How does nzbget handle expired/untrusted SSL certs?

Get help, report and discuss bugs.
Otacon

How does nzbget handle expired/untrusted SSL certs?

Post by Otacon » 10 Dec 2008, 13:52

Hi :)

My Usenet provider has ssl access enabled, but with an expired certificate. Compiling nzb from trunk, enabling ssl and trying a transfer gets me:

[ERROR] Could not initialize TLS-object: cannot create TLS context: error:140A90A1:lib(20):func(169):reason(161)

Is this to do with certificate problems, and if so can I override it? Or if not, can anyone make sense of that error?

Thanks :)

hugbug
Developer & Admin
Posts: 7645
Joined: 09 Sep 2008, 11:58
Location: Germany

Re: How does nzbget handle expired/untrusted SSL certs?

Post by hugbug » 10 Dec 2008, 14:24

What hardware and OS you use?
Rebuild with a different TLS-library ("./configure --with-tlslib=GnuTLS" or "./configure --with-tlslib=OpenSSL") and see what happens :)

Otacon

Re: How does nzbget handle expired/untrusted SSL certs?

Post by Otacon » 10 Dec 2008, 14:30

It's a Dell PE1950 server running Ubuntu 8.04 x64

Was originally compiled against openssl, so I installed gnutls and rebuilt against that, and I get a different error:

nzbget: ath.c:184: _gcry_ath_mutex_lock: Assertion `*lock == ((ath_mutex_t) 0)' failed.
nzbget: ath.c:184: _gcry_ath_mutex_lock: Assertion `*lock == ((ath_mutex_t) 0)' failed.
Aborted

Doesnt like that!

hugbug
Developer & Admin
Posts: 7645
Joined: 09 Sep 2008, 11:58
Location: Germany

Re: How does nzbget handle expired/untrusted SSL certs?

Post by hugbug » 10 Dec 2008, 14:42

Please limit connections to one (Server1.connections=1 in nzbget.conf) and try again with GnuTLS.

Otacon

Re: How does nzbget handle expired/untrusted SSL certs?

Post by Otacon » 10 Dec 2008, 14:45

Got a friendlier message that time:

[ERROR] Could not establish secure connection: TLS handshake failed: ASN1 parser: Element was not found.

Thanks for your help :)

hugbug
Developer & Admin
Posts: 7645
Joined: 09 Sep 2008, 11:58
Location: Germany

Re: How does nzbget handle expired/untrusted SSL certs?

Post by hugbug » 10 Dec 2008, 15:14

If I new what it means :)
May be the certificate is corrupted (not outdated, but really corrupted)? Can you download it somehow and test with some program? I'm not an expert in SSL to give better advices :(

Can you test one more time with OpenSSL and one connection to see if it makes any difference?

Otacon

Re: How does nzbget handle expired/untrusted SSL certs?

Post by Otacon » 10 Dec 2008, 15:53

Certainly, same error as in my original post though I'm afraid.

It's possible the certificate is broken in some way, I'll try and find out for sure :)

Otacon

Re: How does nzbget handle expired/untrusted SSL certs?

Post by Otacon » 10 Dec 2008, 16:25

Well I was wrong, the certificate is actually in date, but isn't issued from a trusted CA. If that's the problem can I tell the program to ignore that?

hugbug
Developer & Admin
Posts: 7645
Joined: 09 Sep 2008, 11:58
Location: Germany

Re: How does nzbget handle expired/untrusted SSL certs?

Post by hugbug » 10 Dec 2008, 17:25

I'm starting to think, that the error has nothing to do with certificate. May be it's because of 64-bit system. I didn't make testing on 64-bit.

Please do the following:
  • reconfigure with debug info and with OpenSSL: "./configure --enable-debug --with-tlslib=OpenSSL"
  • set only one connection in config file;
  • activate all LogTargets in nzbget.conf (DebugTarget=both or DebugTarget=log, etc.);
  • try to download something;
  • stop;
  • send me nzbget.log.

Otacon

Re: How does nzbget handle expired/untrusted SSL certs?

Post by Otacon » 11 Dec 2008, 10:33

WARNING: Option "PostLogKind" is obsolete. Use ProcessLogKind instead.
[DEBUG] Initializing global thread data (Thread.cpp:166:Init)
[DEBUG] Initializing global connection data (Connection.cpp:65:Init)
[DEBUG] Creating Thread (Thread.cpp:176:Thread)
[DEBUG] Creating QueueEditor (QueueEditor.cpp:67:QueueEditor)
[DEBUG] Creating QueueCoordinator (QueueCoordinator.cpp:60:QueueCoordinator)
[DEBUG] Initializing global decoder (Decoder.cpp:118:Init)
[DEBUG] Creating Thread (Thread.cpp:176:Thread)
[DEBUG] Creating Thread (Thread.cpp:176:Thread)
[DEBUG] Creating ParChecker (ParChecker.cpp:75:ParChecker)
[DEBUG] Creating PrePostProcessor (PrePostProcessor.cpp:82:PrePostProcessor)
[DEBUG] Creating Thread (Thread.cpp:176:Thread)
[DEBUG] Creating Frontend (Frontend.cpp:62:Frontend)
[DEBUG] Creating LoggableFrontend (LoggableFrontend.cpp:48:LoggableFrontend)
[DEBUG] Starting Thread (Thread.cpp:191:Start)
[DEBUG] Entering Thread-func (Thread.cpp:258:thread_handler)
[DEBUG] Entering LoggableFrontend-loop (LoggableFrontend.cpp:57:Run)
[DEBUG] Creating NZBFile (NZBFile.cpp:59:NZBFile)
[DEBUG] Creating NZBInfo (DownloadInfo.cpp:82:NZBInfo)
[DEBUG] Creating FileInfo (DownloadInfo.cpp:348:FileInfo)
[DEBUG] Creating FileInfo (DownloadInfo.cpp:348:FileInfo)
[DEBUG] Creating FileInfo (DownloadInfo.cpp:348:FileInfo)
[DEBUG] Creating FileInfo (DownloadInfo.cpp:348:FileInfo)
[DEBUG] Creating FileInfo (DownloadInfo.cpp:348:FileInfo)
[DEBUG] Creating FileInfo (DownloadInfo.cpp:348:FileInfo)
[DEBUG] Creating FileInfo (DownloadInfo.cpp:348:FileInfo)
[DEBUG] Creating FileInfo (DownloadInfo.cpp:348:FileInfo)
[DEBUG] Creating FileInfo (DownloadInfo.cpp:348:FileInfo)
[DEBUG] Creating FileInfo (DownloadInfo.cpp:348:FileInfo)
[DEBUG] Creating FileInfo (DownloadInfo.cpp:348:FileInfo)
[DEBUG] Creating FileInfo (DownloadInfo.cpp:348:FileInfo)
[DEBUG] Creating FileInfo (DownloadInfo.cpp:348:FileInfo)
[DEBUG] Creating FileInfo (DownloadInfo.cpp:348:FileInfo)
[DEBUG] Adding NZBFile to queue (QueueCoordinator.cpp:204:AddNZBFileToQueue)
[DEBUG] Notifying observers (Observer.cpp:55:Notify)
[DEBUG] PrePostProcessor: Pausing pars (PrePostProcessor.cpp:824:PausePars)
[DEBUG] QueueEditor: Pausing pars (QueueEditor.cpp:614:PausePars)
[DEBUG] Destroying NZBFile (NZBFile.cpp:73:~NZBFile)
[DEBUG] Starting Thread (Thread.cpp:191:Start)
[DEBUG] Starting Thread (Thread.cpp:191:Start)
[DEBUG] Entering Thread-func (Thread.cpp:258:thread_handler)
[DEBUG] Entering QueueCoordinator-loop (QueueCoordinator.cpp:102:Run)
[DEBUG] Entering Thread-func (Thread.cpp:258:thread_handler)
[DEBUG] Entering PrePostProcessor-loop (PrePostProcessor.cpp:124:Run)
[DEBUG] Starting new ArticleDownloader (QueueCoordinator.cpp:476:StartArticleDownload)
[DEBUG] Creating Thread (Thread.cpp:176:Thread)
[DEBUG] Creating Decoder (Decoder.cpp:52:Decoder)
[DEBUG] Creating Decoder (Decoder.cpp:52:Decoder)
[DEBUG] Creating ArticleDownloader (ArticleDownloader.cpp:62:ArticleDownloader)
[DEBUG] Starting Thread (Thread.cpp:191:Start)
[DEBUG] Entering Thread-func (Thread.cpp:258:thread_handler)
[DEBUG] Entering ArticleDownloader-loop (ArticleDownloader.cpp:121:Run)
[DEBUG] Notifying observers (Observer.cpp:55:Notify)
[DEBUG] Notification from ArticleDownloader received (QueueCoordinator.cpp:533:Update)
[DEBUG] Connecting (Connection.cpp:172:Connect)
[DEBUG] Opening connection to news.host (NNTPConnection.cpp:234:DoConnect)
[DEBUG] Do connecting (Connection.cpp:329:DoConnect)
[DEBUG] Starting TLS (Connection.cpp:647:StartTLS)
[ERROR] Could not initialize TLS-object: cannot create TLS context: error:140A90A1:lib(20):func(169):reason(161)
[DEBUG] Do disconnecting (Connection.cpp:392:DoDisconnect)
[DETAIL] Waiting 10 sec to retry

Thanks :)

Post Reply

Who is online

Users browsing this forum: No registered users and 54 guests