Closed rufik closed 3 years ago
OK, I've found that I can run prusa-slicer-console.exe --loglevel 9
and gather some meaningful logs :)
Here they are:
[2020-12-22 11:27:49.454782] [0x00000cc8] [info] OctoPrint: Get version at: https://octo/api/version
* Trying 192.168.aa.bb...
* TCP_NODELAY set
* Connected to octo (192.168.aa.bb) port 443 (#0)
* schannel: SSL/TLS connection with octo port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: ALPN, offering http/1.1
* schannel: sending initial handshake data: sending 190 bytes...
* schannel: sent initial handshake data: sent 190 bytes
* schannel: SSL/TLS connection with octo port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with octo port 443 (step 2/3)
* schannel: encrypted data got 3547
* schannel: encrypted data buffer: offset 3547 length 4096
* schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
* Closing connection 0
* schannel: shutting down SSL/TLS connection with octo port 443
* schannel: clear security context handle
[2020-12-22 11:27:49.716445] [0x00000cc8] [error] OctoPrint: Error getting version: SSL connect error:
schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
[Error 35], HTTP 0, body: ``
So it looks like a problem with usage of WinSSL (schannel) function to check revocation list. Can this function be disabled somehow?
I am not sure. We are using https://curl.se/libcurl/c/ for all TCPIP traffic. On Windows libcurl is configured to use the Microsoft SSL stack.
can confirm this as well. with Slicer Version 2.3.0+win64
Octoprint is running with an custom certificate and i am getting the same errors with Win64 Pro. (System is on german but it's the same)
[2021-02-22 22:11:34.611362] [0x00002720] [info] OctoPrint: Get version at: http://10.42.0.33/api/version
* Trying 10.42.0.33...
* TCP_NODELAY set
* Connected to 10.42.0.33 (10.42.0.33) port 80 (#0)
> GET /api/version HTTP/1.1
Host: 10.42.0.33
User-Agent: PrusaSlicer/2.3.0+win64
Accept: */*
X-Api-Key: AB085A571333455BB669A8E5578D1512
< HTTP/1.1 302 Found
< Cache-Control: no-cache
< Content-length: 0
< Location: https://10.42.0.33/api/version
<
* Connection #0 to host 10.42.0.33 left intact
* Issue another request to this URL: 'https://10.42.0.33/api/version'
* Trying 10.42.0.33...
* TCP_NODELAY set
* Connected to 10.42.0.33 (10.42.0.33) port 443 (#1)
* schannel: SSL/TLS connection with 10.42.0.33 port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: using IP address, SNI is not supported by OS.
* schannel: ALPN, offering http/1.1
* schannel: sending initial handshake data: sending 171 bytes...
* schannel: sent initial handshake data: sent 171 bytes
* schannel: SSL/TLS connection with 10.42.0.33 port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with 10.42.0.33 port 443 (step 2/3)
* schannel: encrypted data got 1443
* schannel: encrypted data buffer: offset 1443 length 4096
* schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - Die Sperrfunktion konnte keine Sperrprüfung für das Zertifikat durchführen.
* Closing connection 1
* schannel: shutting down SSL/TLS connection with 10.42.0.33 port 443
* schannel: clear security context handle
[2021-02-22 22:11:34.719459] [0x00002720] [error] OctoPrint: Error getting version: SSL connect error:
schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - Die Sperrfunktion konnte keine Sperrprüfung für das Zertifikat durchführen.
[Error 35], HTTP 0, body: ``
I tryed to connect the Slicer Version Version 2.3.0+ with Octoprint from a linux machine and that works perfectly, even if the slicer is using the linux "cert store"
Seeing this issue also. I have a personal CA and the certs all show as trusted in my browser.
I am not sure. We are using https://curl.se/libcurl/c/ for all TCPIP traffic. On Windows libcurl is configured to use the Microsoft SSL stack.
@bubnikv So it looks like CURLSSLBACKEND_SCHANNEL option is used (https://curl.se/libcurl/c/curl_global_sslset.html).
