Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x509: certificate is not valid for any names #27

Open
Brottweiler opened this issue Nov 24, 2021 · 4 comments
Open

x509: certificate is not valid for any names #27

Brottweiler opened this issue Nov 24, 2021 · 4 comments

Comments

@Brottweiler
Copy link
Contributor

Brottweiler commented Nov 24, 2021

This is most likely a PEBKAC since I am probably not understanding the instructions correctly, so here's my issue.

I've gotten the CID, GID and bot token and I can start the bridge fine with mumble-insecure set to true. But when I run it with it set to false, it won't connect;

2021/11/24 21:30:59 To Discord Jitter Buffer:  50  ms
2021/11/24 21:30:59 To Mumble Jitter Buffer:  50  ms
2021/11/24 21:30:59 Discord Bot Connected
2021/11/24 21:30:59 Discord bot looking for command !mumble-discord
2021/11/24 21:30:59 CREATE event registered
2021/11/24 21:30:59 bridge starting in constant mode
2021/11/24 21:30:59 Attempting to join Discord voice channel
2021/11/24 21:31:00 Discord Voice Connected
2021/11/24 21:31:00 Attempting to join Mumble
2021/11/24 21:31:00 x509: certificate is not valid for any names, but wanted to match ???
2021/11/24 21:31:01 Bridge died

I did try generate a certificate (which is optional it says) but it doesn't work still. I replaced the mumble address with question marks.

@Brottweiler Brottweiler changed the title x509: certificate is not valid for any names (PEBKAC) x509: certificate is not valid for any names Nov 24, 2021
@stryan
Copy link
Contributor

stryan commented Nov 24, 2021

That sounds like an issue with your Mumble host certificate; can you verify that the certificate on your mumble host has the host as its CommonName or SAN? I.e. if the ??? was "mumble.example.com" then the certificate would have "mumble.example.com" as either the CommonName or a SubjectAlternativeName.

@Brottweiler
Copy link
Contributor Author

@stryan I am not really sure what CommonName or SAN is, but when I view the info of the server and the "Certificate Chain Details", it does say

Issued by:
Common Name: Murmur Autogenerated Certificate v2

You are correct that the address is mumble.example.com.

@stryan
Copy link
Contributor

stryan commented Nov 25, 2021

Ah, you're using the Mumble generated certificate. The auto-generated certificate doesn't actually know what you're calling your server so it doesn't have the right names on it.

I don't think Murmur has a way of automatically generating an actual trusted certificate for your server, though I'm not at home to verify this. So if you're not providing one manually through the

sslCert=cert.pem
sslKey=key.pem

options in Murmur.ini, you'll probably need to use the -mumble-insecure option to connect.

If you want to use the server outside of small-scale or testing purposes, you can grab a free certificate from Let's Encrypt. That will work without the -mumble-insecure option

as a side-note; I do suspect this problem will keep coming up for others. I might take a look at adding some kind of TOFU-style system to the bridge for auto-generated and self-signed certificates. I know Gumble uses something similar for self-signed certs.

@Brottweiler
Copy link
Contributor Author

I am using this on a very small scale basis (or testing) so that's not a problem really. Thanks for your support, and yeah I think this issue might come up to more people.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants