Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED #3510

Closed
AZMCode opened this issue Jan 9, 2022 · 5 comments
Closed

Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED #3510

AZMCode opened this issue Jan 9, 2022 · 5 comments
Labels
Duplicate Duplicate of another issue Linux Issues specific for Linux Mono Issues specific for Mono Network Issues affecting internet connections of CKAN Support Issues that are support requests

Comments

@AZMCode
Copy link

AZMCode commented Jan 9, 2022
edited
Loading

Background

  • Operating System: Arch Linux
  • CKAN Version: 1.30.4
  • KSP Version: 1.12.3.3173
    I haven't made any manual modifications to KSP's files.

Problem

Exactly the same issue as the currently pinned issue, #3468.

Steps to reproduce
Install ckan-bin through yay
Attempt to install a mod with its primary host being spacedock (KIS and KAS yield this problem for me)
Get error'ed

Expected behavior
CKAN manages to download the mods

Error downloading KAS 1.10: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
  at /build/mono/src/mono/external/boringssl/ssl/handshake_client.c:1132
Error downloading KIS 1.29: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
  at /build/mono/src/mono/external/boringssl/ssl/handshake_client.c:1132

Further Details
Having read the pinned issue, I read the arch section on the workaround for this bug, and decided to attempt fixing it.

However, I found that the certificate being talked about here, /etc/ssl/certs/DST_Root_CA_X3.pem, does not exist at all on my system, so I could not blacklist it.
I attempted the rest of the steps, just in case my Mono install had outdated certificates, but I found that this did not fix the situation.

If I can provide further details on my install, or other related certificates in my system/blacklist folders, I will.
If it's any help, i can browse spacedock through https just fine, so there is a valid certificate for them somewhere in my system. Not sure what's going on.
@HebaruSan HebaruSan added Linux Issues specific for Linux Mono Issues specific for Mono Network Issues affecting internet connections of CKAN Support Issues that are support requests Duplicate Duplicate of another issue labels Jan 9, 2022
@HebaruSan HebaruSan changed the title [Bug] Pinned OpenSSL issue despite not having the relevant certificate at all Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED Jan 9, 2022
@AZMCode
Copy link
Author

AZMCode commented Jan 9, 2022

Update: I ran through the checklist of causes for the bug on the wiki page for SSL Certificate errors, and have verified that I am indeed running mono 6.12.0

@AZMCode
Copy link
Author

AZMCode commented Jan 9, 2022

I have now manually run through mono's Trust store and found /usr/share/.mono/certs/Trust/ski-79B459E67BB6E5E40173800888C81A58F6E99B6E008B8263BBE0634459E340D2B0CF108200.cer, which appears to be the ISRG Root X1 certificate, which is what my browser identifies as the root certificate that eventually validates spacedock.info, so there is a valid certificate in the mono trust store.

@AZMCode
Copy link
Author

AZMCode commented Jan 9, 2022

I have done the same for the expired DST Root CA X3 cert, and nowhere to be found in the mono trust store.

@AZMCode
Copy link
Author

AZMCode commented Jan 9, 2022

Is there any way I can identify which expired certificate could've caused the issue?

@AZMCode
Copy link
Author

AZMCode commented Jan 9, 2022

Wow, it, uh, started working?
Is it possible for a certificate chain to start and stop working like that?
Either way, it seems to now be irreproducible on my side.
Closing.

@AZMCode AZMCode closed this as completed Jan 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Duplicate Duplicate of another issue Linux Issues specific for Linux Mono Issues specific for Mono Network Issues affecting internet connections of CKAN Support Issues that are support requests
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@HebaruSan @AZMCode