I think it's possible to affect revocation function via these libcurl options: CURLSSLOPT_NO_REVOKE
or CURLSSLOPT_REVOKE_BEST_EFFORT
: https://curl.se/libcurl/c/CURLOPT_SSL_OPTIONS.html
I'd try myself but I'm out of free time unfortunetly...but if someone can compile with this libcurl options enabled I'd be happy to try it out :)
So it looks like CURLSSLBACKEND_SCHANNEL option is used (https://curl.se/libcurl/c/curl_global_sslset.html). I think it's possible to affect revocation function via these libcurl options: CURLSSLOPT_NO_REVOKE or CURLSSLOPT_REVOKE_BEST_EFFORT: https://curl.se/libcurl/c/CURLOPT_SSL_OPTIONS.html I'd try myself but I'm out of free time unfortunetly...but if someone can compile with this libcurl options enabled I'd be happy to try it out :)
That may work on Windows. We are noobs in SSL certificates. What are the security risks connected with such configuration? Should we make it an option to the user?
BTW we are having similar issues on OSX.
That may work on Windows. We are noobs in SSL certificates. What are the security risks connected with such configuration? Should we make it an option to the user?
It's about CRL (https://en.wikipedia.org/wiki/Certificate_revocation_list) - list of certs that has been revoked and are no longer valid. So it's an issue that kind you still trust revoked ssl certs. I think the best is to give user choice - a combobox with options: Use CRL (default), Try to use CRL and Do not use CRL accordingly to libcurl options: default, _CURLSSLOPT_REVOKE_BESTEFFORT and _CURLSSLOPT_NOREVOKE.
The SSL channel on Windows we use is the Windows provided SChannel. Now why is SChannel unable to check revocation for the certificate? Because it is self signed?
Could we disable checking for certificate revocation just for self signed certificate?
- schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
0x80092012 is CRYPT_E_NO_REVOCATION_CHECK. That can be ignored by SCH_CRED_IGNORE_NO_REVOCATION_CHECK which is set by CURLSSLOPT_REVOKE_BEST_EFFORT. You can read the details of how it came about in curl/curl#4981.
Ignoring that error is not the default since the error is not specific to certificates without revocation points, which means it's tantamount to soft revocation check and curl's default is hard revocation check.
@jay Thanks, we can try that.
BTW, why don't you guys generate signed certificates with https://letsencrypt.org/
Letsencrypt requires web page to be exposed and reachable in public. It's not my case - I have Octoprint only in my LAN (and some others services as well). So I'm using self-signed certs (with IP & DNS Name in SAN) and I trust to my CA - it just works fine.
Hello @rufik @dani190 @nerxses and anybody having issues with self-signed certificate for Octoprint on Windows. Can I ask you to test this build? There should be checkbox in Physical Printer dialog saying "Ignore certificate revocation checks", please try upload with this option checked. Please note that this build is experimental and other features might broken / different than release or latest master. https://www.dropbox.com/s/ilzgpq1593k0737/PrusaSlicer-dk_curl.rar?dl=0
I've just checked - using https and Test button - and it seems to be OK when "Ignore certificate revocation checks" option is checked :) Very nice, thanks you. That's the solution we need.
@rufik Great! Would you please verify that actual upload of gcode is working as well?
I've just checked - using https and Test button - and it seems to be OK when "Ignore certificate revocation checks" option is checked :) Very nice, thanks you. That's the solution we need.
Now the bonus question: Why is this needed? What's wrong with the certificate? What's wrong with Microsoft Windows TLS implementation?
čt 29. 4. 2021 v 9:54 odesílatel kocikdav @.***> napsal:
@rufik https://github.com/rufik Great! Would you please verify that actual upload of gcode is working as well?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/prusa3d/PrusaSlicer/issues/5506#issuecomment-829019242, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABMPSIY5H43L3BMQ2HUYWA3TLEGC3ANCNFSM4VBB24GA .
@kocikdav Uploading to octoprint works fine as well :)
Just wanted to see if this will be merged in soon? I would download the build you noted but you said it could be unstable in other ways.
Is this checkbox working with OSX too? I am having similar issues and would like to try the experimental build on the Mac to see if it works.
I would imagine with any use of SSL/TLS you're going to have to deal with the issue of checking of the CN in the certificate as well as whether the slicer trusts the issuer of the cert being presented by the octo-print server.
: Is this checkbox working with OSX too?
