Thread '"SSL Connect Error" BOINC 7.20.2 for Windows 10 22H2'

Message boards : BOINC client : "SSL Connect Error" BOINC 7.20.2 for Windows 10 22H2
Message board moderation

To post messages, you must log in.

1 · 2 · Next

AuthorMessage
SoCrunchy

Send message
Joined: 14 Apr 23
Posts: 9
Message 111552 - Posted: 14 Apr 2023, 4:03:01 UTC
Last modified: 14 Apr 2023, 4:07:37 UTC

Originally asked on the WCG forums: https://www.worldcommunitygrid.org/forums/wcg/viewthread_thread,44701

Hi, first post on the BOINC forums. I tend to prefer using the latest stable release of software and was excited to upgrade to the 7.20 branch of BOINC client/manager. I noticed in the changelog that instead of using C:\Program Files\BOINC\ca-bundle.crt like earlier branches, the 7.20 branch uses Windows's built-in CA certificates.

Yet when attempting to use 7.20.x, I get:

11/10/2022 7:23:25 PM | World Community Grid | Requesting new tasks for CPU
11/10/2022 7:23:26 PM | | Project communication failed: attempting access to reference site
11/10/2022 7:23:26 PM | World Community Grid | Scheduler request failed: Couldn't connect to server
11/10/2022 7:23:27 PM | | BOINC can't access Internet - check network connection or proxy configuration.
11/10/2022 7:24:13 PM | World Community Grid | update requested by user
11/10/2022 7:24:16 PM | World Community Grid | Sending scheduler request: Requested by user.
11/10/2022 7:24:16 PM | World Community Grid | Requesting new tasks for CPU
11/10/2022 7:24:17 PM | World Community Grid | Scheduler request failed: SSL connect error


Note: I'm able to connect to other local computers on the local network, which means that networking works fine in BOINC Manager. The issue is solely with connectivity to the outside world, since 1) connectivity to WCG fails; and 2) connectivity to the reference site (I believe BOINC uses https://google.com) also fails.

I've since reverted back to the 7.16.11 version, which works fine. Can someone help me troubleshoot and resolve this? I'm not using a proxy or anything. Just a home user on Windows 10 Pro 22H2.

This SSL error occurs on two PCs, and the workaround to downgrade to 7.16 worked on both PCs.

Either BOINC cannot access the Windows CA certificates, or maybe my computers are compromised, which would be creepy. Any ideas? I didn't get any solutions on the WCG forums.
ID: 111552 · Report as offensive
ProfileJord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15573
Netherlands
Message 111555 - Posted: 14 Apr 2023, 12:23:42 UTC - in response to Message 111552.  

Are they up then? I haven't been keeping up with all the latest news, but as far as I know they're still in the process of setting up the project, with a lot of problems.
See https://boinc.berkeley.edu/forum_thread.php?id=14949 and https://www.worldcommunitygrid.org/forums/wcg/viewthread_thread,45230_offset,10
ID: 111555 · Report as offensive
SoCrunchy

Send message
Joined: 14 Apr 23
Posts: 9
Message 111556 - Posted: 14 Apr 2023, 12:29:57 UTC

This has nothing to do with WCG being up or down and everything to do with why 7.20 (which uses Windows's CA certificate bundle instead of BOINC's ca-bundle.crt) doesn't work.

In case it's not clear from my OP:

1. In 7.20 on Windows, even the reference site connectivity fails to https://google.com
2. Downgrading to 7.16 on Windows works fine.

I need help identifying the reason BOINC 7.20.x on Windows fails to set up a TLS handshake.
ID: 111556 · Report as offensive
ProfileDave
Help desk expert

Send message
Joined: 28 Jun 10
Posts: 2725
United Kingdom
Message 111557 - Posted: 14 Apr 2023, 12:37:17 UTC - in response to Message 111556.  

I need help identifying the reason BOINC 7.20.x on Windows fails to set up a TLS handshake.


Using 7.20.2 here under WINE rather than Windows, it connects fine. Is it possible you have updates to your Windows10 disabled so it is causing the problem? If the problem were general, I would have expected to see lots of posts about it.
ID: 111557 · Report as offensive
SoCrunchy

Send message
Joined: 14 Apr 23
Posts: 9
Message 111558 - Posted: 14 Apr 2023, 13:10:04 UTC - in response to Message 111557.  

