InitCrypto fails always

Post here your questions about the Unity / .Net / Mono / Windows 8 / Windows Phone 8 API for SFS2X

Moderators: Lapo, Bax

FreeBird
Posts: 7
Joined: 30 Jun 2018, 04:26

InitCrypto fails always

Postby FreeBird » 14 Mar 2019, 17:42

Why would that happen? The error message I get is a completely unusable "Unknown Error".

This code is SFS's Unity sample code - that is, just a proof of concept. The server is SFS 2.13.0.

Here are the things I've done.

* Enabled encryption in the zone configuration (<isEncrypted>true</isEncrypted>)
* Originally with a Let's Encrypt certificate, and then later with one for which I popped 30 euros.
* Certificates are imported into a JKS keystore and placed in lib/jetty/etc. lib/jetty/start.d/ssl.ini is updated accordingly.

Upon SFS startup I can connect with the openssl command line tool and see the certificate etc.

From Unity I'm trying to login using the sample client (Connector.cs). If I disable encryption it works just fine. The moment I add a listener, it fails.

Code: Select all

if (useEncryption) {
      
    sfs.AddEventListener (SFSEvent.CRYPTO_INIT, OnCryptoInit);
}


And this in the OnConnection handler:

Code: Select all

if (useEncryption) {
         
    trace("Initializing Crypto");
    StartCoroutine(sfs.InitCrypto ());
} else {
            
    enableInterface ("LOGIN");
    uiState = 2;
}


And this is the OnCryptoInit:

Code: Select all

private void OnCryptoInit(BaseEvent evt) {

    trace("Crypto Initialized?");

    if ((bool) evt.Params["success"]) {

        trace("....YES!");
        enableInterface ("LOGIN");
        uiState = 2;
    } else {
         
        trace("Encryption initialization failed: " + (string)evt.Params["errorMessage"]);
    }
}
User avatar
Lapo
Site Admin
Posts: 23008
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: InitCrypto fails always

Postby Lapo » 15 Mar 2019, 10:21

Hi,
a few questions:
what version of the API are you using?
are you testing from the Editor or from the compiled app? What build target are you using?

Which step in your code triggers the error? Is it the InitCrypto request? Or something else?
Can you paste here the full stack trace of the client side error?

Have you checked the server side logs for possible related exceptions?
Can you point your browser to http://your-domain:8443 and see the green lock icon, confirming the https connection?

Thanks
Lapo
--
gotoAndPlay()
...addicted to flash games
FreeBird
Posts: 7
Joined: 30 Jun 2018, 04:26

Re: InitCrypto fails always

Postby FreeBird » 18 Mar 2019, 16:07

I am using SFS 2.13.0 on the server, client 1.7.9 on Unity.

The server installation is a fresh install with no custom code at all. The following configuration changes were made:

1. the HTTPS port number was changed in Jetty configuration to match my firewall.
2. The keystore file path and passwords were updated to match my configuration.

The client code is directly taken from https://www.smartfoxserver.com/download ... amples.zip.

A change was made to AdvancedConnector.cs: defaultWssPort & httpsPort were changed to match my firewall.

I am testing from Unity editor.

There are no exceptions on the server log.

The browser does show the lock icon confirming HTTPS.

The full stack trace is:

Encryption initialization failed: An error occurred while sending the request
UnityEngine.Debug:Log(Object)
AdvancedConnector:OnCryptoInit(BaseEvent) (at Assets/ConnectorAssets/Scripts/AdvancedConnector.cs:247)
Sfs2X.Core.EventDispatcher:DispatchEvent(BaseEvent)
Sfs2X.SmartFox:ProcessEvents()
AdvancedConnector:Update() (at Assets/ConnectorAssets/Scripts/AdvancedConnector.cs:77)

I could give you the server DNS name and Wireshark dumps via person-to-person message (not posted here).
User avatar
Lapo
Site Admin
Posts: 23008
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: InitCrypto fails always

Postby Lapo » 18 Mar 2019, 17:54

Hi,
so you're testing in the Editor but what is the "Build Target" set to?