Sorry, there is no such option offered by OSX API. The OSX API is purely documented in how it handles these self-signed certificates. Likely they would only work if we bundled your self-signed certificate as part of the application and the application was signed, but it is only my wild guess based on some hints skimmed from the OSX API documentation. If we wanted to "fix" this issue, we would likely have to revert to the OpenSSL implementation on OSX, circumventing the native OSX API.
Yes I totally understand. I was more making folks aware that using TLS requires you to do a number of back-flips in order to use self-signed certs. Usually the OS can be made to trust the cert by installing it in the system's truststore.
@ssill2 You would not believe how much time @kocikdav and me have wasted on this topic. We even asked the author of libcurl. The answer was something along the lines that the native TLS implementations are weird beasts.
Usually the OS can be made to trust the cert by installing it in the system's truststore.
That certainly did not help.
It may be that some of our very old slicer builds compiled libcurl using OpenSSL TLS implementation, not the OSX native TLS implementation and that worked for self signed certificates. We may try that one day if there is enough of interest.
yep, I've had to do a LOT of stuff with TLS for my job. Thankfully with java it's fairly easy to make self-signed certs work by simply adding the key to cacerts, java's default truststore, and it's possible to override hostname verification if the need should arise. I've never done this in C/C++. I don't currently use octoprint but I appreciate the pain that TLS is :)
not to mention getting into the ciphers etc and supporting things like TLS 1.3 etc lol
Here's a run-down of a normal TLS conversation to illustrate why self-signed certs don't work by design out of the box. https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/
Most os/browser vendors distribute a bundle of CA certs that's updated fairly frequently. This bundle is what the os uses to evaluate trust of tls certificates. This would include the big guys like GoDaddy, Network Solutions etc. While you CAN often override the truststore, or add to it, to use self-signed certs, this would be OS specific. I know you can with curl pass I think a -k in order to accept certs from untrusted certificate authorities. Besides this trust check the two ends of the conversation have to agree on what version of TLS to use(1.0, 1.1, etc) as well as encryption ciphers. The last check that's on by default in TLS is a hostname check. This checks that the canonical name(CN) in the cert matches what hostname you're connecting to. So if you're connecting by ip, but the server presents a cert with a CN that is a hostname, you'll likely have a failed connection. The easiest way to get around this is to have an /etc/hosts entry that matches the name in the CN of the certificate.
I think most OSes allow you to import the self-signed cert into the trust store, similar to the prompt a browser might give you to allow you to trust the cert. This would definitely have to be researched per platform.
I've had same issue as reported above with v2.3.1. I was able to resolve it by regenerating the server certificate, for OctoPrint, using my own / private certificate authority, with the ssl extension "crlDistributionPoints" set.
Using easyrsa, change the x509-types/COMMON: uncomment
and piont the URL to where the certificate revokation list is hosted. CRL can be generated using:
./easyrsa gen-crl
openssl crl -in /.../CA/pki/crl.pem -outform DER > /.../www/ca/ca.crl
@kocikdav @bubnikv Is there any plan to put this "Ignore certificate revocation checks" checkbox into next release?
I can confirm that this issue is resolved in PrusaSlicer 2.4.0-alpha1. The "Ignore certificate revocation checks" has been added.
@ostat Thanks for heads up. Happily closing.
Seems the ignore button doesn't work in 2.7.1. I get the error with or out without changing the ignore setting. I was able to work around it be switching to http. It's on my LAN, so this is an OK workaround for now.
Verbose error message:
Could not connect to OctoPrint: SSL peer certificate or SSH remote key was not OK:
schannel: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.
[Error 60]
Note: OctoPrint version at least 1.1.0 is required.
