CCA cert issue

[ghost]

[Problem with the SSL CA cert (path? access rights?)]

[danmun]

Getting the same issue. Get this when a tracker is using SSL for its torrents. How to fix this?

[kfei]

@danmun Sorry I'm not using private trackers recently and don't have any torrent to re-produce this problem. Can you provide more detail on the tracker or maybe a torrent file? Thank you.

[danmun]

As you know, private tracker torrent files contain personal passkeys so the only way I can give one to you is if I remove the passkey, but then you can't connect so it's not much use. The site i'm having trouble with is avistaz.to (tracker.avistaz.to) .

The issue is also outlined here with a possible fix https://wiki.archlinux.org/index.php/RTorrent#CA_certificates ... but that is for a normal, non-docker container environment. I don't know how to do this inside a container.

[kfei]

To try that fix:

1. Get into your container: docker exec -it <cid> /bin/bash
2. Perform the fix
3. kill <pid_of_rTorrent>
4. Wait rTorrent to restart (automatically)
5. See if it works

Sorry I tried to find an SSL-enabled open tracker but no good. :disappointed:

[danmun]

Okay that worked! I entered the container as you said then proceeded to follow the fix on that wiki. I had to create the /ssl/certs directories and also install wget inside the container. The name of the rtorrent process at first is 'main' but ps -a <pid of main> will show that it is rTorrent. So I killed it, waited for a quick restart and now it works, at least for the tracker I mentioned above (the only tracker with ssl torrents in my client so far).

Thanks for the tips!

[kfei]

I'm glad to hear that. :grinning:

[ngarafol]

You can try entering container and apt update; apt install ca-certificates; docker stop container; docker start container. Fixed the issue for me!

[sithtoast]

ngarafol: you really don't even need to restart the container after installing the certificates! Just go into rutorrent's options/advanced and stick /etc/ssl/certs in the http_capath and refresh your trackers.

[aprofessionalusername]

ngarafol: you really don't even need to restart the container after installing the certificates! Just go into rutorrent's options/advanced and stick /etc/ssl/certs in the http_capath and refresh your trackers.

This is the correct way to do it for most cases. I haven't run into any private trackers that have a invalid cert/root authority.

@kfei I can easily create a pull to add the certs... but I'm not seeing a way with rutorrent to add the path at install time. Users will still have to go add the entry to http_capath but I might just not be looking hard enough.