I have the exact same issue, but on Raspbian. I recently updated Raspbian from Wheezy to Jessie and decided to strip all manually installed packages in favor of packages from repositories. This included mono 3.10, which I downloaded according to a tutorial on HTPCguides.com. This version of mono was designed to run on a Banana Pi but also worked on my Raspberry Pi 2. To provide my Pi 2 with the “best fitting” mono I decided to use the official mono repo as described on their install page. This unfortunately caused my SSL to be broken. I have followed both methods described in this topic, but neither worked. I am using a certificate chain of three nodes, which I created by following this guide. It has worked well in the past, for Sonarr but also for NZBget and CouchPotato. After the upgrade to mono 4, specifically Stable 4.0.2.5/c99aa0c
, this chain appears to be causing problems, but only for Sonarr. Both NZBget and CouchPotato still work just fine. I have tried various browsers and tools, but all report an SSL_HANDSHAKE_ERROR
. Example output of openssl
is below. The same output is produced when forcing either -ssl3
or -tls1
.
C:\Users\Geert>openssl s_client -ssl3 -connect ip_address:8081
Loading 'screen' into random state - done
CONNECTED(000000F4)
depth=0 /C=NL/ST=Gelderland/L=Nijmegen/O=Hidden/CN=ip_address/emailAddress=hidden@email.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=NL/ST=Gelderland/L=Nijmegen/O=Hidden/CN=ip_address/emailAddress=hidden@email.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=NL/ST=Gelderland/L=Nijmegen/O=Hidden/CN=ip_address/emailAddress=hidden@email.com
verify error:num=21:unable to verify the first certificate
verify return:1
9656:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:.\ssl\s3_pkt.c:1146:SSL alert number 40
9656:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:.\ssl\s3_pkt.c:572:
Below here is the output that chrome://net-internals
shows.
47340: SOCKET
ssl(max:3.1)/ip_address:8081
Start Time: 2015-07-16 13:00:05.933
t=2812 [st= 0] +SOCKET_ALIVE [dt=1437]
--> source_dependency = 47339 (CONNECT_JOB)
t=2812 [st= 0] +TCP_CONNECT [dt=2]
--> address_list = ["ip_address:8081"]
t=2812 [st= 0] TCP_CONNECT_ATTEMPT [dt=2]
--> address = "ip_address:8081"
t=2814 [st= 2] -TCP_CONNECT
--> source_address = "192.168.0.6:7373"
t=2814 [st= 2] +SOCKET_IN_USE [dt=1435]
--> source_dependency = 47338 (CONNECT_JOB)
t=2814 [st= 2] +SSL_CONNECT [dt=1435]
t=2814 [st= 2] SOCKET_BYTES_SENT
--> byte_count = 164
t=2819 [st= 7] SOCKET_BYTES_RECEIVED
--> byte_count = 47
t=2819 [st= 7] SOCKET_BYTES_RECEIVED
--> byte_count = 1460
t=2820 [st= 8] SOCKET_BYTES_RECEIVED
--> byte_count = 78
t=2820 [st= 8] SSL_CLIENT_CERT_REQUESTED
t=2820 [st= 8] SSL_CLIENT_CERT_PROVIDED
--> cert_count = 0
t=2820 [st= 8] SOCKET_BYTES_SENT
--> byte_count = 338
t=4249 [st=1437] SOCKET_BYTES_RECEIVED
--> byte_count = 7
t=4249 [st=1437] SSL_HANDSHAKE_ERROR
--> error_lib = 16
--> error_reason = 1040
--> file = "c:\\b\\build\\slave\\win\\build\\src\\third_party\\boringssl\\src\\ssl\\s3_pkt.c"
--> line = 998
--> net_error = -107 (ERR_SSL_PROTOCOL_ERROR)
--> ssl_error = 1
t=4249 [st=1437] -SSL_CONNECT
--> net_error = -107 (ERR_SSL_PROTOCOL_ERROR)
t=4249 [st=1437] SOCKET_CLOSED
t=4249 [st=1437] -SOCKET_IN_USE
t=4249 [st=1437] -SOCKET_ALIVE
Any help with this? Does this require a bugfix for Sonarr or perhaps Mono?