deluge doesnt send intermediate ssl certificate for webui (still?)

General support for problems installing or using Deluge
Post Reply
kayson
New User
New User
Posts: 4
Joined: Thu Jan 18, 2018 6:42 am

deluge doesnt send intermediate ssl certificate for webui (still?)

Post by kayson »

I've set deluge to use the same certificate and key as my apache https server, which is a concatenated cert + intermediate cert.

If I run

Code: Select all

openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -connect localhost:8112 -showcerts
it fails on verifying the first certificate

If I run

Code: Select all

openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -connect localhost:443 -showcerts
, it verifies just fine.


Again, both deluge and apache are pointing to the same certificate and key file (generated by Let's Encrypt, fyi)

I found this ticket - http://dev.deluge-torrent.org/ticket/3064 - which allegedly fixed it in 1.3; I'm running 1.3.15 on Ubuntu 17.10, and I'm having some issue.

Help would be greatly appreciated!
tolaris
New User
New User
Posts: 3
Joined: Sun May 20, 2018 7:21 am

Re: deluge doesnt send intermediate ssl certificate for webui (still?)

Post by tolaris »

The patch has not been applied to the Deluge PPA for Ubuntu xenial. :(

Patch details: https://github.com/deluge-torrent/delug ... bf6d50ea9e

On my system, /usr/lib/python2.7/dist-packages/deluge/ui/web/server.py shows this on line 690:

options.getContext().set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)

It should show the patch (see github pull link).
tolaris
New User
New User
Posts: 3
Joined: Sun May 20, 2018 7:21 am

Re: deluge doesnt send intermediate ssl certificate for webui (still?)

Post by tolaris »

I manually applied the patch and restarted Deluge Web, and it worked. To be clear:

Edit /usr/lib/python2.7/dist-packages/deluge/ui/web/server.py as root (use sudo).

Change this line:
options.getContext().set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)

To these three:
ctx = options.getContext()
ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
ctx.use_certificate_chain_file(configmanager.get_config_dir(self.cert))
tolaris
New User
New User
Posts: 3
Joined: Sun May 20, 2018 7:21 am

Re: deluge doesnt send intermediate ssl certificate for webui (still?)

Post by tolaris »

Note that the ticket ( https://dev.deluge-torrent.org/ticket/3064 ) shows it is fixed in 1.3.16. The repo has 1.3.15. Should be safe to patch as I've done and it'll be overwritten with the next release, but that will have the fix.
Post Reply