Certificate verification Failure in mac

[Sindhu Madasamy]

Hi,

I am trying to set up the quic client and server. I get this error when i try to start the client

[0516/075906.476542:WARNING:proof_verifier_chromium.cc(531)] Failed to verify certificate chain: net::ERR_QUIC_CERT_ROOT_NOT_KNOWN

[0516/075906.476652:ERROR:tls_handshaker.cc(103)] TLS handshake failure (ENCRYPTION_HANDSHAKE) 46: certificate unknown

Failed to connect to 127.0.0.1:6121. QUIC_HANDSHAKE_FAILED TLS handshake failure (ENCRYPTION_HANDSHAKE) 46: certificate unknown

While using with --v=1 at client the trace ends with,

[0516/080143.614912:VERBOSE1:quic_packet_creator.cc(975)] Client: Successfully serialized coalesced packet of length: 1350

[0516/080143.614970:VERBOSE1:quic_connection.cc(2784)] Client: Setting default encryption level from ENCRYPTION_HANDSHAKE to ENCRYPTION_INITIAL

[0516/080143.615007:VERBOSE1:quic_connection.cc(3060)] Cancelling all QuicConnection alarms.

Failed to connect to 127.0.0.1:6121. QUIC_HANDSHAKE_FAILED TLS handshake failure (ENCRYPTION_HANDSHAKE) 46: certificate unknown

Here is what i tried to add the certificate

1.  The  certificate 2048-sha256-root.pem is added in the  Key chain Access at System and the enabled ALWAYS TRUST

2. Tried giving --allow_unknown_root_cer and  --disable_certificate_verification in the client

I followed all the steps in https://www.chromium.org/quic/playing-with-quic and looked up the solutions provided in this group too. But nothing helps! Im using Mac OS Catalina 10.15.4. 

[Nick Harper]

What URL are you trying to load and what are you specifying for your --origin-to-force-quic-on flag?

--
You received this message because you are subscribed to the Google Groups "QUIC Prototype Protocol Discussion group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to proto-quic+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/proto-quic/85ccd8f4-a98f-4f72-aec7-0d60221da285%40chromium.org.

[Sindhu Madasamy]

This is the command i use to run the client 

./out/Debug/quic_client --host=127.0.0.1 --port=6121 https://www.example.org/

I guess -origin-to-force-quic-on flag is used while testing it on Chrome. The certificate verification fails while running the simple quic client with the above command.

To unsubscribe from this group and stop receiving emails from it, send an email to proto...@chromium.org.

[Nick Harper]

Using the --allow_unknown_root_cert flag with quic_client should work.

To unsubscribe from this group and stop receiving emails from it, send an email to proto-quic+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/proto-quic/f65ba073-8a7e-4fa1-a1c0-914ea5a18082%40chromium.org.

[Sindhu Madasamy]

Thanks for you response Nick. 

Initially i was trying without giving the path to the certificate and adding the flag --allow_unknown_root_cert. By giving both it works!

 ./out/Debug/quic_client --host=127.0.0.1 --port=6121 https://www.example.org/ \

  --certificate_file=net/tools/quic/certs/out/2048--sha256-root.pem \

  --allow_unknown_root_cert 

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/proto-quic/f65ba073-8a7e-4fa1-a1c0-914ea5a18082%40chromium.org.

[Nick Harper]

The certificate_file flag is ignored on the client - it's used to specify on the server which certificate to provide.

To unsubscribe from this group and stop receiving emails from it, send an email to proto-quic+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/proto-quic/fccf1ccf-2b19-4f61-b4cc-992450e68c0c%40chromium.org.

[Xing adsfdsa]

I am sorry to disturb you again,and This is a student who is a new learner with a poor network.Thanks and wish you happy everyday.

When I go run go QUIC-go,an error like the image.

so I got the website info 'git rest hard',but failed again.

So what should I do next step?Thanks.

Sindhu Madasamy <sindhu....@gmail.com> 于2020年5月16日周六 下午8:12写道：

--
You received this message because you are subscribed to the Google Groups "QUIC Prototype Protocol Discussion group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to proto-quic+...@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/proto-quic/85ccd8f4-a98f-4f72-aec7-0d60221da285%40chromium.org.