From Help, About:
PrusaSlicer
Version: 2.7.1+win64
Build: PrusaSlicer-2.7.1+win64-202312121425
Operating System: Windows
System Architecture: 64 bit
Windows Version: Windows 10 (build 19045), 64-bit edition
Total RAM size [MB]: 68,607MB
OpenGL installation
GL version: 4.6.0
Profile: Core
Vendor: NVIDIA Corporation
Renderer: NVIDIA GeForce RTX 3080/PCIe/SSE2
GLSL version: 4.60.0
Textures compression: Enabled
<details>
<summary>Installed extensions:</summary>
GL_AMD_multi_draw_indirect
GL_AMD_seamless_cubemap_per_texture
GL_AMD_vertex_shader_layer
GL_AMD_vertex_shader_viewport_index
GL_ARB_ES2_compatibility
GL_ARB_ES3_1_compatibility
GL_ARB_ES3_2_compatibility
GL_ARB_ES3_compatibility
GL_ARB_arrays_of_arrays
GL_ARB_base_instance
GL_ARB_bindless_texture
GL_ARB_blend_func_extended
GL_ARB_buffer_storage
GL_ARB_clear_buffer_object
GL_ARB_clear_texture
GL_ARB_clip_control
GL_ARB_color_buffer_float
GL_ARB_compressed_texture_pixel_storage
GL_ARB_compute_shader
GL_ARB_compute_variable_group_size
GL_ARB_conditional_render_inverted
GL_ARB_conservative_depth
GL_ARB_copy_buffer
GL_ARB_copy_image
GL_ARB_cull_distance
GL_ARB_debug_output
GL_ARB_depth_buffer_float
GL_ARB_depth_clamp
GL_ARB_depth_texture
GL_ARB_derivative_control
GL_ARB_direct_state_access
GL_ARB_draw_buffers
GL_ARB_draw_buffers_blend
GL_ARB_draw_elements_base_vertex
GL_ARB_draw_indirect
GL_ARB_draw_instanced
GL_ARB_enhanced_layouts
GL_ARB_explicit_attrib_location
GL_ARB_explicit_uniform_location
GL_ARB_fragment_coord_conventions
GL_ARB_fragment_layer_viewport
GL_ARB_fragment_program
GL_ARB_fragment_program_shadow
GL_ARB_fragment_shader
GL_ARB_fragment_shader_interlock
GL_ARB_framebuffer_no_attachments
GL_ARB_framebuffer_object
GL_ARB_framebuffer_sRGB
GL_ARB_geometry_shader4
GL_ARB_get_program_binary
GL_ARB_get_texture_sub_image
GL_ARB_gl_spirv
GL_ARB_gpu_shader5
GL_ARB_gpu_shader_fp64
GL_ARB_gpu_shader_int64
GL_ARB_half_float_pixel
GL_ARB_half_float_vertex
GL_ARB_imaging
GL_ARB_indirect_parameters
GL_ARB_instanced_arrays
GL_ARB_internalformat_query
GL_ARB_internalformat_query2
GL_ARB_invalidate_subdata
GL_ARB_map_buffer_alignment
GL_ARB_map_buffer_range
GL_ARB_multi_bind
GL_ARB_multi_draw_indirect
GL_ARB_multisample
GL_ARB_multitexture
GL_ARB_occlusion_query
GL_ARB_occlusion_query2
GL_ARB_parallel_shader_compile
GL_ARB_pipeline_statistics_query
GL_ARB_pixel_buffer_object
GL_ARB_point_parameters
GL_ARB_point_sprite
GL_ARB_polygon_offset_clamp
GL_ARB_post_depth_coverage
GL_ARB_program_interface_query
GL_ARB_provoking_vertex
GL_ARB_query_buffer_object
GL_ARB_robust_buffer_access_behavior
GL_ARB_robustness
GL_ARB_sample_locations
GL_ARB_sample_shading
GL_ARB_sampler_objects
GL_ARB_seamless_cube_map
GL_ARB_seamless_cubemap_per_texture
GL_ARB_separate_shader_objects
GL_ARB_shader_atomic_counter_ops
GL_ARB_shader_atomic_counters
GL_ARB_shader_ballot
GL_ARB_shader_bit_encoding
GL_ARB_shader_clock
GL_ARB_shader_draw_parameters
GL_ARB_shader_group_vote
GL_ARB_shader_image_load_store
GL_ARB_shader_image_size
GL_ARB_shader_objects
GL_ARB_shader_precision
