[Freedombox-pkg-team] Bug#863740: pagekite: Fail to connect to pagekite, claim invalid ssl cert

Petter Reinholdtsen pere at hungry.com
Tue May 30 19:51:21 UTC 2017 

Package: pagekite
Version: 0.5.9.0-1

My pagekite instance on my Debian Stretch based Freedombox fail to
connect to the pagekite service.  This is the log messages I get, notice
the 'certificate verify failed' part:

root at freedombox:~# tail -20 /var/log/pagekite/pagekite.log
ts=592dc614; t=2017-05-30T19:20:52; ll=4d; debug=TunnelManager: problem=2, connecting=2
ts=592dc62a; t=2017-05-30T19:21:14; ll=4e; debug=Pinged 180.235.133.100:443: 0.426222 [win=3, uuid=012343e74daca97d7ae1eed90ddd65afe78cbda6]
ts=592dc62a; t=2017-05-30T19:21:14; ll=4f; debug=Pinged 180.235.133.100:443: 0.429669 [win=3, uuid=012343e74daca97d7ae1eed90ddd65afe78cbda6]
ts=592dc62a; t=2017-05-30T19:21:14; ll=50; debug=Pinged 180.235.133.100:443: 0.439536 [win=3, uuid=012343e74daca97d7ae1eed90ddd65afe78cbda6]
ts=592dc62a; t=2017-05-30T19:21:14; ll=51; debug=Pinged 88.198.106.222:443: 1.093084 [win=3, uuid=d77a1308f7feac3a16af832d527c81bb2c456d33]
ts=592dc62a; t=2017-05-30T19:21:14; ll=52; debug=Pinged 52.58.49.54:443: 0.176134 [win=3, uuid=cb7deaf9bb554a389053dee2e10b0bcd2c6dee6d]
ts=592dc62a; t=2017-05-30T19:21:14; ll=53; debug=Pinged 54.84.55.54:443: 0.313137 [win=3, uuid=89a1cca99ea351eb6ee95462663935db2b3f196c]
ts=592dc62a; t=2017-05-30T19:21:14; ll=54; debug=Pinged 54.183.178.65:443: 0.396083 [win=3, uuid=fd864320481f56b934b221839c7f56f8940dd4e4]
ts=592dc62a; t=2017-05-30T19:21:14; ll=55; debug=Pinged 13.54.10.122:443: 0.654999 [win=3, uuid=e47cbe5a922cc80a16868616f0eb43fa85924e6e]
ts=592dc62a; t=2017-05-30T19:21:14; ll=56; debug=Pinged 139.162.5.63:443: 0.752239 [win=3, uuid=6dfce8e23ed66554ab59a190471a2c0e0e3718b8]
ts=592dc62a; t=2017-05-30T19:21:14; ll=57; debug=Preferred: 52.58.49.54:443
ts=592dc62a; t=2017-05-30T19:21:14; ll=58; debug=Connecting to 52.58.49.54:443; id=s4
ts=592dc62a; t=2017-05-30T19:21:14; ll=59; debug=Connecting to 180.235.133.100:443; id=s5
ts=592dc62b; t=2017-05-30T19:21:15; ll=5a; err=Error in connect: Traceback (most recent call last):   File "/usr/lib/python2.7/dist-packages/pagekite/proto/conns.py", line 471, in _BackEnd     data, parse = self._Connect(server, conns)   File "/usr/lib/python2.7/dist-packages/pagekite/proto/conns.py", line 331, in _Connect     self.fd.connect((sspec[0], int(sspec[1])))   File "/usr/lib/python2.7/dist-packages/sockschain/__init__.py", line 1017, in connect     anonymous=(proxy[P_TYPE] == PROXY_TYPE_SSL_ANON))   File "/usr/lib/python2.7/dist-packages/sockschain/__init__.py", line 929, in __negotiatessl     connected=True, verify_names=want_hosts)   File "/usr/lib/python2.7/dist-packages/sockschain/__init__.py", line 118, in SSL_Connect     if verify_names: nsock.do_handshake()   File "/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 1426, in do_handshake     self._raise_ssl_error(self._ssl, result)   File "/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 1174, in _raise_ssl_error     _raise_current_error()   File "/usr/lib/python2.7/dist-packages/OpenSSL/_util.py", line 48, in exception_from_error_queue     raise exception_type(errors) Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]
ts=592dc62b; t=2017-05-30T19:21:15; ll=5b; err=Server response parsing failed: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]; id=s4
ts=592dc62b; t=2017-05-30T19:21:15; ll=5c; eof=1; id=s4
ts=592dc62b; t=2017-05-30T19:21:15; ll=5d; err=Error in connect: Traceback (most recent call last):   File "/usr/lib/python2.7/dist-packages/pagekite/proto/conns.py", line 471, in _BackEnd     data, parse = self._Connect(server, conns)   File "/usr/lib/python2.7/dist-packages/pagekite/proto/conns.py", line 331, in _Connect     self.fd.connect((sspec[0], int(sspec[1])))   File "/usr/lib/python2.7/dist-packages/sockschain/__init__.py", line 1017, in connect     anonymous=(proxy[P_TYPE] == PROXY_TYPE_SSL_ANON))   File "/usr/lib/python2.7/dist-packages/sockschain/__init__.py", line 929, in __negotiatessl     connected=True, verify_names=want_hosts)   File "/usr/lib/python2.7/dist-packages/sockschain/__init__.py", line 118, in SSL_Connect     if verify_names: nsock.do_handshake()   File "/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 1426, in do_handshake     self._raise_ssl_error(self._ssl, result)   File "/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 1174, in _raise_ssl_error     _raise_current_error()   File "/usr/lib/python2.7/dist-packages/OpenSSL/_util.py", line 48, in exception_from_error_queue     raise exception_type(errors) Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]
ts=592dc62b; t=2017-05-30T19:21:15; ll=5e; err=Server response parsing failed: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]; id=s5
ts=592dc62b; t=2017-05-30T19:21:15; ll=5f; eof=1; id=s5
ts=592dc62b; t=2017-05-30T19:21:15; ll=60; debug=TunnelManager: problem=2, connecting=2
root at freedombox:~#

I found a message suggesting to add this to
/etc/pagekite.d/20_frontends.rc, but it did not have any impact:

diff --git a/pagekite.d/20_frontends.rc b/pagekite.d/20_frontends.rc
index d0604ae..55d9d8b 100644
--- a/pagekite.d/20_frontends.rc
+++ b/pagekite.d/20_frontends.rc
@@ -7,6 +7,7 @@
 
 # Use the pagekite.net service defaults.
 defaults
+ca_certs=/etc/ssl/certs/ca-certificates.crt
 
 # If you want to use your own, use something like:
 #     frontend = hostname:port

Anyone else seeing this?  Any clues what is wrong?

-- 
Happy hacking
Petter Reinholdtsen

More information about the Freedombox-pkg-team mailing list