deluge doesnt send intermediate ssl certificate for webui (still?)

General support for problems installing or using Deluge
kayson
New User
New User
Posts: 4
Joined: Thu Jan 18, 2018 6:42 am
OS or Distro: Ubuntu 17.10

deluge doesnt send intermediate ssl certificate for webui (still?)

Postby kayson » Thu Jan 18, 2018 6:49 am

I've set deluge to use the same certificate and key as my apache https server, which is a concatenated cert + intermediate cert.

If I run

Code: Select all

openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -connect localhost:8112 -showcerts

it fails on verifying the first certificate

If I run

Code: Select all

openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -connect localhost:443 -showcerts
, it verifies just fine.


Again, both deluge and apache are pointing to the same certificate and key file (generated by Let's Encrypt, fyi)

I found this ticket - http://dev.deluge-torrent.org/ticket/3064 - which allegedly fixed it in 1.3; I'm running 1.3.15 on Ubuntu 17.10, and I'm having some issue.

Help would be greatly appreciated!

tolaris
New User
New User
Posts: 3
Joined: Sun May 20, 2018 7:21 am
OS or Distro: Ubuntu

Re: deluge doesnt send intermediate ssl certificate for webui (still?)

Postby tolaris » Sun May 20, 2018 7:25 am

The patch has not been applied to the Deluge PPA for Ubuntu xenial. :(

Patch details: https://github.com/deluge-torrent/delug ... bf6d50ea9e

On my system, /usr/lib/python2.7/dist-packages/deluge/ui/web/server.py shows this on line 690:

options.getContext().set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)

It should show the patch (see github pull link).

tolaris
New User
New User
Posts: 3
Joined: Sun May 20, 2018 7:21 am
OS or Distro: Ubuntu

Re: deluge doesnt send intermediate ssl certificate for webui (still?)

Postby tolaris » Sun May 20, 2018 7:27 am

I manually applied the patch and restarted Deluge Web, and it worked. To be clear:

Edit /usr/lib/python2.7/dist-packages/deluge/ui/web/server.py as root (use sudo).

Change this line:
options.getContext().set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)

To these three:
ctx = options.getContext()
ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
ctx.use_certificate_chain_file(configmanager.get_config_dir(self.cert))

tolaris
New User
New User
Posts: 3
Joined: Sun May 20, 2018 7:21 am
OS or Distro: Ubuntu

Re: deluge doesnt send intermediate ssl certificate for webui (still?)

Postby tolaris » Sun May 20, 2018 7:30 am

Note that the ticket ( https://dev.deluge-torrent.org/ticket/3064 ) shows it is fixed in 1.3.16. The repo has 1.3.15. Should be safe to patch as I've done and it'll be overwritten with the next release, but that will have the fix.


Return to “Support”

Who is online

Users browsing this forum: gw1500se and 7 guests