need a little help understanding and solving signal errors #34
Comments
|
@Connoropolous - can you go to https://signal.holotest.net/metrics on the device you're testing on and see what it says about the cert? In the mean time, I'll look into the go lib to see if it's using some alternate TLS validation other than the native system one. |
|
There's very little information, possibly because it looks like it's just built-in that it uses the native device certs: https://pkg.go.dev/crypto/tls#Config // RootCAs defines the set of root certificate authorities
// that clients use when verifying server certificates.
// If RootCAs is nil, TLS uses the host's root CA set.
RootCAs *x509.CertPoolIs it possible the device you are testing on hasn't had an update in long enough that Let's Encrypt root CA is not up-to-date on it? EDIT: The go handling of this is irrelevant, since rust code is communicating with the signal server, and the rust code is for sure using the native system CAs. |
|
Also looks like you need iOS >= 9 (~2015) - https://www.ssllabs.com/ssltest/analyze.html?d=signal.holotest.net |
|
I visited, and it says 'connection is secure' from an iPhone XR, with iOS 16.4.1. That is the device I was testing on. |
|
can you give a bit more background. |
|
that is the signal server ip I guess, based on using |
|
@Connoropolous - Double check my logic - it looks like rustls-native-certs doesn't support ios, and the recommendation is to instead use https://github.com/rustls/rustls-platform-verifier... but that crate seems to have been deleted from crates.io. I will look into it further tomorrow. |
|
If nothing else, I guess we could use webpki-roots on android and ios. |
|
Your logic seems right. It seems to me that this particular comment has a simple solution that could work. rustls/rustls-native-certs#3 (comment) |
|
The same solution that is being used for macOS should work with iOS, so just including it through the targets |
|
Based on the logic in src/lib.rs iOS is likely compiling with the Unix platform code |
|
@Connoropolous - as I don't have a good way to directly test such a fix, I wouldn't be comfortable submitting a PR to their repo. I'll work on the webpki-roots fallback in our code, since it looks like we'll need that for android anyways. If you'd like to submit a PR for rustls-native-certs, then I can remove ios from the fallback set if/when it gets merged. |
|
Ok thankyou. We will await your solution and try it before doing anything else |
|
Will you give me a heads up here? |
|
@Connoropolous - can you give this a try? #35 Thanks! |
|
Yes absolutely, asap |
|
Thanks! |
|
Updating the stack to use this branch you posted worked to resolve the error! |
|
@Connoropolous @zippy wondering which release we should be getting this fix into. It didn't make it into the
|
|
PR to potentially backport to 0.2: holochain/holochain#2415 |
|
k. as I've done hands on testing, I've had inconclusive results. @neonphog I am wondering if its mandatory that tx2 still be enabled. Why is it? |
|
@Connoropolous - tx2 is tech debt at this point. We have a bunch of test mocks built around it that need to be migrated, plus the final work of deleting things. It just hasn't been prioritized. |
|
@Connoropolous - To get some additional hints into the tx5 state machine: EDIT: even better: |
|
thanks, I will try |
|
@neonphog I've just tried updating to 0.3.0-beta-dev.0 Here's my update, can you take a peek, does the error make any sense to you? |
|
@Connoropolous - I just created this issue: holochain/holochain#2422 |
|
Fantastic thanks |
we have the goal to compile and run holochain natively on ios, and it's almost working. Zome calls are working, but gossip isn't. here's what we're now seeing in the logs. We are now using
wss://signal.holotest.net, which corrected the initial error that we were previously having.is the cause of this obvious to you @neonphog ?
The text was updated successfully, but these errors were encountered: