Comments (24)
Thanks for the heads up. Is this a standard Murmur, or is there something exotic about your setup? I'm just curious why this happens on your server only (seemingly). :)
I'll force TLS 1.0 for now. Do you have a hostname:port I can test this on? (I don't need credentials, I just need to do a TLS handshake). A PM will do.
from mumble-iphoneos.
I had a look at this. The iOS app already forces itself to use TLSv1 using the keys described in the technical note above.
Anyway, I'm still interested in a hostname:port to debug this, or a description of a configuration to reproduce this.
from mumble-iphoneos.
vps.neverstops.com.br:64738 it's a standard murmur on a ubuntu 10.10 (running on OpenVZ, this is the only non standard thing)
from mumble-iphoneos.
I just tried this on my iPhone, and couldn't reproduce.
The -9806 error simply means errSSLClosedAbort, which could be any TLS abort.
Does it work without the certificate from your computer? (And is that a Mumble generated certificate, or a CA-signed one?)
from mumble-iphoneos.
I'm using a Comodo Free Email Certificate (http://www.comodo.com/home/email-security/free-email-certificate.php) for it, and not the Mumble generated one.
As you asked me, the mobile generated certificate (from MumbleApp), works fine.
from mumble-iphoneos.
Have you been able to reproduce the problem using a Comodo certificate? Please tell me if there is any way I can debug it locally, I do have a Macbook and can download/install iOS SDK
from mumble-iphoneos.
My apologies for the letting the ticket sit for 5 days, Brodock. I'll have a look later today.
Do you have any way of testing this on your own device? If not, PM or email me your device's UDID and I'll add you as a beta tester, so you can actually use the fix.
from mumble-iphoneos.
I've tracked this down. I can successfully connect to the server once I send the whole certificate chain. (Only the leaf certificate is being sent as-is with the 1.0 client.)
An inconvenient little oversight on my part. I had hoped (and thought) that storing a SecIdentityRef to the iOS app's keychain would also store the rest of the chain. That seems not to be the case.
from mumble-iphoneos.
BTW, are you positive that the chain is also accepted when you connect with your desktop client?
I'm seeing the same behavior there, as on the iOS client.
from mumble-iphoneos.
2012-03-21 10:48:15.632 1 => 91:(-1) Strong certificate for <...> (signed by UTN-USERFirst-Client Authentication and Email)
Well mumble-server log seems to accept my certificate as a "Strong" (I believe it means valid one).
Also using the information you gave me about the problem, it seens that the problem was in fact related with CA chain, as, trying to connect with MumbleApp and copying the log I get:
2012-03-21 10:55:05.172 1 => 94:(-1) New connection: ...:62318
2012-03-21 10:55:06.230 1 => 94:(-1) SSL Error: The root CA certificate is not trusted for this purpose
2012-03-21 10:55:06.232 1 => 94:(-1) SSL Error: No certificates could be verified
2012-03-21 10:55:06.233 1 => 94:(-1) Connection closed: [-1]
from mumble-iphoneos.
How have you imported the certificate into the desktop app? Are you on Linux, OS X or Windows?
from mumble-iphoneos.
Nevermind, the PKCS12 file that I export from Keychain contains something very disturbing...
from mumble-iphoneos.
Aha, it turns out that the chain was just longer than I expected. The chain I exported as .p12 to the iOS client worked fine on there, but was missing one of the intermediates (which is apparently bundled on iOS). Once I built a correct chain, desktop app works fine as well.
OK. The issue is as the title says, and I hope to implement it today.
from mumble-iphoneos.
OK, committed a fix for this. You'll have to re-import your .p12 file in order for the whole chain to be present, though.
Can you confirm whether or not this works for you? I've sent beta details to you via email.
from mumble-iphoneos.
I have a fresh install of murmur on ubuntu and am seeing the same issue. Comodo issued cert works on Mac client, fails on iOS client.
from mumble-iphoneos.
It's (sort of) fixed in the repo. I've just discovered some issues that I'll need to weed out.
from mumble-iphoneos.
Tried again with Self-Signed Cert and it worked properly.
from mumble-iphoneos.
I believe this is fixed in Git now, with 187cce4. I'll build a beta snapshot shortly.
from mumble-iphoneos.
Closing this as fixed, since no one has reported otherwise.
from mumble-iphoneos.
Hi guys,
I have the same issues using Mumble 1.0 on iOS 5.1 and a fresh installed murmurd 1.2.2-6+squeeze1 on Debian Squeeze (installed from distro repo).
When using Mumble 1.2.3 on Windows 7 with StartSSL.com Client-Certificate there is no problem.
When using Mumble 1.0 on iOS 5.1 with the same client-certificate it does not work.
Log with Windows Client Login:
<W>2012-04-06 18:03:05.203 Initializing settings from /etc/mumble-server.ini (basepath /etc)
<C>2012-04-06 18:03:05.204 Adding 1 CA certificates from certificate file.
<W>2012-04-06 18:03:05.215 SSL: Added CA certificates from '/etc/ssl/certs/ca-certificates.crt'
<C>2012-04-06 18:03:05.220 Successfully switched to uid 113
<W>2012-04-06 18:03:05.223 ServerDB: Openend SQLite database /var/lib/mumble-server/mumble-server.sqlite
<W>2012-04-06 18:03:05.225 Resource limits were 0 0
<W>2012-04-06 18:03:05.225 Successfully dropped capabilities
<W>2012-04-06 18:03:05.229 DBus registration succeeded
<W>2012-04-06 18:03:05.230 MurmurIce: Endpoint "tcp -h 127.0.0.1 -p 6502" running
<W>2012-04-06 18:03:05.231 OSInfo: Failed to execute lsb_release
<W>2012-04-06 18:03:05.231 Murmur 1.2.2 (1.2.2-6+squeeze1) running on X11: Linux 2.6.32-5-amd64: Booting servers
<W>2012-04-06 18:03:05.241 1 => Server listening on [::]:64738
<W>2012-04-06 18:03:05.250 1 => Announcing server via bonjour
<W>2012-04-06 18:03:39.116 1 => <1:(-1)> New connection: 80.145.38.251:54795
<W>2012-04-06 18:03:39.531 1 => <1:(-1)> Strong certificate for [email protected] <[email protected]> (signed by StartCom Certification Authority)
<W>2012-04-06 18:03:39.607 1 => <1:(-1)> Client version 1.2.3 (Win: 1.2.3)
<W>2012-04-06 18:03:39.618 1 => Starting voice thread
<W>2012-04-06 18:03:39.623 1 => CELT codec switch ffffffff80000010 0 (prefer ffffffff80000010)
<W>2012-04-06 18:03:39.634 1 => <1:M3d1c5(1)> Authenticated
<C>2012-04-06 18:04:02.310 Caught SIGTERM, exiting
<W>2012-04-06 18:04:02.310 Killing running servers
<W>2012-04-06 18:04:02.317 1 => Stopped announcing server via bonjour
<W>2012-04-06 18:04:02.320 1 => Stopped
<W>2012-04-06 18:04:02.320 Shutting down
<W>2012-04-06 18:04:02.320 MurmurIce: Shutdown complete
Log with iOS Client Login:
<W>2012-04-06 18:05:17.276 Initializing settings from /etc/mumble-server.ini (basepath /etc)
<C>2012-04-06 18:05:17.277 Adding 1 CA certificates from certificate file.
<W>2012-04-06 18:05:17.287 SSL: Added CA certificates from '/etc/ssl/certs/ca-certificates.crt'
<C>2012-04-06 18:05:17.308 Successfully switched to uid 113
<W>2012-04-06 18:05:17.311 ServerDB: Openend SQLite database /var/lib/mumble-server/mumble-server.sqlite
<W>2012-04-06 18:05:17.316 Resource limits were 0 0
<W>2012-04-06 18:05:17.317 Successfully dropped capabilities
<W>2012-04-06 18:05:17.319 DBus registration succeeded
<W>2012-04-06 18:05:17.320 MurmurIce: Endpoint "tcp -h 127.0.0.1 -p 6502" running
<W>2012-04-06 18:05:17.321 OSInfo: Failed to execute lsb_release
<W>2012-04-06 18:05:17.321 Murmur 1.2.2 (1.2.2-6+squeeze1) running on X11: Linux 2.6.32-5-amd64: Booting servers
<W>2012-04-06 18:05:17.336 1 => Server listening on [::]:64738
<W>2012-04-06 18:05:17.342 1 => Announcing server via bonjour
<W>2012-04-06 18:05:30.705 1 => <1:(-1)> New connection: 80.145.38.251:52982
<W>2012-04-06 18:05:32.497 1 => <1:(-1)> SSL Error: The root CA certificate is not trusted for this purpose
<W>2012-04-06 18:05:32.503 1 => <1:(-1)> SSL Error: No certificates could be verified
<W>2012-04-06 18:05:32.511 1 => <1:(-1)> Connection closed: [-1]
<C>2012-04-06 18:05:42.828 Caught SIGTERM, exiting
<W>2012-04-06 18:05:42.828 Killing running servers
<W>2012-04-06 18:05:42.837 1 => Stopped announcing server via bonjour
<W>2012-04-06 18:05:42.842 1 => Stopped
<W>2012-04-06 18:05:42.842 Shutting down
<W>2012-04-06 18:05:42.842 MurmurIce: Shutdown complete
The problems occur on the server twattle.net:64738. But I have the same problems with the server mumble.piratenpartei-nrw.de:64738.
Christian
from mumble-iphoneos.
Hi M3d1c5,
This is fixed in the repo, and in the latest beta builds,
Hang on a little longer, and verison 1.1. will appear on the App Store.
Until then, I can only suggest you to use a temporary self-signed certificate.
Mikkel
from mumble-iphoneos.
Thank you for this information. :-)
Mikkel Krautz
mailto:[email protected]
Freitag, 6. April 2012 18:42
Hi M3d1c5,This is fixed in the repo, and in the latest beta builds,
Hang on a little longer, and verison 1.1. will appear on the App Store.
Until then, I can only suggest you to use a temporary self-signed
certificate.Mikkel
Reply to this email directly or view it on GitHub:
#47 (comment)
from mumble-iphoneos.
just to confirm, it's working fine now :)
from mumble-iphoneos.
Excellent. Thanks!
from mumble-iphoneos.
Related Issues (20)
- Cut a new release for iOS HOT 3
- iOS 11 incompatible with 32 bit apps HOT 8
- Bug list for new 1.3.1 release HOT 8
- There is no transition when connecting to a server, like there was previously
- Popping Sound Bug on iOS 11.2.5
- How to build the app with Xcode 10?
- Siri
- Option to use speakers while external 4-pin microphone is inside the 3.5 jack
- mic input very poor on bluetooth HOT 1
- "Self-mute" does not always work.
- iOS app - iRig not handled well. HOT 5
- Continuous mode not sending audio to server
- Looking for new project maintainers HOT 26
- Microphone support appears to have stopped working HOT 1
- Cannot build the project due to invalid .pch file HOT 7
- Add a note that this is unmaintained HOT 1
- Want to be lead iOS dev HOT 1
- Bluetooth 4.0 / BLE PTT Support HOT 2
- App-Scaling HOT 2
- Crashes and high CPU on iOS10 HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mumble-iphoneos.