I'm on Win10Pro 22H2 and make sure to get the monthly Windows Updates. Currently on April 2023 patch level. I just wish there was a way to troubleshoot this. Maybe I can run a packet capture on the router and see if the Windows boxes are even making an outbound attempt to Google from BOINC, but I think they're not even leaving the system.

I do have Secure Boot disabled on these boxes unfortunately. It's weird that it affects two of my desktops instead of just one.

There was a known issue in Windows 11 where TLS handshakes would fail, but I couldn't find a known issue in Windows 10 for the same thing. I could somehow try to find the source code on GitHub on how BOINC 7.20+ uses the Windows API for TLS, but... my programming is rusty.

I have a newer laptop on Windows as well and could try BOINC 7.20 and see if the problem occurs on the laptop too or not.

For now, 7.16 works fine, and I do plan on selling or retiring both of these PCs. It's just annoying I can't find out root cause.
ID: 111558 · Report as offensive
SoCrunchy

Send message
Joined: 14 Apr 23
Posts: 9
Message 111559 - Posted: 14 Apr 2023, 13:13:12 UTC
Last modified: 14 Apr 2023, 13:21:04 UTC

I'm gonna try this tool and see if I'm compromised by malware that installed a rogue CA certificate.

https://www.ghacks.net/2015/11/25/give-your-windows-certificate-store-a-thorough-scan-for-suspicious-certs/

But even if I was, BOINC would still be able to hit the Google.com test site. It'd just be MITM to the attacker.

Edit: Microsoft Sigcheck seems newer and part of their SysInternals suite. I'll run that.
ID: 111559 · Report as offensive
ProfileJord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15573
Netherlands
Message 111560 - Posted: 14 Apr 2023, 13:41:43 UTC - in response to Message 111556.  

and everything to do with why 7.20 (which uses Windows's CA certificate bundle instead of BOINC's ca-bundle.crt) doesn't work.
Well, in that case you seem to be missing a certificate, and then it's not BOINC's fault. I've just updated my 7.16.20 to 7.20.2 on Windows 10 Pro 22H2 and it has no trouble at all contacting WCG.

So, go to Options->Event Log Options and check http_debug -> Apply -> Save.
Then contact WCG and copy & post that part of the log, it's quite long. Best turn off http_debug after this. Or compare it against mine here:

14/04/2023 15:38:57 | World Community Grid | update requested by user
14/04/2023 15:38:58 |  | [http] HTTP_OP::init_get(): https://www.worldcommunitygrid.org/viewNoticesRSSFeed.action?userIdHash=169974_edf17a5b8421cc294c6dace3cc57d81d
14/04/2023 15:38:58 | World Community Grid | Sending scheduler request: Requested by user.
14/04/2023 15:38:58 | World Community Grid | Not requesting tasks: "no new tasks" requested via Manager
14/04/2023 15:38:58 | World Community Grid | [http] HTTP_OP::init_post(): https://scheduler.worldcommunitygrid.org/boinc/wcg_cgi/fcgi
14/04/2023 15:38:58 |  | [http] [ID#0] Info:  Found bundle for host: 0x21446c3b6f0 [serially]
14/04/2023 15:38:58 |  | [http] [ID#0] Info:  Re-using existing connection #20 with host www.worldcommunitygrid.org
14/04/2023 15:38:58 |  | [http] [ID#0] Info:  Connected to www.worldcommunitygrid.org (199.241.167.118) port 443 (#20)
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server: GET /viewNoticesRSSFeed.action?userIdHash=169974_edf17a5b8421cc294c6dace3cc57d81d HTTP/1.1
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server: Host: www.worldcommunitygrid.org
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server: User-Agent: BOINC client (windows_x86_64 7.20.2)
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server: Accept: */*
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server: Accept-Encoding: deflate, gzip
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server: Accept-Language: en_GB
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server: p_vendor>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:     <p_model>AMD Ryzen 9 3900X 12-Core Processor [Family 23 Model 113 Stepping 0]</p_model>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:     <p_features>fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 htt pni ssse3 fma cx16 sse4_1 sse4_2 movebe popcnt aes f16c rdrandsyscall nx lm avx avx2 svm sse4a osvw ibs skinit wdt tce topx page1gb rdtscp fsgsbase bmi1 smep bmi2</p_features>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:     <p_fpops>5338311270.927796</p_fpops>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:     <p_iops>16277292994.575529</p_iops>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:     <p_membw>90909090.909091</p_membw>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:     <p_calculated>1681479301.529600</p_calculated>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:     <p_vm_extensions_disabled>0</p_vm_extensions_disabled>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:     <m_nbytes>34281639936.000000</m_nbytes>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:     <m_cache>524288.000000</m_cache>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:     <m_swap>39381913600.000000</m_swap>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:     <d_total>4000776716288.000000</d_total>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:     <d_free>2968820645888.000000</d_free>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:     <os_name>Microsoft Windows 10</os_name>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:     <os_version>Professional x64 Edition, (10.00.19045.00)</os_version>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:     <n_usable_coprocs>1</n_usable_coprocs>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:     <wsl_available>0</wsl_available>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:     <coprocs>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server: <coproc_ati>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <count>1</count>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <name>AMD Radeon RX 5700 XT</name>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <available_ram>8573157376.000000</available_ram>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <have_cal>0</have_cal>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <have_opencl>1</have_opencl>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <peak_flops>9292800000000.000000</peak_flops>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <CALVersion></CALVersion>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <target>0</target>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <localRAM>8176</localRAM>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <uncachedRemoteRAM>0</uncachedRemoteRAM>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <cachedRemoteRAM>0</cachedRemoteRAM>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <engineClock>1815</engineClock>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <memoryClock>0</memoryClock>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <wavefrontSize>0</wavefrontSize>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <numberOfSIMD>0</numberOfSIMD>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <doublePrecision>0</doublePrecision>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <pitch_alignment>0</pitch_alignment>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <surface_alignment>0</surface_alignment>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <maxResource1DWidth>0</maxResource1DWidth>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <maxResource2DWidth>0</maxResource2DWidth>
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server:    <maxRes
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Info:  Found bundle for host: 0x2144918b2c0 [serially]
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Info:  Re-using existing connection #21 with host scheduler.worldcommunitygrid.org
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Info:  Connected to scheduler.worldcommunitygrid.org (199.241.167.118) port 443 (#21)
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server: POST /boinc/wcg_cgi/fcgi HTTP/1.1
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server: Host: scheduler.worldcommunitygrid.org
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server: User-Agent: BOINC client (windows_x86_64 7.20.2)
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server: Accept: */*
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server: Accept-Encoding: deflate, gzip
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server: Accept-Language: en_GB
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server: Content-Length: 11428
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server: Content-Type: application/x-www-form-urlencoded
