search

qgis / QGIS

QGIS is a free, open source, cross platform (lin/win/mac) geographical information system (GIS)
https://qgis.org
GNU General Public License v2.0
10.37k stars 2.98k forks source link

Crash on launch: Unable to Get Local Issuer Certificate #53155

Closed simonokeefe closed 10 months ago

simonokeefe commented 1 year ago

What is the bug or the crash?

Upon launching QGIS, before the main QGIS application window could appear, a dialog box displayed with "QGIS ended unexpectedly". Another dialog box showed information about "SSL Errors occurred accessing URL".

image

I quit and restarted QGIS, and it started OK. It seems that the issue is not stopping me from using QGIS, but I thought it was best to report it.

Report Details

Python Stack Trace
Windows fatal exception: code 0xc0000139

Thread 0x00003aa8 (most recent call first):

Windows fatal exception: code 0xc0000139

Thread 0x00003aa8 (most recent call first):

Windows fatal exception: access violation

Current thread 0x00003aa8 (most recent call first):

Stack Trace

QCA::DHPublicKey::DHPublicKey :
QCA::DHPublicKey::DHPublicKey :
QCA::DHPublicKey::DHPublicKey :
QgsAuthCertInfo::populateInfoDetailsSection :
QgsAuthCertInfo::updateCurrentCertInfo :
QgsAuthCertInfo::currentCertItemChanged :
QObject::qt_static_metacall :
QTreeWidget::qt_static_metacall :
QObject::qt_static_metacall :
QItemSelectionModel::setCurrentIndex :
QTreeWidget::setCurrentItem :
QgsAuthCertInfo::setCertHierarchy :
QgsAuthCertInfo::QgsAuthCertInfo :
QgsAuthCertInfoDialog::QgsAuthCertInfoDialog :
QgsAuthSslErrorsDialog::showCertificateChainInfo :
QObject::qt_static_metacall :
QAbstractButton::clicked :
QAbstractButton::click :
QAbstractButton::mouseReleaseEvent :
QToolButton::mouseReleaseEvent :
QWidget::event :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QApplicationPrivate::sendMouseEvent :
QSizePolicy::QSizePolicy :
QSizePolicy::QSizePolicy :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QGuiApplicationPrivate::processMouseEvent :
QWindowSystemInterface::sendWindowSystemEvents :
QEventDispatcherWin32::processEvents :
qt_plugin_query_metadata :
QEventLoop::exec :
QDialog::exec :
QgsAnnotationWidget::frameStyleChanged :
QgsNetworkAccessManager::handleSslErrors :
QObject::qt_static_metacall :
QgsNetworkAccessManager::sslErrorsOccurred :
QgsNetworkAccessManager::onReplySslErrors :
QObject::qt_static_metacall :
QNetworkReply::sslErrors :
QTcpServer::proxy :
QObject::event :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QCoreApplicationPrivate::sendPostedEvents :
qt_plugin_query_metadata :
QEventDispatcherWin32::processEvents :
qt_plugin_query_metadata :
QgisApp::QgisApp :
main :
BaseThreadInitThunk :
RtlUserThreadStart :

QGIS Info
QGIS Version: 3.28.6-Firenze
QGIS code revision: 868c9fa03b
Compiled against Qt: 5.15.3
Running against Qt: 5.15.3
Compiled against GDAL: 3.6.4
Running against GDAL: 3.6.4

System Info
CPU Type: x86_64
Kernel Type: winnt
Kernel Version: 10.0.22621

Steps to reproduce the issue

Upon startup

Versions

QGIS version
3.28.6-Firenze
QGIS code revision
868c9fa03b
Qt version
5.15.3
Python version
3.9.5
GDAL/OGR version
3.6.4
PROJ version
9.2.0
EPSG Registry database version
v10.082 (2023-02-06)
GEOS version
3.11.2-CAPI-1.17.2
SQLite version
3.41.1
PDAL version
2.5.2
PostgreSQL client version
unknown
SpatiaLite version
5.0.1
QWT version
6.1.6
QScintilla2 version
2.13.1
OS version
Windows 10 Version 2009
Active Python plugins
iso4app
1.4
lizmap
3.13.0
Mergin
2023.1
openlayers_plugin
2.0.0
qgis-maptiler-plugin
3.2
qgiscloud
3.8.3
qgis_resource_sharing
1.0.0
qgpt_agent_release
0.3
QuickOSM
2.2.1
slyr_community
4.0.7
SpreadsheetLayers
2.1.0
tile_plus
0.1
db_manager
0.1.20
grassprovider
2.12.99
MetaSearch
0.3.6
processing
2.12.99

Supported QGIS version

New profile

Additional context

No response

ARvanHAS commented 1 year ago

Same issue with LTR 3.28. After restart seems to work fine again.

User Feedback

Just starting up Qgis 3.28 says the plugin certificate s are not found.

