQYDVQQIDAJOWTELMAkGA1UEBhMCVVMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP5uDo2JaytTeaCwYgBaMbG4YA
uxFsC9MLuIbIaVHskZlnZUuITpYGckn+PsHNLyfsqoLVn1iDGcb+UK9fE5ze/wpN
KB3wAtj6jXhIaE6wyfzGANwKdoADA2V1b2YIOZHA9lsN2k8m0cQI5wDuo/oLrHqB
SY6+oqFCKlqESEz9PeAUgcsYZNJbNSU4dcAZiwTa46c3q4IkIS79MklRrnL7S0tv
gR9cexwB5lNkZ8pFRymc1lR1IWJvHbDPRlCaQXCYNUwFhuXr7h+3ptV6VDS9xfAA
TYAJBJPcax+OPc2Aw/UZEWgUlTf8+u0U7t3Gucvdn4btbfm6IIW2TICKFnrPAgMB
AAGjggGOMIIBijAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAdBgNVHQ4E
FgQUxMKTPloZy+BuVrxjVxKZTC63zeYwgcEGA1UdIwSBuTCBtoAURqpATOw1gVVr
zlqqFKbkfaKXvwqhgZKkgY8wgYwxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJOWTER
MA8GA1UEBxMITmV3IFlvcmsxFDASBgNVBAoTC0tleWJhc2UgTExDMRcwFQYDVQQL
Ew5DZXJ0IEF1dGhvcml0eTEuMCwGA1UEAwwla2V5YmFzZS5pby9lbWFpbEFkZHJl
c3M9Y2FAa2V5YmFzZS5pb4IJAPzhpcIBaOeNMA4GA1UdDwEB/wQEAwIFoDATBgNV
HSUEDDAKBggrBgEFBQcDATBiBgNVHREEWzBZghlhcGktMC5jb3JlLmtleWJhc2Vh
cGkuY29tghlhcGktMS5jb3JlLmtleWJhc2VhcGkuY29tghEqLnByb2Qua2ItYXdz
Lm5ldIIOYXBpLmtleWJhc2UuaW8wDQYJKoZIhvcNAQELBQADggIBAGVacz1nBIua
/mXeQN4xD6/VB97/y/QKiZ177ehDL4S/iqCIIcvLetdr4dG+L/35RvP0jTMmHZgy
jjVFJMOmBV9zmFyDYXRQQT1M9E3G4QBP1dAs3Sr6RsEFLJPH5jk0M1Ko+qy8JmHJ
Y6NtuwPivmVMfMJzEATUH2nS9N4AbEjHB0ZE2MOOft3n7Ok/kEtyiHtrc9poZeMF
ILeKVF7ARmcDxlzVmWGjFt5gc1vTweVkhwA/Ix66sJ11HPcjVIeh7wzKnGpS7Tdy
vvWVxUFRpryd1U03B9v5O0nLPviyBH3z6V//9ECUwbFTyXLF+ZI38SN7eRGe+Uqq
3VSmiUahvqMcc/+o9idPRz3KtzCE/UTX9vdZtDiJr52L+RQXC1gA18aumIRAeNak
DTHH8WZszIGw1qw2QdXDWjTv90f53dNmFusy83cOePmz9N0mugYOHIgieN7vENP5
p18t1yx90coq1qaNAImgQIc6bgBV2vuuE/9ZBIbiVqinFexJrf/IqNQrVKd1ge8l
rlL1+luhmHPkFUMxXs9UPpeLULmvmDw5MIK5ks5p+eESDbY4rKTnMhtBIpMpeJ/7
ID71iZBTT9e714HW4dQXz+n1w9+tTbNcD0AKJ4s8zeGmP0SZhbhaSV8FR1Tf6RVe
p6OTJILYsE8lqZBxuQ1yaL7s+DGCnqAJ
-----END CERTIFICATE-----
---
Server certificate
subject=CN=api-0.core.keybaseapi.com, O=Keybase, OU=Keybase LLC, L=NYC, ST=NY, C=US
issuer=C=US, ST=NY, L=New York, O=Keybase LLC, OU=Cert Authority, CN=keybase.io/emailAddress=ca@keybase.io
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2120 bytes and written 413 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)

Looking at the cert data with a bit more formatting: 

 $ pbpaste | openssl x509 -text
Warning: Reading certificate from stdin since no -in or -new option is given
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ce:00:67:c8:95:c6:7d:91
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=NY, L=New York, O=Keybase LLC, OU=Cert Authority, CN=keybase.io/emailAddress=ca@keybase.io
        Validity
            Not Before: Dec 31 20:08:16 2023 GMT
            Not After : Dec 30 20:08:16 2025 GMT
...

https://github.com/keybase/keybase-issues/issues/4230#issuecomment-1882755766

Looks like solution is to reinstall.

logston commented 5 months ago

Ah, didn't see this until I re-installed: Screenshot 2024-01-13 at 10 57 03 AM

ForbiddenEra commented 5 months ago

Ah, didn't see this until I re-installed: Screenshot 2024-01-13 at 10 57 03 AM

Same here.. Kinda silly but at least they sorta tried to get the word out? I mean, my first thought was to upgrade but I didn't see a note on the site regarding it, so I hesitated, especially since I couldn't easily find an 'About' to find current version.