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server: l>AMD Ryzen 9 3900X 12-Core Processor [Family 23 Model 113 Stepping 0]</p_model>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:     <p_features>fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 htt pni ssse3 fma cx16 sse4_1 sse4_2 movebe popcnt aes f16c rdrandsyscall nx lm avx avx2 svm sse4a osvw ibs skinit wdt tce topx page1gb rdtscp fsgsbase bmi1 smep bmi2</p_features>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:     <p_fpops>5338311270.927796</p_fpops>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:     <p_iops>16277292994.575529</p_iops>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:     <p_membw>90909090.909091</p_membw>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:     <p_calculated>1681479301.529600</p_calculated>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:     <p_vm_extensions_disabled>0</p_vm_extensions_disabled>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:     <m_nbytes>34281639936.000000</m_nbytes>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:     <m_cache>524288.000000</m_cache>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:     <m_swap>39381913600.000000</m_swap>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:     <d_total>4000776716288.000000</d_total>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:     <d_free>2968820645888.000000</d_free>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:     <os_name>Microsoft Windows 10</os_name>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:     <os_version>Professional x64 Edition, (10.00.19045.00)</os_version>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:     <n_usable_coprocs>1</n_usable_coprocs>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:     <wsl_available>0</wsl_available>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:     <coprocs>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server: <coproc_ati>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <count>1</count>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <name>AMD Radeon RX 5700 XT</name>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <available_ram>8573157376.000000</available_ram>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <have_cal>0</have_cal>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <have_opencl>1</have_opencl>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <peak_flops>9292800000000.000000</peak_flops>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <CALVersion></CALVersion>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <target>0</target>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <localRAM>8176</localRAM>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <uncachedRemoteRAM>0</uncachedRemoteRAM>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <cachedRemoteRAM>0</cachedRemoteRAM>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <engineClock>1815</engineClock>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <memoryClock>0</memoryClock>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <wavefrontSize>0</wavefrontSize>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <numberOfSIMD>0</numberOfSIMD>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <doublePrecision>0</doublePrecision>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <pitch_alignment>0</pitch_alignment>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <surface_alignment>0</surface_alignment>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <maxResource1DWidth>0</maxResource1DWidth>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <maxResource2DWidth>0</maxResource2DWidth>
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Sent header to server:    <maxRes
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Info:  We are completely uploaded and fine
14/04/2023 15:38:58 |  | [http] [ID#0] Info:  Mark bundle as not supporting multiuse
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: HTTP/1.1 200 OK
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: Date: Fri, 14 Apr 2023 13:38:59 GMT
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: Server: Apache
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: X-Powered-By: Servlet/3.1
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: ETag: 1749239462
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: X-Content-Type-Options: nosniff
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: X-XSS-Protection: 1; mode=block
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: Cache-Control: no-cache, no-store, max-age=0, must-revalidate
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: Pragma: no-cache
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: Expires: 0
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: Strict-Transport-Security: max-age=31536000; includeSubDomains
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: X-Frame-Options: SAMEORIGIN
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: Vary: Accept-Encoding
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: Content-Encoding: gzip
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: Referrer-Policy: no-referrer-when-downgrade
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://d2bnxibecyz4h5.cloudfront.net https://www.google-analytics.com/analytics.js https://static.cdn.prismic.io/prismic.js; connect-src 'self' https://www.google-analytics.com https://surveygizmobeacon.s3.amazonaws.com https://world-community-grid.cdn.prismic.io https://world-community-grid.prismic.io/api/v2; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com  https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; img-src * data:; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://www.surveygizmo.com https://world-community-grid.prismic.io/;
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: Content-Type: text/xml; charset=UTF-8
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: Content-Language: en-US
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: Set-Cookie: WCG-SESSION=0000p4XIi_FEjRLM1A7r3rFHEJ2:-1; Expires=Fri, 14-Apr-23 14:08:58 GMT; Path=/; Domain=.worldcommunitygrid.org; Secure; HttpOnly
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: Transfer-Encoding: chunked
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server:
14/04/2023 15:38:58 |  | [http] [ID#0] Received header from server: 4ae
14/04/2023 15:38:58 |  | 
14/04/2023 15:38:58 |  | [http] [ID#0] Info:  Connection #20 to host www.worldcommunitygrid.org left intact
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Info:  schannel: failed to decrypt data, need more data
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Info:  schannel: failed to decrypt data, need more data
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Info:  Mark bundle as not supporting multiuse
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Received header from server: HTTP/1.1 200 OK
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Received header from server: Date: Fri, 14 Apr 2023 13:38:59 GMT
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Received header from server: Server: Apache
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Received header from server: Vary: Accept-Encoding
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Received header from server: Content-Encoding: gzip
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Received header from server: X-Frame-Options: SAMEORIGIN
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Received header from server: Content-Length: 3099
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Received header from server: Content-Type: text/xml
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Received header from server:
14/04/2023 15:38:58 | World Community Grid | 
14/04/2023 15:38:58 | World Community Grid | [http] [ID#1] Info:  Connection #21 to host scheduler.worldcommunitygrid.org left intact
14/04/2023 15:38:59 | World Community Grid | Scheduler request completed
14/04/2023 15:38:59 | World Community Grid | Project requested delay of 121 seconds
ID: 111560 · Report as offensive
SoCrunchy

