| SpringTank | bzflag list server down? | 00:07 |
|---|---|---|
| *** blast007[m] <blast007[m]!~blast007m@2001:470:69fc:105::7ec> has joined #bzflag | 00:07 | |
| *** sean[m]1 <sean[m]1!~brlcadmat@2001:470:69fc:105::1ff> has joined #bzflag | 00:07 | |
| SpringTank | hey blast. bzflag list server down? | 00:08 |
| SpringTank | not authenticating usernames when direct connection to servers either | 00:09 |
| blast007 | ah, it may be servers that need to update their root CA's | 00:14 |
| blast007 | I see a lot less servers on the list right now | 00:14 |
| blast007 | https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ | 00:15 |
| blast007 | including mine, it seems | 00:15 |
| SpringTank | "Can't talk with list servers" | 00:17 |
| SpringTank | ^client error | 00:17 |
| blast007 | is that your client saying that when you try to get the server list? | 00:20 |
| blast007 | if so, what operating system and OS version are you running? | 00:20 |
| blast007 | I just updated the packages on my Debian 9 server hosting bzfs (which included openssl and curl updates) and now my servers are back on the list | 00:21 |
| blast007 | what operating system are you running? | 00:21 |
| SpringTank | win7 | 00:22 |
| SpringTank | for my client | 00:22 |
| blast007 | let me try on Windows | 00:22 |
| blast007 | this is the latest 2.4.22 client? | 00:23 |
| SpringTank | yes | 00:23 |
| blast007 | worked on my Windows 7 | 00:25 |
| SpringTank | hmmm, im using at&t fiber | 00:26 |
| blast007 | can you access this site in Internet Explorer? https://my.bzflag.org/db/?action=LIST | 00:26 |
| SpringTank | everything else seems to be working. let me try on my debian system | 00:26 |
| blast007 | (and yes, Internet Explorer specifically) :) | 00:26 |
| SpringTank | nope | 00:27 |
| blast007 | what kind of error do you get? | 00:27 |
| SpringTank | but it works on firefox | 00:27 |
| SpringTank | "There is a problem with this website's security certificate." | 00:27 |
| blast007 | yeah, firefox uses their own SSL/TLS system | 00:27 |
| SpringTank | but I can skip past that and it works fine | 00:27 |
| blast007 | our curl is compiled to use schannel/winssl, which is also what IE uses | 00:27 |
| blast007 | is your Windows 7 fully updated? | 00:28 |
| SpringTank | it is not | 00:28 |
| SpringTank | i usually install updates manually | 00:28 |
| blast007 | you're probably missing Trusted Root updates | 00:28 |
| SpringTank | guess ill have to find that update | 00:28 |
| blast007 | https://support.microsoft.com/en-us/topic/support-for-urgent-trusted-root-updates-for-windows-root-certificate-program-in-windows-a4ac4d6c-7c62-3b6e-dfd2-377982bf3ea5 | 00:29 |
| blast007 | that may be it? you'd need to check that page over more | 00:29 |
| SpringTank | looks to be KB3004394 | 00:29 |
| blast007 | or check in Windows Update for anything about root certificates | 00:29 |
| SpringTank | installing KB3004394 has fixed the issue | 00:32 |
| blast007 | cool | 00:32 |
| SpringTank | thanks | 00:32 |
| blast007 | I'll post on the forums about the issue for servers | 00:33 |
| blast007 | I was dealing with this certificate problem at work today. Our site uses a Let's Encrypt certificate, and a hosted service we use is failing to communicate with our site because they can no longer validate the certificate trust chain | 00:36 |
| SpringTank | sounds fun | 00:56 |
| SpringTank | lol | 00:56 |
| *** kbar <kbar!~kbar@cpe-69-76-15-233.natnow.res.rr.com> has joined #bzflag | 03:47 | |
| *** kbar <kbar!~kbar@cpe-69-76-15-233.natnow.res.rr.com> has quit IRC (Quit: Client closed) | 04:01 | |
| BZNotify | master @ bzflag.org: allejo pushed 1 commit (https://git.io/JgliA): | 04:08 |
| BZNotify | master @ bzflag.org: allejo 9351b3: Update MOTD to include know about SSL issues (https://git.io/Jglix) | 04:08 |
| *** kbar <kbar!~kbar@cpe-69-76-15-233.natnow.res.rr.com> has joined #bzflag | 04:09 | |
| *** kbar <kbar!~kbar@cpe-69-76-15-233.natnow.res.rr.com> has quit IRC (Client Quit) | 04:10 | |
| *** kbar <kbar!~kbar@cpe-69-76-15-233.natnow.res.rr.com> has joined #bzflag | 04:16 | |
| *** kbar <kbar!~kbar@cpe-69-76-15-233.natnow.res.rr.com> has quit IRC (Quit: Ping timeout (120 seconds)) | 04:41 | |
