Network issues? Add-ons failing with MD5 mismatch
#16
(2018-05-13, 22:28)Rechi Wrote: See https://kodi.wiki/view/Log_file/Easy#Instructions (Note in step two)
Thanks, I assume that it was to enable the libcURL logging?

See new log here - http://paste.kodi.tv/dopaviyobu

Note - While trying to get this new log, I was able to successfully install the CBC Radio add-on and it played radio streams fine... that isn't included in the log because the log was too big so I had to reboot and try again!
Reply
#17
please try and provide the output of:
Code:
curl --cacert /etc/ssl/cert.pem -v -o /dev/null https://mirror.netcologne.de/xbmc/addons/krypton/script.trakt/script.trakt-3.2.0.zip
Reply
#18
(2018-05-14, 09:16)wsnipex Wrote: please try and provide the output of:
Code:
curl --cacert /etc/ssl/cert.pem -v -o /dev/null https://mirror.netcologne.de/xbmc/addons/krypton/script.trakt/script.trakt-3.2.0.zip
Here it is - 
code:
Kodi:~ # curl --cacert /etc/ssl/cert.pem -v -o /dev/null https://mirror.netcologne.de/xbmc/addons...t-3.2.0.zi
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                 Dload  Upload   Total   Spent    Left  Speed  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*  
Trying 194.8.197.22...
* TCP_NODELAY set* Connected to mirror.netcologne.de (194.8.197.22) port 443 (#0)* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem  CApath: none* TLSv1.2 (OUT), TLS header, Certificate Status (22):} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):} [512 bytes data]  0     0    0     0    0     0      0      0 --:--:--  0:00:59 --:--:--     0
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to mirror.netcologne.de:443  
0     0    0     0    0     0      0      0 --:--:--  0:01:00 --:--:--     0
* Closing connection 0curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to mirror.netcologne.de:443 
Reply
#19
so the issue is the cacert file.
Reply
#20
I'm not convinced it's an issue with the cacert file, local test here on LE 8.2.5 using curl and openssl s_client are fine.

To me it looks more like some network issue, maybe transparent proxy etc interfering as the TLS handshake stopped rather early after "Client hello" - the "Server hello" and a lot more is missing.

This is what I get here:
Code:
le8:~ # curl -o /dev/null -v https://mirror.netcologne.de/xbmc/addons/krypton/script.trakt/script.trakt-3.2.0.zip
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 194.8.197.22...
* TCP_NODELAY set
* Connected to mirror.netcologne.de (194.8.197.22) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [104 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3023 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [589 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=mirror.netcologne.de
*  start date: May  8 20:14:10 2018 GMT
*  expire date: Aug  6 20:14:10 2018 GMT
*  subjectAltName: host "mirror.netcologne.de" matched cert's "mirror.netcologne.de"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
} [5 bytes data]
> GET /xbmc/addons/krypton/script.trakt/script.trakt-3.2.0.zip HTTP/1.1
> Host: mirror.netcologne.de
> User-Agent: curl/7.58.0
> Accept: */*
>
{ [5 bytes data]
< HTTP/1.1 200 OK
< Server: nginx/1.13.12
< Date: Tue, 15 May 2018 09:58:23 GMT
< Content-Type: application/zip
< Content-Length: 3305997
< Last-Modified: Sat, 17 Mar 2018 22:00:59 GMT
< Connection: keep-alive
< ETag: "5aad901b-32720d"
< Accept-Ranges: bytes
<
{ [16132 bytes data]
100 3228k  100 3228k    0     0  1325k      0  0:00:02  0:00:02 --:--:-- 1325k
* Connection #0 to host mirror.netcologne.de left intact

A test with openssl s_client might give some more info

Simple test:
Code:
le8:~ # openssl s_client -quiet -CAfile /etc/ssl/cert.pem -verify_depth 32 -connect mirror.netcologne.de:443
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = mirror.netcologne.de
verify return:1

Test with lots of debug info:
Code:
openssl s_client -CAfile /etc/ssl/cert.pem -verify_depth 32 -showcerts -debug -connect mirror.netcologne.de:443

so long,

Hias
Reply
#21
(2018-05-15, 12:05)HiassofT Wrote: handshake

So I should run this code now?

code:
openssl s_client -CAfile /etc/ssl/cert.pem -verify_depth 32 -showcerts -debug -connect mirror.netcologne.de:443


Result - https://paste.kodi.tv/segihuxutu
Reply
#22
(2018-05-15, 11:08)wsnipex Wrote: so the issue is the cacert file.
 So if the issue is the cacert file, what does that actually mean and/or how do I fix it?
Reply
#23
well, as others with LE as well as your test with openssl have proven, the cacert is not to blame.
It rather looks like some intermittent network issue on your side.
Reply
#24
(2018-05-18, 16:26)wsnipex Wrote: well, as others with LE as well as your test with openssl have proven, the cacert is not to blame.
It rather looks like some intermittent network issue on your side.
 Hmm, ok thanks for your help and thanks everyone!

I guess my next step is to try and reach out to my ISP to see if somethings going wacky
Reply

Logout Mark Read Team Forum Stats Members Help
Network issues? Add-ons failing with MD5 mismatch0