Closed GoogleCodeExporter closed 9 years ago
Hi,
The user uses which client version? Just one particular user or all users?
Original comment by fatbob.s...@gmail.com
on 21 Mar 2011 at 10:11
Ok so the client version info was given in the subject line. Missed that...
How did you come to the conclusion that the 1.2.3 client identifies uMurmur as
v 1.1? Have you tried connecting with a lower client version, e.g. 1.2.2?
I don't think it's a bug since it's working fine for me here. What OS, CPU etc)
are you running this on?
Original comment by fatbob.s...@gmail.com
on 21 Mar 2011 at 10:18
I did some debug on my own.
As I said earlier, I used PolarSSL 0.14.2.
I tried to rebuild using PolarSSL 0.14.0 and it just worked fine.
Maybe it's a bug in latest PolarSSL or maybe something changed in the way to
use PolarSSL.
Maybe I missed something compiling latest PolarSSL but I doubt that as I have
no compilation errors.
That's Mumble client identifying uMurmur as 1.1. Same detection for 1.2.3 and
1.2.2 clients.
The line "WARN: SSL handshake failed: -3968" was a clue.
Original comment by DiaoulAel
on 21 Mar 2011 at 10:23
I confirmed the error here. Will look into the difference between polarssl
0.14.0 and 0.14.2.
Original comment by fatbob.s...@gmail.com
on 22 Mar 2011 at 9:05
Some research revealed that it is PolarSSL's built-in test certificate that
makes the Mumble client think that the server is a v1.1. Mumble then closes the
connection which results in the SSL handshake failure reported by uMurmur. The
built-in test certificates were updated in PolarSSL in v0.14.2. On the other
hand, a self-generated key and certificate read from file works just fine with
0.14.2.
The obvious workaround to this problem is to generate RSA key and SSL
certificate files as described in the wiki. I'll think about how to workaround
this long-term in uMurmur, but I don't consider this being critical since using
a self-generated key and cert is the recommended way.
Original comment by fatbob.s...@gmail.com
on 22 Mar 2011 at 8:53
Anyway, many users want to try it without generating certificates and that
would result in a failure.
Creating a certificate, even by following a wiki, will always be hard for
common users. I'll have to think about how to get this part of the process
easier.
BTW, do you think uMurmur can run with upcoming 1.0 PolarSSL ?
Original comment by DiaoulAel
on 22 Mar 2011 at 9:52
I guess so... It's not hard to do a quick workaround in the code by creating an
own test cert and key, but I'd rather find out why the PolarSSL provided test
cert and key don't work...
The attached patch contains the mentioned workaround. Just tested it and it
seems to work fine.
I haven't checked but if the API is the same it should 'just work' with 1.0.
Original comment by fatbob.s...@gmail.com
on 22 Mar 2011 at 10:26
Attachments:
http://polarssl.org/forum_view_topic?topic_id=129
Original comment by fatbob.s...@gmail.com
on 23 Mar 2011 at 3:40
Bad test cert in PolarSSL 0.14.2. Fixed in 0.14.3.
Original comment by fatbob.s...@gmail.com
on 16 Apr 2011 at 8:18
Original issue reported on code.google.com by
DiaoulAel
on 21 Mar 2011 at 8:57