Send message
Joined: 14 Apr 23
Posts: 9
Message 111561 - Posted: 14 Apr 2023, 14:30:46 UTC
Last modified: 14 Apr 2023, 14:45:46 UTC

Thanks for the http_debug idea.

I upgraded one of the boxes from 7.16.11 to 7.20.2

4/14/2023 10:27:11 AM | World Community Grid | update requested by user
4/14/2023 10:27:12 AM |  | [http] HTTP_OP::init_get(): https://www.worldcommunitygrid.org/viewNoticesRSSFeed.action?userIdHash=[hash-redacted]
4/14/2023 10:27:12 AM |  | [http] [ID#0] Info:  Hostname in DNS cache was stale, zapped
4/14/2023 10:27:12 AM |  | [http] [ID#0] Info:    Trying 199.241.167.118:443...
4/14/2023 10:27:12 AM |  | [http] [ID#0] Info:  Connected to www.worldcommunitygrid.org (199.241.167.118) port 443 (#3)
4/14/2023 10:27:12 AM |  | [http] [ID#0] Info:  schannel: disabled automatic use of client certificate
4/14/2023 10:27:12 AM |  | [http] [ID#0] Info:  ALPN: offers http/1.1
4/14/2023 10:27:12 AM |  | [http] [ID#0] Info:  schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline.
4/14/2023 10:27:12 AM |  | [http] [ID#0] Info:  Closing connection 3
4/14/2023 10:27:12 AM |  | [http] HTTP error: SSL connect error
4/14/2023 10:27:15 AM | World Community Grid | Sending scheduler request: Requested by user.
4/14/2023 10:27:15 AM | World Community Grid | Reporting 1 completed tasks
4/14/2023 10:27:15 AM | World Community Grid | Not requesting tasks: don't need ()
4/14/2023 10:27:15 AM | World Community Grid | [http] HTTP_OP::init_post(): https://scheduler.worldcommunitygrid.org/boinc/wcg_cgi/fcgi
4/14/2023 10:27:15 AM |  | [http] HTTP_OP::init_get(): https://boinc.berkeley.edu/download.php?xml=1
4/14/2023 10:27:15 AM |  | [http] [ID#0] Info:    Trying 208.68.240.115:443...
4/14/2023 10:27:15 AM | World Community Grid | [http] [ID#1] Info:    Trying 199.241.167.118:443...
4/14/2023 10:27:15 AM | World Community Grid | [http] [ID#1] Info:  Connected to scheduler.worldcommunitygrid.org (199.241.167.118) port 443 (#4)
4/14/2023 10:27:15 AM | World Community Grid | [http] [ID#1] Info:  schannel: disabled automatic use of client certificate
4/14/2023 10:27:15 AM | World Community Grid | [http] [ID#1] Info:  ALPN: offers http/1.1
4/14/2023 10:27:15 AM |  | [http] [ID#0] Info:  Connected to boinc.berkeley.edu (208.68.240.115) port 443 (#5)
4/14/2023 10:27:15 AM |  | [http] [ID#0] Info:  schannel: disabled automatic use of client certificate
4/14/2023 10:27:15 AM |  | [http] [ID#0] Info:  ALPN: offers http/1.1
4/14/2023 10:27:15 AM | World Community Grid | [http] [ID#1] Info:  schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline.
4/14/2023 10:27:15 AM | World Community Grid | [http] [ID#1] Info:  Closing connection 4
4/14/2023 10:27:15 AM | World Community Grid | [http] HTTP error: SSL connect error
4/14/2023 10:27:15 AM |  | [http] [ID#0] Info:  schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline.
4/14/2023 10:27:15 AM |  | [http] [ID#0] Info:  Closing connection 5
4/14/2023 10:27:15 AM |  | [http] HTTP error: SSL connect error
4/14/2023 10:27:16 AM | World Community Grid | Scheduler request failed: SSL connect error
ID: 111561 · Report as offensive
ProfileJord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15573
Netherlands
Message 111562 - Posted: 14 Apr 2023, 14:43:32 UTC - in response to Message 111561.  

The revocation function was unable to check revocation because the revocation server was offline
How do you connect to the internet? Via a proxy? A VPN? Any other means that uses its own certificate or certificate server, like a corporate server (active server or domain) or firewall?

People posting about it with the same problem:
https://learn.microsoft.com/en-us/answers/questions/1003508/new-ad-cs-2022-issuing-wont-start-because-the-revo
https://stealthpuppy.com/resolving-issues-starting-ca-offline-crl/
ID: 111562 · Report as offensive
SoCrunchy

Send message
Joined: 14 Apr 23
Posts: 9
Message 111563 - Posted: 14 Apr 2023, 14:49:21 UTC - in response to Message 111562.  
Last modified: 14 Apr 2023, 15:03:03 UTC

The revocation function was unable to check revocation because the revocation server was offline
How do you connect to the internet? Via a proxy? A VPN? Any other means that uses its own certificate or certificate server, like a corporate server (active server or domain) or firewall?

No proxy. No VPN. No special certificate or CA situation. No corporate server, just home user and home network. No special firewall or TLS decryption/deep packet inspection stuff. No Active Directory domain or anything fancy like that. No fancy HIDS/HIPS or even 3rd party antivirus. Just using Windows Defender.

