Deluge Web TLS not working with certificate chains

General support for problems installing or using Deluge
Jay-C
New User
New User
Posts: 8
Joined: Sat Dec 07, 2013 11:30 am
OS or Distro: Ubuntu 12.04.3

Deluge Web TLS not working with certificate chains

Postby Jay-C » Wed Jun 14, 2017 9:29 pm

Hi!

I'm going to try to keep this short. I'm trying to add a certificate chain to the deluge web UI, the subject certificate concatenated with a intermediate certificate, as is standard. I've successfully verified the separate files using the ``openssl verify" utility.

Code: Select all

$ openssl verify -verbose -CAfile root.cert.pem -untrusted intermediate.cert.pem deluge.cert.pem
deluge.cert.pem: OK


However, Firefox gives me an SEC_ERROR_UNKNOWN_ISSUER error. To look at what the server sends my I use:

Code: Select all

openssl s_client -CAfile root.cert.pem -connect localhost:8112 -showcerts


Indeed, the output shows the server does not send the intermediate certificate. It seems the deluge web server only sends the first certificate, and skips the rest of the chain. As this has worked correctly in the past, I looked at the git history and the culprit seems to be commit c1902e43, which replaces the code for loading the certificate, specifically

Code: Select all

certificate = Certificate.loadPEM(cert.read()).original

instead of

Code: Select all

ctx.use_certificate_chain_file(configmanager.get_config_dir(delugeweb.cert))


As far as I can tell this is an incorrect way to read chain files. Look at the example at https://pem.readthedocs.io/en/stable/twisted.html for guidance.

I would fix this myself but I'm sure you that have greater experience with the code can do it much quicker and efficiently.
// Jay-C

Cas
Top Bloke
Top Bloke
Posts: 3382
Joined: Mon Dec 07, 2009 6:04 am
OS or Distro: Ubuntu 16.04
Location: Scotland

Re: Deluge Web TLS not working with certificate chains

Postby Cas » Thu Jun 15, 2017 9:55 am



Return to “Support”

Who is online

Users browsing this forum: Yahoo [Bot] and 1 guest