GL_ARB_shader_storage_buffer_object
GL_ARB_shader_subroutine
GL_ARB_shader_texture_image_samples
GL_ARB_shader_texture_lod
GL_ARB_shader_viewport_layer_array
GL_ARB_shading_language_100
GL_ARB_shading_language_420pack
GL_ARB_shading_language_include
GL_ARB_shading_language_packing
GL_ARB_shadow
GL_ARB_sparse_buffer
GL_ARB_sparse_texture
GL_ARB_sparse_texture2
GL_ARB_sparse_texture_clamp
GL_ARB_spirv_extensions
GL_ARB_stencil_texturing
GL_ARB_sync
GL_ARB_tessellation_shader
GL_ARB_texture_barrier
GL_ARB_texture_border_clamp
GL_ARB_texture_buffer_object
GL_ARB_texture_buffer_object_rgb32
GL_ARB_texture_buffer_range
GL_ARB_texture_compression
GL_ARB_texture_compression_bptc
GL_ARB_texture_compression_rgtc
GL_ARB_texture_cube_map
GL_ARB_texture_cube_map_array
GL_ARB_texture_env_add
GL_ARB_texture_env_combine
GL_ARB_texture_env_crossbar
GL_ARB_texture_env_dot3
GL_ARB_texture_filter_anisotropic
GL_ARB_texture_filter_minmax
GL_ARB_texture_float
GL_ARB_texture_gather
GL_ARB_texture_mirror_clamp_to_edge
GL_ARB_texture_mirrored_repeat
GL_ARB_texture_multisample
GL_ARB_texture_non_power_of_two
GL_ARB_texture_query_levels
GL_ARB_texture_query_lod
GL_ARB_texture_rectangle
GL_ARB_texture_rg
GL_ARB_texture_rgb10_a2ui
GL_ARB_texture_stencil8
GL_ARB_texture_storage
GL_ARB_texture_storage_multisample
GL_ARB_texture_swizzle
GL_ARB_texture_view
GL_ARB_timer_query
GL_ARB_transform_feedback2
GL_ARB_transform_feedback3
GL_ARB_transform_feedback_instanced
GL_ARB_transform_feedback_overflow_query
GL_ARB_transpose_matrix
GL_ARB_uniform_buffer_object
GL_ARB_vertex_array_bgra
GL_ARB_vertex_array_object
GL_ARB_vertex_attrib_64bit
GL_ARB_vertex_attrib_binding
GL_ARB_vertex_buffer_object
GL_ARB_vertex_program
GL_ARB_vertex_shader
GL_ARB_vertex_type_10f_11f_11f_rev
GL_ARB_vertex_type_2_10_10_10_rev
GL_ARB_viewport_array
GL_ARB_window_pos
GL_ATI_draw_buffers
GL_ATI_texture_float
GL_ATI_texture_mirror_once
GL_EXTX_framebuffer_mixed_formats
GL_EXT_Cg_shader
GL_EXT_abgr
GL_EXT_bgra
GL_EXT_bindable_uniform
GL_EXT_blend_color
GL_EXT_blend_equation_separate
GL_EXT_blend_func_separate
GL_EXT_blend_minmax
GL_EXT_blend_subtract
GL_EXT_compiled_vertex_array
GL_EXT_depth_bounds_test
GL_EXT_direct_state_access
GL_EXT_draw_buffers2
GL_EXT_draw_instanced
GL_EXT_draw_range_elements
GL_EXT_fog_coord
GL_EXT_framebuffer_blit
GL_EXT_framebuffer_multisample
GL_EXT_framebuffer_multisample_blit_scaled
GL_EXT_framebuffer_object
GL_EXT_framebuffer_sRGB
GL_EXT_geometry_shader4
GL_EXT_gpu_program_parameters
GL_EXT_gpu_shader4
GL_EXT_import_sync_object
GL_EXT_memory_object
GL_EXT_memory_object_win32
GL_EXT_multi_draw_arrays
GL_EXT_multiview_texture_multisample
GL_EXT_multiview_timer_query
GL_EXT_packed_depth_stencil
GL_EXT_packed_float
GL_EXT_packed_pixels
GL_EXT_pixel_buffer_object
GL_EXT_point_parameters
GL_EXT_polygon_offset_clamp
GL_EXT_post_depth_coverage
GL_EXT_provoking_vertex
GL_EXT_raster_multisample
GL_EXT_rescale_normal
GL_EXT_secondary_color
GL_EXT_semaphore
GL_EXT_semaphore_win32
GL_EXT_separate_shader_objects
