Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to add contacts (SSL handshake error) #55

Open
PKizzle opened this issue Dec 22, 2019 · 5 comments
Open

Unable to add contacts (SSL handshake error) #55

PKizzle opened this issue Dec 22, 2019 · 5 comments

Comments

@PKizzle
Copy link

PKizzle commented Dec 22, 2019

I am running openMittsu (compiled from master branch using Homebrew) on macOS 10.15.3
Sadly it is not possible to add any contacts, because of an SSL handshake error seen in the attached picture. I downloaded all required certificates for Threema but I still receive this error message.
image
@blizzard4591
Copy link
Owner

First off: The homebrew stuff works? Since I do not have access to a Mac, I "did some stuff" but never got any detailed feedback on whether it worked - I am surprised to say the least ;)

I just compile the latest version from scratch and tried adding a contact - for me it works. I checked all the certificates, they did not roll over recently and the CA is still the same. So - curious, I do not know what the problem is here. Stupid question: Could you try again (now that some time has passed)? Maybe it was an intermittent or spurious issue.

Waaaait. In the screenshot it says "IDENTITY" where the ID of your contact should be. Was this intentional or just for demonstration?
The more interesting part is that even with "IDENTITY" I get a different error message, the server correctly states that this ID does not exist.

For this process openMittsu relies on OpenSSL, maybe there is an issue in this direction.

@PKizzle
Copy link
Author

PKizzle commented Dec 24, 2019

The homebrew stuff needs some adjustments to make it work ;)

I changed the ID to IDENTITY for demonstration purposes, so that I didn't have to give the web personal information about who my contacts are. This does not change the error message in any way.

Now to the SSL error: Apple has made its certificate policies more strict with macOS Catalina. Therefore all connection from iOS 13 or macOS 10.15 devices will throw an error message when trying to connect to api.threema.ch. I reached out to the Threema support to explain them the issue. They'll have to change the certificate that they are currently using.

For the time being macOS Catalina users can add the api.threema.ch certificate to keychain and manually trust it.

@blizzard4591
Copy link
Owner

Did you receive any feedback? I would like to fix this issue, but I currently have no idea how to.

Additionally, the adjustments you made to homebrew - could you give me a summary of what you did?

@PKizzle
Copy link
Author

PKizzle commented Jan 24, 2020
edited
Loading

I received a reply, that currently macOS is an unsupported platform and that they cannot offer me any support. However since this issue is related to the server certificate of https://api.threema.ch (and not macOS) I replied by further explaining the issue and am now waiting for a response.

If I find the time I'll create a list of necessary adjustments to successfully compile the project with homebrew.

@davidfoerster
Copy link

davidfoerster commented Oct 13, 2024
edited
Loading

The same issue occurs on Arch Linux with OpenSSL 3.3.2. I'm still trying to add the server certificate to the trust store in a way that convinces openMittsu to trust api.threema.ch.

Bildschirmfoto vom 2024-10-13 15-11-44

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@blizzard4591 @davidfoerster @PKizzle