Deluge Web TLS not working with certificate chains

General support for problems installing or using Deluge
Post Reply
Jay-C
Member
Member
Posts: 10
Joined: Sat Dec 07, 2013 11:30 am

Deluge Web TLS not working with certificate chains

Post by Jay-C »

Hi!

I'm going to try to keep this short. I'm trying to add a certificate chain to the deluge web UI, the subject certificate concatenated with a intermediate certificate, as is standard. I've successfully verified the separate files using the ``openssl verify" utility.

Code: Select all

$ openssl verify -verbose -CAfile root.cert.pem -untrusted intermediate.cert.pem deluge.cert.pem
deluge.cert.pem: OK
However, Firefox gives me an SEC_ERROR_UNKNOWN_ISSUER error. To look at what the server sends my I use:

Code: Select all

openssl s_client -CAfile root.cert.pem -connect localhost:8112 -showcerts
Indeed, the output shows the server does not send the intermediate certificate. It seems the deluge web server only sends the first certificate, and skips the rest of the chain. As this has worked correctly in the past, I looked at the git history and the culprit seems to be commit c1902e43, which replaces the code for loading the certificate, specifically

Code: Select all

certificate = Certificate.loadPEM(cert.read()).original
instead of

Code: Select all

ctx.use_certificate_chain_file(configmanager.get_config_dir(delugeweb.cert))
As far as I can tell this is an incorrect way to read chain files. Look at the example at https://pem.readthedocs.io/en/stable/twisted.html for guidance.

I would fix this myself but I'm sure you that have greater experience with the code can do it much quicker and efficiently.
// Jay-C
Cas
Top Bloke
Top Bloke
Posts: 3679
Joined: Mon Dec 07, 2009 6:04 am
Location: Scotland

Re: Deluge Web TLS not working with certificate chains

Post by Cas »

Post Reply