OpenSSL: Cannot Load inline Certificate file #162
Comments
|
Ran into the same issue with update 4.3. For details regarding the issue look here: This is related to the 4.3 update and the updates to OPENSSL/OPENVPN. If you want to be back up and running until there is a workaround implemented in the 4.3.X updates simply specify the previous release as your image: image: haugene/transmission-openvpn:4.2 |
Thank you so much! I'll just roll back for now. |
|
You should leave this issue open. I came here to create this exact issue. Leaving it open will allow the developer to be aware that for certain providers the update 4.3 causes openvpn to not be able to establish a connection. I was simply providing information and a temporary workaround. |
|
True, Didn't mean to close! opened it again! |
|
Moving this as this is more provider related (outdated profiles etc) than container |
|
This is a problem with providers not the image itself. The link already shown does a great job of explaining this issue. IMO I'd see if new configs are available from the providers affected or if whoever uses them contact their support to complain, that they're using insecure algorithms for signing. If you're wondering how to check/test. Copy the "CA" cert out of the config file in question and run the below cmd. Or exclude the grep cmd to see the all of the cert contents. |
|
@pkishino is there a new tracking issue for this, or linked PR if it's fixed? |
|
The linked issue above discussed this in depth, for a quick fix see here haugene/docker-transmission-openvpn#2453 (comment) |
|
It’s a provider issue, not anything on our end to fix |
It is a provider issue, but this was a helpful tracking issue for the upcoming fix with the provider and then eventual integration here. The other issue you linked to is closed as well. |
|
Indeed a provider issue. VPNUNLIMITED provided a few flags that could be used to essentially bypass the issue with weak encryption tls-cipher=DEFAULT:@SECLEVEL=0 I originally thought perhaps this was something that might get included in the docker image as an optional environmental variable. VPNUNLIMITED is currently working the issue…. See response in this issue over at gluetun. That issue is also closed as it also is simply waiting on the fix from VPNUNLIMITED. |
Is there a pinned issue for this?
Is there an existing or similar issue/discussion for this?
Is there any comment in the documentation for this?
Is this related to a provider?
Are you using the latest release?
Have you tried using the dev branch latest?
Docker run config used
version: '3.3'
services:
transmission-openvpn:
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
volumes:
- /srv/dev-disk-by-uuid-bf1ea84a-83c8-4d47-bb79-4be63bd8b9a7/appdata/transmission:/data
- /srv/dev-disk-by-uuid-bf1ea84a-83c8-4d47-bb79-4be63bd8b9a7/download:/downloads
environment:
- OPENVPN_PROVIDER=VPNUNLIMITED
- OPENVPN_CONFIG=ro
- OPENVPN_USERNAME=XXXXXX
- OPENVPN_PASSWORD=XXXXXXX
- LOCAL_NETWORK=192.168.0.0/16
- PUID=1000
- GUID=100
- download-queue-size=12
- download-queue-enabled=true
logging:
driver: json-file
options:
max-size: 10m
ports:
- 9091:9091
dns:
- 8.8.8.8
image: haugene/transmission-openvpn:dev
restart: unless-stopped
Current Behavior
When the container restarts the logs show a certificate failure related to OpenSSL. Logs show exiting due to fatal error after trying to load the inline Certificate file.
OpenSSL: error:0A00018E:SSL routines::ca md too weakExpected Behavior
No configurations were changed, updated to the most recent image and container would not load.
How have you tried to solve the problem?
Log output
HW/SW Environment
Anything else?
No response
The text was updated successfully, but these errors were encountered: