Deluge Web TLS not working with certificate chains
Posted: Wed Jun 14, 2017 9:29 pm
Hi!
I'm going to try to keep this short. I'm trying to add a certificate chain to the deluge web UI, the subject certificate concatenated with a intermediate certificate, as is standard. I've successfully verified the separate files using the ``openssl verify" utility.
However, Firefox gives me an SEC_ERROR_UNKNOWN_ISSUER error. To look at what the server sends my I use:
Indeed, the output shows the server does not send the intermediate certificate. It seems the deluge web server only sends the first certificate, and skips the rest of the chain. As this has worked correctly in the past, I looked at the git history and the culprit seems to be commit c1902e43, which replaces the code for loading the certificate, specifically
instead of
As far as I can tell this is an incorrect way to read chain files. Look at the example at https://pem.readthedocs.io/en/stable/twisted.html for guidance.
I would fix this myself but I'm sure you that have greater experience with the code can do it much quicker and efficiently.
I'm going to try to keep this short. I'm trying to add a certificate chain to the deluge web UI, the subject certificate concatenated with a intermediate certificate, as is standard. I've successfully verified the separate files using the ``openssl verify" utility.
Code: Select all
$ openssl verify -verbose -CAfile root.cert.pem -untrusted intermediate.cert.pem deluge.cert.pem
deluge.cert.pem: OK
Code: Select all
openssl s_client -CAfile root.cert.pem -connect localhost:8112 -showcerts
Code: Select all
certificate = Certificate.loadPEM(cert.read()).original
Code: Select all
ctx.use_certificate_chain_file(configmanager.get_config_dir(delugeweb.cert))
I would fix this myself but I'm sure you that have greater experience with the code can do it much quicker and efficiently.