Thanks
Lapo

--

gotoAndPlay()

...addicted to flash games
FreeBird
Posts: 7
Joined: 30 Jun 2018, 04:26

Re: InitCrypto fails always

Postby FreeBird » 19 Mar 2019, 01:06

Oh OK. In File > Build Settings, it is set to Target Platform: Windows, Architecture: x86_64. As I mentioned previously, no changes except in the remote port has been made to the downloaded project from smarfoxserver.com.
User avatar
Lapo
Site Admin
Posts: 23008
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: InitCrypto fails always

Postby Lapo » 19 Mar 2019, 09:12

Thanks. We replied to your emails.

Cheers
Lapo

--

gotoAndPlay()

...addicted to flash games
FreeBird
Posts: 7
Joined: 30 Jun 2018, 04:26

Re: InitCrypto fails always

Postby FreeBird » 23 Mar 2019, 08:00

To those who might reach this thread with similar issues: I resolved this with the help of SFS support. Briefly, the issue was that the keystore needed all certificates and keys under one single alias. I had an intermediate certificate listed under a different alias (the script used to generate keystore imported intermediates with a hashed version of their CN as the alias), so they were not served. This resulted in incomplete certificate chain verification at the client end - an error that was not reported accurately to the application code.
User avatar
AndyMartin458
Posts: 55
Joined: 15 May 2012, 21:57

Re: InitCrypto fails always

Postby AndyMartin458 » 02 Jul 2019, 14:49

How can I test if I'm having the same issue? I am able to connect from my machine to our server, but InitCrypto fails on my colleague's machine on his network. When my colleague tries to connect to our server, the server log says "com.smartfoxserver.v2.exceptions.SFSRuntimeException: Login rejected. Client is not using an encrypted connection", which doesn't really make sense. If the certificate is not meeting verification standards, the log should say certificate rejected.
User avatar
Lapo
Site Admin
Posts: 23008
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: InitCrypto fails always

Postby Lapo » 02 Jul 2019, 16:04

Hi,
AndyMartin458 wrote:How can I test if I'm having the same issue? I am able to connect from my machine to our server, but InitCrypto fails on my colleague's machine on his network. When my colleague tries to connect to our server, the server log says "com.smartfoxserver.v2.exceptions.SFSRuntimeException: Login rejected. Client is not using an encrypted connection", which doesn't really make sense. If the certificate is not meeting verification standards, the log should say certificate rejected.

Are you sure your colleague uses the same configuration you use?
The error message you have reported can be triggered when you establish a non-SSL connection and then attempt to login.

Every Zone in SFS2X can be configured to use encryption separately. Either he's not calling the initCrypto() method or he's not logging in the same Zone you're using.

As for testing the health of your certificate chain you can use one of these websites:
https://www.sslshopper.com/ssl-checker.html
https://www.digicert.com/help/

Type in your domain and don't forget to specify the HTTPS port number too, unless you've configured SFS2X to use the standard 443 value.

Hope it helps
Lapo

--

gotoAndPlay()

...addicted to flash games
User avatar
AndyMartin458
Posts: 55
Joined: 15 May 2012, 21:57

Re: InitCrypto fails always

Postby AndyMartin458 » 02 Jul 2019, 16:14

Hi Lapo. I've checked the certificate on both websites and it appears to be fine. rest.consortya.com:8443 . My colleague has a clone of the same repository with the same configuration settings. We've even met up and are now on the same wifi, with the same results. I can connect, and he cannot. The error happens when the code calls InitCrypto. I also set up a new thread to try and prevent from taking over this one.

viewtopic.php?f=20&t=21570

Return to “SFS2X C# API”

Who is online

Users browsing this forum: No registered users and 27 guests