| *** I_Died_Once <I_Died_Once!~I_Died_On@c-73-184-170-223.hsd1.ga.comcast.net> has quit IRC (Ping timeout: 240 seconds) | 06:01 | |
| *** the-map <the-map!~the_map@user/the-map/x-5158391> has joined #bzflag | 06:06 | |
| *** TD--Linux <TD--Linux!~Thomas@user/td-linux> has joined #bzflag | 06:11 | |
| *** rodgort` <rodgort`!~rodgort@static.38.6.217.95.clients.your-server.de> has joined #bzflag | 06:13 | |
| *** rodgort <rodgort!~rodgort@static.38.6.217.95.clients.your-server.de> has quit IRC (*.net *.split) | 06:14 | |
| *** the_map <the_map!~the_map@user/the-map/x-5158391> has quit IRC (*.net *.split) | 06:14 | |
| *** catay <catay!~smertens@user/catay> has quit IRC (*.net *.split) | 06:14 | |
| *** TD-Linux <TD-Linux!~Thomas@user/td-linux> has quit IRC (*.net *.split) | 06:14 | |
| *** rodgort` <rodgort`!~rodgort@static.38.6.217.95.clients.your-server.de> has quit IRC (Ping timeout: 252 seconds) | 07:12 | |
| *** rodgort <rodgort!~rodgort@static.38.6.217.95.clients.your-server.de> has joined #bzflag | 07:13 | |
| *** sean[m]11 <sean[m]11!~brlcadmat@2001:470:69fc:105::1ff> has joined #bzflag | 07:20 | |
| *** sean[m]1 <sean[m]1!~brlcadmat@2001:470:69fc:105::1ff> has quit IRC (Ping timeout: 252 seconds) | 07:21 | |
| *** allejo <allejo!~allejo@user/allejo> has quit IRC (Ping timeout: 252 seconds) | 07:21 | |
| *** allejo <allejo!~allejo@104.243.40.186> has joined #bzflag | 07:21 | |
| *** ChanServ sets mode: +v allejo | 07:21 | |
| *** Sgeo <Sgeo!~Sgeo@user/sgeo> has quit IRC (Read error: Connection reset by peer) | 07:33 | |
| *** librebob[m] <librebob[m]!~librebobm@2001:470:69fc:105::88d6> has quit IRC (Ping timeout: 250 seconds) | 07:44 | |
| *** librebob[m] <librebob[m]!~librebobm@2001:470:69fc:105::88d6> has joined #bzflag | 07:44 | |
| *** alezakos_ <alezakos_!~kongr45gp@user/alezakos> has joined #bzflag | 07:45 | |
| *** alezakos <alezakos!~kongr45gp@user/alezakos> has quit IRC (Ping timeout: 250 seconds) | 07:45 | |
| *** TD--Linux is now known as TD-Linux | 08:04 | |
| *** allejo <allejo!~allejo@user/allejo> has quit IRC (Remote host closed the connection) | 09:07 | |
| *** allejo <allejo!~allejo@104.243.40.186> has joined #bzflag | 09:08 | |
| *** ChanServ sets mode: +v allejo | 09:08 | |
| *** alezakos_ is now known as alezakos | 10:47 | |
| *** allejo <allejo!~allejo@user/allejo> has quit IRC (Remote host closed the connection) | 11:37 | |
| *** allejo <allejo!~allejo@104.243.40.186> has joined #bzflag | 11:38 | |
| *** ChanServ sets mode: +v allejo | 11:38 | |
| *** I_Died_Once <I_Died_Once!~I_Died_On@c-73-184-170-223.hsd1.ga.comcast.net> has joined #bzflag | 12:45 | |
| *** Sgeo <Sgeo!~Sgeo@user/sgeo> has joined #bzflag | 14:12 | |
| *** catay <catay!~smertens@user/catay> has joined #bzflag | 15:23 | |
| *** blast007_ <blast007_!~blast@user/blast007> has joined #bzflag | 16:25 | |
| *** blast007 <blast007!~blast@user/blast007> has quit IRC (Ping timeout: 265 seconds) | 16:26 | |
| *** blast007_ is now known as blast007 | 16:27 | |
| *** jfindlay_ is now known as jfindlay | 16:38 | |
| *** BZuser790 <BZuser790!~BZuser790@201.141.123.92> has joined #bzflag | 16:41 | |
| *** BZuser790 <BZuser790!~BZuser790@201.141.123.92> has quit IRC (Client Quit) | 16:42 | |
| *** the-map is now known as the_map | 21:12 | |
| *** _I_Died_Once <_I_Died_Once!~I_Died_On@c-73-184-170-223.hsd1.ga.comcast.net> has joined #bzflag | 21:24 | |
| *** I_Died_Once <I_Died_Once!~I_Died_On@c-73-184-170-223.hsd1.ga.comcast.net> has quit IRC (Ping timeout: 252 seconds) | 21:26 | |
| *** alfa1 <alfa1!~alfa1@host30.181-14-186.telecom.net.ar> has joined #bzflag | 22:09 | |
| alfa1 | is there any problem about TLS/others on the game? I have problems as well on known web sites too. | 22:11 |
| allejo | https://forums.bzflag.org/viewtopic.php?f=8&t=20524 | 22:12 |
| *** ChanServ sets mode: +o allejo | 22:13 | |
| blast007 | alfa1: what operating system and OS version are you running? | 22:13 |
| *** allejo changes topic to "BZFlag Support and Development || Latest version: 2.4.22 || https://www.bzflag.org || https://www.bzflag.org/help/ || https://www.openhub.net/p/bzflag || https://logs.bzexcess.com || Having trouble connecting to the server list? Follow this thread https://forums.bzflag.org/viewtopic.php?f=8&t=20524" | 22:14 | |
