Closed guaycuru closed 2 years ago
So changing editing /etc/ssl/openssl.cnf
to change DEFAULT@SECLEVEL
from 2 to 0 according to this issue fixes my problem, but that seems like an undesirable workaround as I'm downgrading the default ssl sec level for my osmc box from 2 to 0. Could this be resolved in another way?
Please post a Wireshark packet capture of the TCP port 47984 traffic (tcp.port == 47984
). Something is probably using a certificate that OpenSSL doesn't like at SECLEVEL=2. It could be Moonlight if you haven't generated a new certificate since https://github.com/irtimmer/moonlight-embedded/commit/519a14a42786bafd267a215f671d4d73ccf7b13e or it could be GeForce Experience if that cert hasn't been regenerated in a while.
There you go. Please let me know if you need anything else.
It's failing to pair due to a local issue with the client certificate (no TLS traffic is actually seen in the pcap).
It looks like #775 and it also appears you're not running the version you think you are:
Moonlight Embedded 2.4.7 (PI;ALSA;PULSE;EMBEDDED)
The fix to generate SHA256 certificates was in v2.4.11, so your version doesn't contain the fix. You need to get it updated for real, and then wipe ~/.cache/moonlight
to force a certificate regeneration using the new code.
Note: You're on GFE 3.22, so simply updating to v2.4.11 is not sufficient. You need the current code in master for compatibility with GFE 3.22.
Yes, sorry, that first verbose
capture was using an older version, but the pcap was generated with a newer version:
moonlight pair -verbose
Moonlight Embedded 2.4.10 (PI;ALSA;EMBEDDED)
Searching for server...
Connect to 192.168.16.8...
NVIDIA NVIDIA GeForce GTX 1070, GFE 3.22.0.32 (gs_04_31_29754594, 7.1.431.0)
Please enter the following PIN on the target PC: 2421
Failed to pair to server: Problem with the local SSL certificate
I'm running 2.4.11 (taken from http://archive.itimmer.nl/raspbian/moonlight ) which according to this issue is actually 2.4.11 for which the version was not updated.
I could also try with the latest version from master but for some reason it reports itself as 2.4.7. Should I give that another try?
It's the version that generates the initial creds that matters, not the version that is actually trying to use them. If the first version of Moonlight you ran was some old build that didn't have 519a14a then the problem will persist on newer versions.
You need to wipe ~/.cache/moonlight
and pair again to get new creds generated.
If that still doesn't work, upload your certificate file ~/.cache/moonlight/client.pem
so we can tell if it truly is a SHA256 certificate.
Yes, wiping ~/.cache/moonlight
did it, I was able to successfully pair now! Thank you!
NVidia Geforce Experience version: 3.22.0.32 Moonlight Embedded version: latest master 7c8795f Moonlight Embedded source: repository/included in distribution/compiled from source/... Compiled from source Moonlight Embedded running on: Raspberry Pi/Cubox-i/Hummingboard/Other linux device/... Raspberry Pi 3 Moonlight Embedded running on distribution: Arch Linux/Raspbian/OpenELEC/... OSMC
Verbose output
-verbose
of Moonlight Embedded:Also, when trying to pair via Luna (the Kodi launcher) this is found in the logs, which might be useful:
What is the expected result?
Moonlight should be able to pair with host
What happens instead of that?
Moonlight is unable to pair with host