GL_EXT_separate_specular_color
GL_EXT_shader_image_load_formatted
GL_EXT_shader_image_load_store
GL_EXT_shader_integer_mix
GL_EXT_shadow_funcs
GL_EXT_sparse_texture2
GL_EXT_stencil_two_side
GL_EXT_stencil_wrap
GL_EXT_texture3D
GL_EXT_texture_array
GL_EXT_texture_buffer_object
GL_EXT_texture_compression_dxt1
GL_EXT_texture_compression_latc
GL_EXT_texture_compression_rgtc
GL_EXT_texture_compression_s3tc
GL_EXT_texture_cube_map
GL_EXT_texture_edge_clamp
GL_EXT_texture_env_add
GL_EXT_texture_env_combine
GL_EXT_texture_env_dot3
GL_EXT_texture_filter_anisotropic
GL_EXT_texture_filter_minmax
GL_EXT_texture_integer
GL_EXT_texture_lod
GL_EXT_texture_lod_bias
GL_EXT_texture_mirror_clamp
GL_EXT_texture_object
GL_EXT_texture_sRGB
GL_EXT_texture_sRGB_R8
GL_EXT_texture_sRGB_decode
GL_EXT_texture_shadow_lod
GL_EXT_texture_shared_exponent
GL_EXT_texture_storage
GL_EXT_texture_swizzle
GL_EXT_timer_query
GL_EXT_transform_feedback2
GL_EXT_vertex_array
GL_EXT_vertex_array_bgra
GL_EXT_vertex_attrib_64bit
GL_EXT_win32_keyed_mutex
GL_EXT_window_rectangles
GL_IBM_rasterpos_clip
GL_IBM_texture_mirrored_repeat
GL_KHR_blend_equation_advanced
GL_KHR_blend_equation_advanced_coherent
GL_KHR_context_flush_control
GL_KHR_debug
GL_KHR_no_error
GL_KHR_parallel_shader_compile
GL_KHR_robust_buffer_access_behavior
GL_KHR_robustness
GL_KHR_shader_subgroup
GL_KTX_buffer_region
GL_NVX_blend_equation_advanced_multi_draw_buffers
GL_NVX_conditional_render
GL_NVX_gpu_memory_info
GL_NVX_gpu_multicast2
GL_NVX_linked_gpu_multicast
GL_NVX_multigpu_info
GL_NVX_nvenc_interop
GL_NVX_progress_fence
GL_NV_ES1_1_compatibility
GL_NV_ES3_1_compatibility
GL_NV_alpha_to_coverage_dither_control
GL_NV_bindless_multi_draw_indirect
GL_NV_bindless_multi_draw_indirect_count
GL_NV_bindless_texture
GL_NV_blend_equation_advanced
GL_NV_blend_equation_advanced_coherent
GL_NV_blend_minmax_factor
GL_NV_blend_square
GL_NV_clip_space_w_scaling
GL_NV_command_list
GL_NV_compute_program5
GL_NV_compute_shader_derivatives
GL_NV_conditional_render
GL_NV_conservative_raster
GL_NV_conservative_raster_dilate
GL_NV_conservative_raster_pre_snap
GL_NV_conservative_raster_pre_snap_triangles
GL_NV_conservative_raster_underestimation
GL_NV_copy_depth_to_color
GL_NV_copy_image
GL_NV_depth_buffer_float
GL_NV_depth_clamp
GL_NV_draw_texture
GL_NV_draw_vulkan_image
GL_NV_explicit_multisample
GL_NV_feature_query
GL_NV_fence
GL_NV_fill_rectangle
GL_NV_float_buffer
GL_NV_fog_distance
GL_NV_fragment_coverage_to_color
GL_NV_fragment_program
GL_NV_fragment_program2
GL_NV_fragment_program_option
GL_NV_fragment_shader_barycentric
GL_NV_fragment_shader_interlock
GL_NV_framebuffer_mixed_samples
GL_NV_framebuffer_multisample_coverage
GL_NV_geometry_shader4
GL_NV_geometry_shader_passthrough
GL_NV_gpu_multicast
GL_NV_gpu_program4
GL_NV_gpu_program4_1
GL_NV_gpu_program5
GL_NV_gpu_program5_mem_extended
GL_NV_gpu_program_fp64
GL_NV_gpu_shader5
GL_NV_half_float
GL_NV_internalformat_sample_query
GL_NV_light_max_exponent
GL_NV_memory_attachment
GL_NV_memory_object_sparse
GL_NV_mesh_shader