Report Details

Python Stack Trace

Windows fatal exception: access violation

Current thread 0x00002ab0 (most recent call first):
<no Python frame>

Stack Trace


QCA::DHPublicKey::DHPublicKey :
QCA::DHPublicKey::DHPublicKey :
QCA::DHPublicKey::DHPublicKey :
QgsAuthCertInfo::populateInfoDetailsSection :
QgsAuthCertInfo::updateCurrentCertInfo :
QgsAuthCertInfo::currentCertItemChanged :
QObject::qt_static_metacall :
QTreeWidget::qt_static_metacall :
QObject::qt_static_metacall :
QItemSelectionModel::setCurrentIndex :
QTreeWidget::setCurrentItem :
QgsAuthCertInfo::setCertHierarchy :
QgsAuthCertInfo::QgsAuthCertInfo :
QgsAuthCertInfoDialog::QgsAuthCertInfoDialog :
QgsAuthSslErrorsDialog::showCertificateChainInfo :
QObject::qt_static_metacall :
QAbstractButton::clicked :
QAbstractButton::click :
QAbstractButton::mouseReleaseEvent :
QToolButton::mouseReleaseEvent :
QWidget::event :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QApplicationPrivate::sendMouseEvent :
QSizePolicy::QSizePolicy :
QSizePolicy::QSizePolicy :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QGuiApplicationPrivate::processMouseEvent :
QWindowSystemInterface::sendWindowSystemEvents :
QEventDispatcherWin32::processEvents :
qt_plugin_query_metadata :
QEventLoop::exec :
QDialog::exec :
QgsAnnotationWidget::frameStyleChanged :
QgsNetworkAccessManager::handleSslErrors :
QObject::qt_static_metacall :
QgsNetworkAccessManager::sslErrorsOccurred :
QgsNetworkAccessManager::onReplySslErrors :
QObject::qt_static_metacall :
QNetworkReply::sslErrors :
QTcpServer::proxy :
QObject::event :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QCoreApplicationPrivate::sendPostedEvents :
qt_plugin_query_metadata :
QEventDispatcherWin32::processEvents :
qt_plugin_query_metadata :
QgisApp::QgisApp :
main :
BaseThreadInitThunk :
RtlUserThreadStart :

QGIS Info QGIS Version: 3.28.6-Firenze QGIS code revision: 868c9fa03b Compiled against Qt: 5.15.3 Running against Qt: 5.15.3 Compiled against GDAL: 3.6.4 Running against GDAL: 3.6.4

System Info CPU Type: x86_64 Kernel Type: winnt Kernel Version: 10.0.14393

fgfletcher commented 1 year ago

Similar problem with QGIS 3.30.2 running under Mac OS X 10.13.6 (High Sierra).
Intermittently (maybe 1 of 3 starts) at start-up I see an error message: https://plugins.qgis.org/plugins/plugins.xml?qgis=3.30

I simply click on "Ignore" and QGIS functions normally. So, not a serious problem but it is an indication that something is amiss...

schmandr commented 1 year ago

Same problem here with QGIS 3.28.6 (on Windows Server 2012 R2):

SSL Errors occurred accessing URL: https://plugins.qgis.org/plugins/plugins.xml?qgis=3.28 Unable to Get Local Issuer Certificate: The issuer certificate of a locally looked up certificate could not be found

When I then click on the Connection Trusted CAs button, a separate Trusted Certificate Authorities window opens. In this list the GTS Root R4 entry is missing, which according to my browser (Edge) is the root certificate to use with the URL above. ssl errors

When I launch certmgr.msc, I can see the GTS Root R4 entry, so it's actually present on my machine. It has the SHA-1 fingerprint ‎2a 1d 60 27 d9 4a b1 0a 1c 4d 91 5c cd 33 a0 cb 3e 2d 54 cb. However, from https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/lAu1_S48RAA I understand that this root CA certificate has been changed in some way back in 2021 (new SHA-1 fingerprint 77 D3 03 67 B5 E0 0C 15 F6 0C 38 61 DF 7C E1 3B 92 46 4D 47).

So I assume that for some reason Edge doesn't see any problem with the old root CA certificate, while QGIS (Qt?) does. Does someone have any deeper knowledge on this topic? Maybe @jef-n ?

schmandr commented 1 year ago

Gathered some more info on this:

Go to the Authentication section of the Settings window. Then click on the Manage Certificates button which opens the Certificate Manager window. In the list on the Authorities tab the GTS Root R4 certificate is now actually listed. certificate manager

However, when I select this entry and click on the blue Info button to the right, QGIS crashes (report see below).

I have compared some of those root CA certificates, and GTS Root R4 seems to be the only one on my system using the ecdsa-with-SHA384 algorithm. And in the source code I found the following comment regarding the Elliptic Curve algorithm: https://github.com/qgis/QGIS/blob/5064b26564539b7510a2b145d658a84603880351/src/gui/auth/qgsauthcertificateinfo.cpp#L699

So I suspect that the bug we encounter when launching QGIS has something to do with the algorithm used by GTS Root R4. @dakcarto does this make sense? Any hope that in the meantime Qt supports Elliptic Curve keys?

