Certificate crashes murmur

mumble-voip / mumble

Mumble is an open-source, low-latency, high quality voice chat software.

https://www.mumble.info

Other

6.41k stars 1.12k forks source link

Certificate crashes murmur #2334

Closed Skippidar closed 8 years ago

Skippidar commented 8 years ago

When i try to connect to server with COMODO signed sertificate - server crashes. When i use private sertificate, generated by Mumble - i successfully connect to server.

P.S.: Static Linux Server - 1.3.0~1307~g3e1d7ed~snapshot (Fedora 23, Linux-4.4.9-300.fc23.x86_64)

Skippidar commented 8 years ago

I've just checked some 1.3.0 servers. Some of them crash, some of them not (or they have auto-restart, but untill i stop auto-reconnecting, they continue crashing every 2 sec).

1.2.X servers. - I just can't connect to them.

schlarpc commented 8 years ago

Is this you? My server just started crashing about 30 minutes ago.

2016-06-06 23:56:33.051 1 => <7:(-1)> New connection: 82.179.72.68:50968 2016-06-06 23:56:33.183 1 => <7:(-1)> SSL Error: The root CA certificate is not trusted for this purpose 2016-06-06 23:56:33.189 1 => <7:(-1)> SSL Error: No certificates could be verified 2016-06-06 23:56:33.195 1 => <7:(-1)> Connection closed: [-1] For reference, this is 1.3.0~1318~ga3275f5~snapshot-1~ppa1~trusty1 on Ubuntu 14.04.4.

mkrautz commented 8 years ago

I believe there is a problem in 1.3.0 where if you try to connect without a full certificate chain, this will happen.

Skippidar commented 8 years ago

@schlarpc Yep, ip looks like mine. Sorry for this, i was trying to connect to any server, but forgot about auto-reconnecting.

mkrautz commented 8 years ago

Workaround in https://github.com/mumble-voip/mumble/pull/2335

I believe the bug is a regression introduced in Qt 5. Working on submitting a patch upstream to fix it 'properly'.

mkrautz commented 8 years ago

FWIW, Qt bug is https://bugreports.qt.io/browse/QTBUG-53906.

Skippidar commented 8 years ago

And what about connecting to 1.2.X servers? They don't allow me to connect with COMODO sertificate.

mkrautz commented 8 years ago

@Skippidar The problem is that you haven't imported all needed intermediate certificates into Mumble.

It is disconnecting you, because the server can't verify your certificate chain.

You can fix it by including all intermediates in Mumble.

There's a pending pull request to allow you in without a full chain (https://github.com/mumble-voip/mumble/pull/2336) -- but in that case, the certificate would not be deemed strong (just like a self-signed certificate wouldn't).

Skippidar commented 8 years ago

Yep, problem with crashes solved.

But i did everything as said here https://wiki.mumble.info/wiki/Obtaining_a_Comodo_Certificate And i use Firefox, not Chrome for exporting certificate. But i can't connect anyway.