GL_NV_multisample_coverage
GL_NV_multisample_filter_hint
GL_NV_occlusion_query
GL_NV_packed_depth_stencil
GL_NV_parameter_buffer_object
GL_NV_parameter_buffer_object2
GL_NV_path_rendering
GL_NV_path_rendering_shared_edge
GL_NV_pixel_data_range
GL_NV_point_sprite
GL_NV_primitive_restart
GL_NV_primitive_shading_rate
GL_NV_query_resource
GL_NV_query_resource_tag
GL_NV_register_combiners
GL_NV_register_combiners2
GL_NV_representative_fragment_test
GL_NV_sample_locations
GL_NV_sample_mask_override_coverage
GL_NV_scissor_exclusive
GL_NV_shader_atomic_counters
GL_NV_shader_atomic_float
GL_NV_shader_atomic_float64
GL_NV_shader_atomic_fp16_vector
GL_NV_shader_atomic_int64
GL_NV_shader_buffer_load
GL_NV_shader_storage_buffer_object
GL_NV_shader_subgroup_partitioned
GL_NV_shader_texture_footprint
GL_NV_shader_thread_group
GL_NV_shader_thread_shuffle
GL_NV_shading_rate_image
GL_NV_stereo_view_rendering
GL_NV_texgen_reflection
GL_NV_texture_barrier
GL_NV_texture_compression_vtc
GL_NV_texture_dirty_tile_map
GL_NV_texture_env_combine4
GL_NV_texture_multisample
GL_NV_texture_rectangle
GL_NV_texture_rectangle_compressed
GL_NV_texture_shader
GL_NV_texture_shader2
GL_NV_texture_shader3
GL_NV_timeline_semaphore
GL_NV_transform_feedback
GL_NV_transform_feedback2
GL_NV_uniform_buffer_std430_layout
GL_NV_uniform_buffer_unified_memory
GL_NV_vertex_array_range
GL_NV_vertex_array_range2
GL_NV_vertex_attrib_integer_64bit
GL_NV_vertex_buffer_unified_memory
GL_NV_vertex_program
GL_NV_vertex_program1_1
GL_NV_vertex_program2
GL_NV_vertex_program2_option
GL_NV_vertex_program3
GL_NV_viewport_array2
GL_NV_viewport_swizzle
GL_OVR_multiview
GL_OVR_multiview2
GL_S3_s3tc
GL_SGIS_generate_mipmap
GL_SGIS_texture_lod
GL_SGIX_depth_texture
GL_SGIX_shadow
GL_SUN_slice_accum
GL_WIN_swap_hint
WGL_EXT_swap_control
</details>
This issue is back in 2.8.0. The temporary workaround of removing the redirect line of haproxy.cfg and switching from https to http allows me to print from PrusaSlicer. Is there a real fix for this problem?
Version
PrusaSlicer 2.2.0+win64 Octoprint 1.5.2
{"api":"0.1","server":"1.5.2","text":"OctoPrint 1.5.2"}
Operating system type + version
Windows 10 Pro 20H2 compilation 19042.685
3D printer brand / version + firmware version (if known)
Ender-3 Pro, firmware TH3D 2.12b
Behavior
Connection to Octoprint using HTTP (SSL) does not work. I have Linux box (Ubuntu Focal armhf) running successfully Octoprint 1.5.2. I'd like to migrate from Cura to PrusaSlicer, so I've made simple printer configuration and I put following setting for "Print Host Upload" section:
So it's really simple. I'm running Octoprint at https://octo dns name, it's resolvable and it uses my self-signed SSL certificate. CA for cert is already loaded into Windows certs storage, so Chrome (and other web browsers) has no problem with that at all: Cura does work as well.
So when I press "Test" button I'm getting no-meaning message:
I'm not able to locate any log file for PrusaSlicer, so I'm unable to verify this issue deeper. How to debug what's going on?