BOINC 7.16.x version works perfectly fine, but it uses C:\Program Files\BOINC\ca-bundle.crt instead of relying on Windows.

Edited to Add: I tried BOINC 7.22.0 for Windows (unreleased I believe), and it's the same error. Here's a part where it tries to access the reference site:

4/14/2023 11:00:03 AM |  | [http] [ID#0] Info:    Trying 64.233.185.147:443...
4/14/2023 11:00:03 AM |  | [http] [ID#0] Info:  Connected to www.google.com (64.233.185.147) port 443 (#1)
4/14/2023 11:00:03 AM |  | [http] [ID#0] Info:  schannel: disabled automatic use of client certificate
4/14/2023 11:00:03 AM |  | [http] [ID#0] Info:  ALPN: offers http/1.1
4/14/2023 11:00:03 AM |  | [http] [ID#0] Info:  schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline.
4/14/2023 11:00:03 AM |  | [http] [ID#0] Info:  Closing connection 1
4/14/2023 11:00:03 AM |  | [http] HTTP error: SSL connect error
4/14/2023 11:00:03 AM |  | BOINC can't access Internet - check network connection or proxy configuration.
ID: 111563 · Report as offensive
ProfileJord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15573
Netherlands
Message 111564 - Posted: 14 Apr 2023, 16:14:48 UTC
Last modified: 14 Apr 2023, 16:19:16 UTC

Can you please post all contents of both global_prefs.xml and global_prefs_override.xml, if the latter exists? You can open these with Notepad, and they're found in your BOINC data directory, default in a hidden directory at C:\Programdata\BOINC\, so fill in the address in Windows Explorer and hit Enter.

Edit: and can you please post the first 30 or so lines of a start up log after you started BOINC?
ID: 111564 · Report as offensive
ProfileJord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15573
Netherlands
Message 111565 - Posted: 14 Apr 2023, 16:32:52 UTC
Last modified: 14 Apr 2023, 16:34:07 UTC

Meanwhile.

My log goes:
14/04/2023 15:38:58 |  | [http] [ID#0] Info:  Connected to www.worldcommunitygrid.org (199.241.167.118) port 443 (#20)
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server: GET /viewNoticesRSSFeed.action?userIdHash=169974_edf17a5b8421cc294c6dace3cc57d81d HTTP/1.1
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server: Host: www.worldcommunitygrid.org
14/04/2023 15:38:58 |  | [http] [ID#0] Sent header to server: User-Agent: BOINC client (windows_x86_64 7.20.2)


Your log goes:
4/14/2023 10:27:12 AM |  | [http] [ID#0] Info:  Connected to www.worldcommunitygrid.org (199.241.167.118) port 443 (#3)
4/14/2023 10:27:12 AM |  | [http] [ID#0] Info:  schannel: disabled automatic use of client certificate
4/14/2023 10:27:12 AM |  | [http] [ID#0] Info:  ALPN: offers http/1.1
4/14/2023 10:27:12 AM |  | [http] [ID#0] Info:  schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline.
4/14/2023 10:27:12 AM |  | [http] [ID#0] Info:  Closing connection 3

My log doesn't state that it disabled automatic use of client certificate, yours does. This is a Curl error. Usually in combination with a VPN. Your modem/router doesn't have a VPN added either?

Btw, something you said:
I noticed in the changelog that instead of using C:\Program Files\BOINC\ca-bundle.crt like earlier branches, the 7.20 branch uses Windows's built-in CA certificates.
Where did you see this? As I cannot find it. Neither in the 7.20 changelog, nor in the 7.22 changelog (checked in case you looked wrong), nor in the Release Notes in our Wiki.
ID: 111565 · Report as offensive
SoCrunchy

Send message
Joined: 14 Apr 23
Posts: 9
Message 111568 - Posted: 14 Apr 2023, 23:20:33 UTC - in response to Message 111565.  

Btw, something you said:
I noticed in the changelog that instead of using C:\Program Files\BOINC\ca-bundle.crt like earlier branches, the 7.20 branch uses Windows's built-in CA certificates.
Where did you see this? As I cannot find it. Neither in the 7.20 changelog, nor in the 7.22 changelog (checked in case you looked wrong), nor in the Release Notes in our Wiki.


