Closed simonokeefe closed 10 months ago
Same issue with LTR 3.28. After restart seems to work fine again.
Just starting up Qgis 3.28 says the plugin certificate s are not found.
Python Stack Trace
Windows fatal exception: access violation
Current thread 0x00002ab0 (most recent call first):
<no Python frame>
Stack Trace
QCA::DHPublicKey::DHPublicKey :
QCA::DHPublicKey::DHPublicKey :
QCA::DHPublicKey::DHPublicKey :
QgsAuthCertInfo::populateInfoDetailsSection :
QgsAuthCertInfo::updateCurrentCertInfo :
QgsAuthCertInfo::currentCertItemChanged :
QObject::qt_static_metacall :
QTreeWidget::qt_static_metacall :
QObject::qt_static_metacall :
QItemSelectionModel::setCurrentIndex :
QTreeWidget::setCurrentItem :
QgsAuthCertInfo::setCertHierarchy :
QgsAuthCertInfo::QgsAuthCertInfo :
QgsAuthCertInfoDialog::QgsAuthCertInfoDialog :
QgsAuthSslErrorsDialog::showCertificateChainInfo :
QObject::qt_static_metacall :
QAbstractButton::clicked :
QAbstractButton::click :
QAbstractButton::mouseReleaseEvent :
QToolButton::mouseReleaseEvent :
QWidget::event :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QApplicationPrivate::sendMouseEvent :
QSizePolicy::QSizePolicy :
QSizePolicy::QSizePolicy :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QGuiApplicationPrivate::processMouseEvent :
QWindowSystemInterface::sendWindowSystemEvents :
QEventDispatcherWin32::processEvents :
qt_plugin_query_metadata :
QEventLoop::exec :
QDialog::exec :
QgsAnnotationWidget::frameStyleChanged :
QgsNetworkAccessManager::handleSslErrors :
QObject::qt_static_metacall :
QgsNetworkAccessManager::sslErrorsOccurred :
QgsNetworkAccessManager::onReplySslErrors :
QObject::qt_static_metacall :
QNetworkReply::sslErrors :
QTcpServer::proxy :
QObject::event :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QCoreApplicationPrivate::sendPostedEvents :
qt_plugin_query_metadata :
QEventDispatcherWin32::processEvents :
qt_plugin_query_metadata :
QgisApp::QgisApp :
main :
BaseThreadInitThunk :
RtlUserThreadStart :
QGIS Info QGIS Version: 3.28.6-Firenze QGIS code revision: 868c9fa03b Compiled against Qt: 5.15.3 Running against Qt: 5.15.3 Compiled against GDAL: 3.6.4 Running against GDAL: 3.6.4
System Info CPU Type: x86_64 Kernel Type: winnt Kernel Version: 10.0.14393
Similar problem with QGIS 3.30.2 running under Mac OS X 10.13.6 (High Sierra).
Intermittently (maybe 1 of 3 starts) at start-up I see an error message:
https://plugins.qgis.org/plugins/plugins.xml?qgis=3.30
I simply click on "Ignore" and QGIS functions normally. So, not a serious problem but it is an indication that something is amiss...
Same problem here with QGIS 3.28.6 (on Windows Server 2012 R2):
SSL Errors occurred accessing URL: https://plugins.qgis.org/plugins/plugins.xml?qgis=3.28 Unable to Get Local Issuer Certificate: The issuer certificate of a locally looked up certificate could not be found
When I then click on the Connection Trusted CAs button, a separate Trusted Certificate Authorities window opens. In this list the GTS Root R4 entry is missing, which according to my browser (Edge) is the root certificate to use with the URL above.
When I launch certmgr.msc
, I can see the GTS Root R4 entry, so it's actually present on my machine. It has the SHA-1 fingerprint 2a 1d 60 27 d9 4a b1 0a 1c 4d 91 5c cd 33 a0 cb 3e 2d 54 cb
. However, from https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/lAu1_S48RAA I understand that this root CA certificate has been changed in some way back in 2021 (new SHA-1 fingerprint 77 D3 03 67 B5 E0 0C 15 F6 0C 38 61 DF 7C E1 3B 92 46 4D 47
).
So I assume that for some reason Edge doesn't see any problem with the old root CA certificate, while QGIS (Qt?) does. Does someone have any deeper knowledge on this topic? Maybe @jef-n ?
Gathered some more info on this:
Go to the Authentication section of the Settings window. Then click on the Manage Certificates button which opens the Certificate Manager window. In the list on the Authorities tab the GTS Root R4 certificate is now actually listed.
However, when I select this entry and click on the blue Info button to the right, QGIS crashes (report see below).
I have compared some of those root CA certificates, and GTS Root R4 seems to be the only one on my system using the ecdsa-with-SHA384 algorithm. And in the source code I found the following comment regarding the Elliptic Curve algorithm: https://github.com/qgis/QGIS/blob/5064b26564539b7510a2b145d658a84603880351/src/gui/auth/qgsauthcertificateinfo.cpp#L699
So I suspect that the bug we encounter when launching QGIS has something to do with the algorithm used by GTS Root R4. @dakcarto does this make sense? Any hope that in the meantime Qt supports Elliptic Curve keys?