| *** allejo sets mode: -o allejo | 22:14 | |
| alfa1 | it is an old operating system; I don't want to give lot of info, sorry | 22:16 |
| alfa1 | I am reading that thread tho | 22:17 |
| alfa1 | I still can connect to servers by strayer info; tho no auth; which is not big problem except for my own server | 22:18 |
| blast007 | if you're using OpenSSL 1.0.2 (check with 'openssl version' in a terminal), the first workaround may help you | 22:19 |
| blast007 | or are you using Windows? | 22:20 |
| alfa1 | no, linux | 22:20 |
| alfa1 | you mean "installing updates, which included some for curl and openssl" (second workaround)? | 22:20 |
| blast007 | oh, sorry, I had forgot to paste the link with that message above | 22:20 |
| blast007 | https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ | 22:20 |
| blast007 | the first workaround here | 22:21 |
| *** Zehra <Zehra!~Yukari@user/yukari> has joined #bzflag | 22:22 | |
| alfa1 | my openssl version is older than that. Is there any way to avoid using TLS/others to run my server (or to use auth)? Someting like an optional way? | 22:34 |
| alfa1 | (something like the previous method) | 22:34 |
| alfa1 | I will see if I can update it tho. | 22:35 |
| catay | if you get rid of the X3 root cert and install the ISRG root one, it should also work with older openssl versions | 22:40 |
| alfa1 | ok, I will see if I can try that, thank you | 22:42 |
| catay | check /etc/ca-certificates.conf , you can exclude there the X3 one, download the new one and also add it in there | 22:43 |
| catay | and run update-ca-certificates | 22:44 |
| blast007 | if it's a Debian-based distro, you could try 'sudo dpkg-reconfigure ca-certificates' and uncheck the old cert | 22:44 |
| catay | you can download the ISRG one here: https://letsencrypt.org/certs/isrgrootx1.pem | 22:45 |
| blast007 | (on Debian, I have a local CA certificate I used for internal dev, which I've placed in /usr/share/ca-certificates/ as a .crt file, and then added to the trust using the dpkg-reconfigure above) | 22:46 |
| alfa1 | thanks all; with that info I have material to work with for now :) | 22:50 |
| alfa1 | "man update-ca-certificates" is helpìng me too | 22:51 |
| alfa1 | I should rename the file as "ISRG_Root_X1.pem" right? | 23:02 |
| *** Agatha <Agatha!~agatha@user/agatha> has joined #bzflag | 23:03 | |
| blast007 | check 'ls -l /etc/ssl/cert/' to see if the files there are actually symbolic links elsewhere | 23:05 |
| blast007 | ls -l /etc/ssl/certs/ | 23:05 |
| *** Agatha <Agatha!~agatha@user/agatha> has quit IRC (Read error: Connection reset by peer) | 23:08 | |
| alfa1 | are IRC connections having trouble too? | 23:09 |
| blast007 | Freenode also uses Let's Encrypt for their SSL ports. | 23:10 |
| alfa1 | it seems those links are automatically added with "update-ca-certificates" command, blast007 | 23:11 |
| blast007 | okay, so Debian's dpkg-reconfigure probably calls that same thing | 23:12 |
| blast007 | so just put the new cert in the same area as where those symlinks point to, and with the same file extension as the target files | 23:12 |
| blast007 | so, on Debian, the link names end in .pem, but the actual files ends in .crt | 23:12 |
| blast007 | adjust as needed for your system | 23:13 |
| alfa1 | yes | 23:15 |
| alfa1 | guiding me mainly by the man page to avoid any risk :) | 23:15 |
| alfa1 | but that seems the way | 23:15 |
| blast007 | might want to name the file in a way that's clear you added it | 23:16 |
| blast007 | that way if you upgrade later, there's little chance of a filename conflict | 23:16 |
| alfa1 | I will have that in mind | 23:21 |
| alfa1 | bzflag not working, should I reset machine? | 23:22 |
| alfa1 | firefox also not; resetting... | 23:23 |
| *** alfa1 <alfa1!~alfa1@host30.181-14-186.telecom.net.ar> has quit IRC (Remote host closed the connection) | 23:24 | |
| blast007 | rebooting the server list real quick | 23:34 |
Generated by irclog2html.py 2.17.3.dev0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!