Report Details

Python Stack Trace

Windows fatal exception: access violation

Current thread 0x0000bdd0 (most recent call first):
<no Python frame>

Stack Trace


QCA::DHPublicKey::DHPublicKey :
QCA::DHPublicKey::DHPublicKey :
QCA::DHPublicKey::DHPublicKey :
QgsAuthCertInfo::populateInfoDetailsSection :
QgsAuthCertInfo::updateCurrentCertInfo :
QgsAuthCertInfo::currentCertItemChanged :
QObject::qt_static_metacall :
QTreeWidget::qt_static_metacall :
QObject::qt_static_metacall :
QItemSelectionModel::setCurrentIndex :
QTreeWidget::setCurrentItem :
QgsAuthCertInfo::setCertHierarchy :
QgsAuthCertInfo::QgsAuthCertInfo :
QgsAuthCertInfoDialog::QgsAuthCertInfoDialog :
QgsAuthAuthoritiesEditor::showCertInfo :
QgsAuthAuthoritiesEditor::btnInfoCa_clicked :
QObject::qt_static_metacall :
QAbstractButton::clicked :
QAbstractButton::click :
QAbstractButton::mouseReleaseEvent :
QToolButton::mouseReleaseEvent :
QWidget::event :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QApplicationPrivate::sendMouseEvent :
QSizePolicy::QSizePolicy :
QSizePolicy::QSizePolicy :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QGuiApplicationPrivate::processMouseEvent :
QWindowSystemInterface::sendWindowSystemEvents :
QEventDispatcherWin32::processEvents :
qt_plugin_query_metadata :
QEventLoop::exec :
QDialog::exec :
QgsAuthEditorWidgets::btnCertManager_clicked :
QObject::qt_static_metacall :
QAbstractButton::clicked :
QAbstractButton::click :
QAbstractButton::mouseReleaseEvent :
QWidget::event :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QApplicationPrivate::sendMouseEvent :
QSizePolicy::QSizePolicy :
QSizePolicy::QSizePolicy :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QGuiApplicationPrivate::processMouseEvent :
QWindowSystemInterface::sendWindowSystemEvents :
QEventDispatcherWin32::processEvents :
qt_plugin_query_metadata :
QEventLoop::exec :
QDialog::exec :
QgisApp::showOptionsDialog :
QgisApp::options :
QObject::qt_static_metacall :
QAction::activate :
QMenu::actionGeometry :
QMenu::actionGeometry :
QMenu::mouseReleaseEvent :
QWidget::event :
QMenu::event :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QApplicationPrivate::sendMouseEvent :
QSizePolicy::QSizePolicy :
QSizePolicy::QSizePolicy :
QApplicationPrivate::notify_helper :
QApplication::notify :
QgsApplication::notify :
QCoreApplication::notifyInternal2 :
QGuiApplicationPrivate::processMouseEvent :
QWindowSystemInterface::sendWindowSystemEvents :
QEventDispatcherWin32::processEvents :
qt_plugin_query_metadata :
QEventLoop::exec :
QCoreApplication::exec :
main :
BaseThreadInitThunk :
RtlUserThreadStart :

QGIS Info QGIS Version: 3.28.6-Firenze QGIS code revision: 868c9fa03b Compiled against Qt: 5.15.3 Running against Qt: 5.15.3 Compiled against GDAL: 3.6.4 Running against GDAL: 3.6.4

System Info CPU Type: x86_64 Kernel Type: winnt Kernel Version: 6.3.9600

schmandr commented 1 year ago

My previous comment https://github.com/qgis/QGIS/issues/53155#issuecomment-1625331938 is probably not relevant for the present issue.

However, I asked my IT department to replace the GTS Root R4 root certificate with the newer one. Unfortunately from certmgr.msc I can't confirm that they indeed placed the new one now. It rather seems that they reinstalled the original one. But at least the error message has disappeared now, so even reinstalling the original one seems to solve the issue.

So my recommendation to other users is to replace the GTS Root R4 root certificate with the newer one from https://pki.goog/repository/ (or to reinstall the original one).

Anybody can confirm this?

schmandr commented 1 year ago

Well, things are maybe even different: My browser (Edge) now shows that the root certificate for plugins.qgis.org is GlobalSign Root CA with GTS Root R1 as an intermediate certificate in the certificate chain. So possibly it was just thanks to this change that the error message has disappeared...

alexbruy commented 10 months ago

Is this still an issue with the latest versions? No crash here on Windows with latest nightly and LTR.

schmandr commented 10 months ago

Is this still an issue with the latest versions? No crash here on Windows with latest nightly and LTR.

I can only speak for 3.28.6 that I don't have this problem anymore. Maybe because we reinstalled the root certificates, or maybe something with the certificate/certificate chain has been changed on the plugins.qgis.org web server in July, which fixed the issue.

fgfletcher commented 10 months ago

Problem no longer occurs here. No local actions taken, problem just went away. Running QGIS 3.30.3 under Mac OS X 10.13.6 (High Sierra) Also checked 3.28.4 LTR, no issues.