Report Details
Python Stack Trace
Windows fatal exception: access violation
Current thread 0x0000bdd0 (most recent call first):
<no Python frame>
Stack Trace
QCA::DHPublicKey::DHPublicKey :
QCA::DHPublicKey::DHPublicKey :
QCA::DHPublicKey::DHPublicKey :
QgsAuthCertInfo::populateInfoDetailsSection :
QgsAuthCertInfo::updateCurrentCertInfo :
QgsAuthCertInfo::currentCertItemChanged :
QObject::qt_static_metacall :
QTreeWidget::qt_static_metacall :
QObject::qt_static_metacall :
QItemSelectionModel::setCurrentIndex :
QTreeWidget::setCurrentItem :
QgsAuthCertInfo::setCertHierarchy :
QgsAuthCertInfo::QgsAuthCertInfo :
QgsAuthCertInfoDialog::QgsAuthCertInfoDialog :
QgsAuthAuthoritiesEditor::showCertInfo :
QgsAuthAuthoritiesEditor::btnInfoCa_clicked :
QObject::qt_static_metacall :
QAbstractButton::clicked :
QAbstractButton::click :
QAbstractButton::mouseReleaseEvent :
QToolButton::mouseReleaseEvent :
QWidget::event :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QApplicationPrivate::sendMouseEvent :
QSizePolicy::QSizePolicy :
QSizePolicy::QSizePolicy :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QGuiApplicationPrivate::processMouseEvent :
QWindowSystemInterface::sendWindowSystemEvents :
QEventDispatcherWin32::processEvents :
qt_plugin_query_metadata :
QEventLoop::exec :
QDialog::exec :
QgsAuthEditorWidgets::btnCertManager_clicked :
QObject::qt_static_metacall :
QAbstractButton::clicked :
QAbstractButton::click :
QAbstractButton::mouseReleaseEvent :
QWidget::event :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QApplicationPrivate::sendMouseEvent :
QSizePolicy::QSizePolicy :
QSizePolicy::QSizePolicy :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QGuiApplicationPrivate::processMouseEvent :
QWindowSystemInterface::sendWindowSystemEvents :
QEventDispatcherWin32::processEvents :
qt_plugin_query_metadata :
QEventLoop::exec :
QDialog::exec :
QgisApp::showOptionsDialog :
QgisApp::options :
QObject::qt_static_metacall :
QAction::activate :
QMenu::actionGeometry :
QMenu::actionGeometry :
QMenu::mouseReleaseEvent :
QWidget::event :
QMenu::event :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QApplicationPrivate::sendMouseEvent :
QSizePolicy::QSizePolicy :
QSizePolicy::QSizePolicy :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QGuiApplicationPrivate::processMouseEvent :
QWindowSystemInterface::sendWindowSystemEvents :
QEventDispatcherWin32::processEvents :
qt_plugin_query_metadata :
QEventLoop::exec :
QCoreApplication::exec :
main :
BaseThreadInitThunk :
RtlUserThreadStart :
QGIS Info QGIS Version: 3.28.6-Firenze QGIS code revision: 868c9fa03b Compiled against Qt: 5.15.3 Running against Qt: 5.15.3 Compiled against GDAL: 3.6.4 Running against GDAL: 3.6.4
System Info CPU Type: x86_64 Kernel Type: winnt Kernel Version: 6.3.9600
My previous comment https://github.com/qgis/QGIS/issues/53155#issuecomment-1625331938 is probably not relevant for the present issue.
However, I asked my IT department to replace the GTS Root R4 root certificate with the newer one. Unfortunately from certmgr.msc
I can't confirm that they indeed placed the new one now. It rather seems that they reinstalled the original one. But at least the error message has disappeared now, so even reinstalling the original one seems to solve the issue.
So my recommendation to other users is to replace the GTS Root R4 root certificate with the newer one from https://pki.goog/repository/ (or to reinstall the original one).
Anybody can confirm this?
Well, things are maybe even different: My browser (Edge) now shows that the root certificate for plugins.qgis.org is GlobalSign Root CA with GTS Root R1 as an intermediate certificate in the certificate chain. So possibly it was just thanks to this change that the error message has disappeared...
Is this still an issue with the latest versions? No crash here on Windows with latest nightly and LTR.
Is this still an issue with the latest versions? No crash here on Windows with latest nightly and LTR.
I can only speak for 3.28.6 that I don't have this problem anymore. Maybe because we reinstalled the root certificates, or maybe something with the certificate/certificate chain has been changed on the plugins.qgis.org web server in July, which fixed the issue.
Problem no longer occurs here. No local actions taken, problem just went away. Running QGIS 3.30.3 under Mac OS X 10.13.6 (High Sierra) Also checked 3.28.4 LTR, no issues.
What is the bug or the crash?
Upon launching QGIS, before the main QGIS application window could appear, a dialog box displayed with "QGIS ended unexpectedly". Another dialog box showed information about "SSL Errors occurred accessing URL".
I quit and restarted QGIS, and it started OK. It seems that the issue is not stopping me from using QGIS, but I thought it was best to report it.
Report Details
Steps to reproduce the issue
Upon startup
Versions
Supported QGIS version
New profile
Additional context
No response