I’m running sonarr on a CentOS 7 system, using mono 3.10.0 and had SSL enabled. After I updated mono to version 4.0.2 SSL stopped working. I get an SSL connection error page. I checked my certificate is still in mono httpcfg, it was and reinstalled it anyway. I could not see anything in the logs about SSL. I removed mono 4.0.2 and reinstalled 3.10.0 and SSL is working again.
Is there any reason to upgrade my mono version if 3.10.0 has been working perfectly as far as i can see?
At the moment, no. mono 4 might be required in a future Sonarr version, but I’m not aware of anything in mono 4 that Sonarr requires.
I have the exact same issue, but on Raspbian. I recently updated Raspbian from Wheezy to Jessie and decided to strip all manually installed packages in favor of packages from repositories. This included mono 3.10, which I downloaded according to a tutorial on HTPCguides.com. This version of mono was designed to run on a Banana Pi but also worked on my Raspberry Pi 2. To provide my Pi 2 with the “best fitting” mono I decided to use the official mono repo as described on their install page. This unfortunately caused my SSL to be broken. I have followed both methods described in this topic, but neither worked. I am using a certificate chain of three nodes, which I created by following this guide. It has worked well in the past, for Sonarr but also for NZBget and CouchPotato. After the upgrade to mono 4, specifically Stable 4.0.2.5/c99aa0c, this chain appears to be causing problems, but only for Sonarr. Both NZBget and CouchPotato still work just fine. I have tried various browsers and tools, but all report an SSL_HANDSHAKE_ERROR. Example output of openssl is below. The same output is produced when forcing either -ssl3 or -tls1.
C:\Users\Geert>openssl s_client -ssl3 -connect ip_address:8081
Loading 'screen' into random state - done
CONNECTED(000000F4)
depth=0 /C=NL/ST=Gelderland/L=Nijmegen/O=Hidden/CN=ip_address/emailAddress=hidden@email.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=NL/ST=Gelderland/L=Nijmegen/O=Hidden/CN=ip_address/emailAddress=hidden@email.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=NL/ST=Gelderland/L=Nijmegen/O=Hidden/CN=ip_address/emailAddress=hidden@email.com
verify error:num=21:unable to verify the first certificate
verify return:1
9656:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:.\ssl\s3_pkt.c:1146:SSL alert number 40
9656:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:.\ssl\s3_pkt.c:572:
Below here is the output that chrome://net-internals shows.
47340: SOCKET
ssl(max:3.1)/ip_address:8081
Start Time: 2015-07-16 13:00:05.933
t=2812 [st= 0] +SOCKET_ALIVE [dt=1437]
--> source_dependency = 47339 (CONNECT_JOB)
t=2812 [st= 0] +TCP_CONNECT [dt=2]
--> address_list = ["ip_address:8081"]
t=2812 [st= 0] TCP_CONNECT_ATTEMPT [dt=2]
--> address = "ip_address:8081"
t=2814 [st= 2] -TCP_CONNECT
--> source_address = "192.168.0.6:7373"
t=2814 [st= 2] +SOCKET_IN_USE [dt=1435]
--> source_dependency = 47338 (CONNECT_JOB)
t=2814 [st= 2] +SSL_CONNECT [dt=1435]
t=2814 [st= 2] SOCKET_BYTES_SENT
--> byte_count = 164
t=2819 [st= 7] SOCKET_BYTES_RECEIVED
--> byte_count = 47
t=2819 [st= 7] SOCKET_BYTES_RECEIVED
--> byte_count = 1460
t=2820 [st= 8] SOCKET_BYTES_RECEIVED
--> byte_count = 78
t=2820 [st= 8] SSL_CLIENT_CERT_REQUESTED
t=2820 [st= 8] SSL_CLIENT_CERT_PROVIDED
--> cert_count = 0
t=2820 [st= 8] SOCKET_BYTES_SENT
--> byte_count = 338
t=4249 [st=1437] SOCKET_BYTES_RECEIVED
--> byte_count = 7
t=4249 [st=1437] SSL_HANDSHAKE_ERROR
--> error_lib = 16
--> error_reason = 1040
--> file = "c:\\b\\build\\slave\\win\\build\\src\\third_party\\boringssl\\src\\ssl\\s3_pkt.c"
--> line = 998
--> net_error = -107 (ERR_SSL_PROTOCOL_ERROR)
--> ssl_error = 1
t=4249 [st=1437] -SSL_CONNECT
--> net_error = -107 (ERR_SSL_PROTOCOL_ERROR)
t=4249 [st=1437] SOCKET_CLOSED
t=4249 [st=1437] -SOCKET_IN_USE
t=4249 [st=1437] -SOCKET_ALIVE
Any help with this? Does this require a bugfix for Sonarr or perhaps Mono?
I continue to try different things to get SSL working, all with no success. However the message I get using chrome “Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don’t have.” has got me thinking about how SSL worked before I updated. I’m wondering if my setup was every working properly. Before when i would access https://sonarr.local:9898 a window would open allowing my to select a user certificate. I would always press cancel and then sonarr would open. Was this normal behavior? I get the same window now, but if I cancel I get the SSL connection error.
I got SSL working by importing my user certificate into the personal store on the client computer. I was able to use my OpenVPN certificate that I already had. I’m still curious if everyone else using SSL are seeing the pop-up window to select a certificate? I use a smart cart for work and have those certificates installed, may be that is why I get the pop-up.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.