Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL not working in 2.4.0 running on Linux #1438

Open
elhennig opened this issue Nov 18, 2021 · 6 comments
Open

SSL not working in 2.4.0 running on Linux #1438

elhennig opened this issue Nov 18, 2021 · 6 comments

Comments

@elhennig
Copy link

What happened?

I upgraded barrier to 2.4.0 on the Linux client and server (both packages came from opensuse build service) and after that the client stated in the log the the server certificate fingerprint could not be verified.
Current workaround is to switch off SSL

Version

v2.4.0

Git commit hash (if applicable)

No response

If applicable, where did you install Barrier from?

OpenSUSE Build service

What OSes are you seeing the problem on? (Check all that apply)

Linux

What OS versions are you using?

OpenSIUSE Leap 15.3

Relevant log output

Client:
[2021-11-18T08:12:51] ERROR: failed to verify server certificate fingerprint

Server:
[2021-11-18T08:12:51] INFO: OpenSSL 1.1.1d  10 Sep 2019
	/data/software/Tools/barrier/src/lib/net/SecureSocket.cpp,853
[2021-11-18T08:12:51] INFO: accepted secure socket
	/data/software/Tools/barrier/src/lib/net/SecureSocket.cpp,447
[2021-11-18T08:12:51] INFO: TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
	/data/software/Tools/barrier/src/lib/net/SecureSocket.cpp,869
[2021-11-18T08:12:51] NOTE: accepted client connection
	/data/software/Tools/barrier/src/lib/server/ClientListener.cpp,152
[2021-11-18T08:13:06] NOTE: new client disconnected

Any other information

No response
@ailabktw
Copy link

I got same issue on Windows10, 11

@elhennig
Copy link
Author

I just tried, if this works, if I build the tool on the server and the client from source. However the behavior is the same as with the rpm package from OBS.

@ExpandingMan
Copy link

I'm having similar issues. The GUI doesn't seem to want to generate the keys it just says "SSL disabled". I tried deleting all of the configs and keys but this did not help.

@albertony
Copy link

I think this is fixed by #1425

@ExpandingMan
Copy link

I worked around this on 2.4 by following the documentation for generating the key, though it was not without incident, see here.

I do however still need --disable-client-cert-checking, which I can't seem to get working. There doesn't appear to be any documentation on that, and the GUI doesn't seem to want to handle it correctly for me.

@albertony
Copy link

I have a pull request updating the documentation: debauchee/barrier-wiki#8

You can see the new docs here: https://github.com/debauchee/barrier-wiki/blob/f5f2751243f2af084f42ed5b50d676b538f6d81e/Command-Line.md#ssl_config

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ExpandingMan @albertony @elhennig @ailabktw