2nd line in the Wiki release notes. It wasn't immediately clear at first since it didn't say "CA" or "certificate" bundle, but it's clear if you think about it.
Changes in 7.20.0

Client: detect > 4 GB RAM on NIVIDIA GPUs
Client: use system's OS bundle rather than our own


In other words:

* In 7.16: Event Log with http_debug turned on: See BOINC mention using C:\Program Files\BOINC\ca-bundle.crt specifically and then successfully connect to WCG, Berkeley, Google, etc.
* In 7.20+: Event Log with http_debug turned on: See BOINC mention Microsoft Schannel, which means BOINC now relies on Windows to set up the TLS session using built-in CA certificate store and built-in cryptographic libraries

I can post the Event Log that 7.16 uses. But yes, I do believe since 7.20.0 that the OS's cert bundle is used.
ID: 111568 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 5133
United Kingdom
Message 111569 - Posted: 15 Apr 2023, 6:10:06 UTC

The change from ca-bundle.crt to schannel was the subject of intense discussion and testing in early October 2021 - I was heavily involved in that process. The first Windows release for v7.20 (7.20.0) became available in mid-June 2022. Details in https://github.com/BOINC/boinc/pull/4545.

My question would be - what is the internet access like for other, more generic, applications on the affected machines? Do web browsers connect to secure sites normally? Is Windows Update working normally? Or is the connection problem limited, specifically, to BOINC and only BOINC?
ID: 111569 · Report as offensive
ProfileJord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15573
Netherlands
Message 111570 - Posted: 15 Apr 2023, 6:35:00 UTC - in response to Message 111564.  

Can you please post all contents of both global_prefs.xml and global_prefs_override.xml, if the latter exists? You can open these with Notepad, and they're found in your BOINC data directory, default in a hidden directory at C:\Programdata\BOINC\, so fill in the address in Windows Explorer and hit Enter.

Edit: and can you please post the first 30 or so lines of a start up log after you started BOINC?
ID: 111570 · Report as offensive
SoCrunchy

Send message
Joined: 14 Apr 23
Posts: 9
Message 111571 - Posted: 15 Apr 2023, 12:42:19 UTC - in response to Message 111569.  
Last modified: 15 Apr 2023, 12:46:07 UTC

The change from ca-bundle.crt to schannel was the subject of intense discussion and testing in early October 2021 - I was heavily involved in that process. The first Windows release for v7.20 (7.20.0) became available in mid-June 2022. Details in https://github.com/BOINC/boinc/pull/4545.

My question would be - what is the internet access like for other, more generic, applications on the affected machines? Do web browsers connect to secure sites normally? Is Windows Update working normally? Or is the connection problem limited, specifically, to BOINC and only BOINC?


Hi Richard! I've posted a little on the GitHub over the years but made an account here. Been out of the loop a couple years. This only affects BOINC 7.20.0+ and only BOINC 7.20.0+ on the affected machines. Windows Updates and everything works without any issue. All web browsers (including Internet Explorer, Edge) connect to https sites without issue. No proxy or VPN or anything out of the ordinary. The only thing that comes to mind is I've disabled IPv6 on the adapters, leaving only IPv4. I haven't done anything in the Registry except disable the Windows Script Host, which prevents execution of .js and .vbs files. I can't think of anything out of the ordinary on these machines. Everything works except BOINC 7.20 and above.

Desktop 1:
Firefox Beta, Firefox Developer, Chromium, Thunderbird, messaging apps, MS Office, Spotify, dozens more normal apps that typically use https.

Desktop 2:
Firefox Beta, Google Chrome, Android Studio, etc.

Laptop 3:
Currently never had BOINC installed, but is a fresher Windows 10 install than the desktops. I can try BOINC 7.20.0 on it (and assume it will work lol).


Worst case scenario: It's not the end of the world. I plan on retiring both of these desktops sometime in 2023. Selling one and putting Linux on the other. I can get by just fine with 7.16 which uses ca-bundle.crt. This is more of a curiosity and wanting to be on the latest stable release.
ID: 111571 · Report as offensive
SoCrunchy

Send message
Joined: 14 Apr 23
Posts: 9
Message 111572 - Posted: 15 Apr 2023, 12:56:59 UTC
Last modified: 15 Apr 2023, 12:58:21 UTC

BOINC 7.20.2 on Windows 7 Pro SP1 64-bit works fine:

4/15/2023 8:53:43 AM | World Community Grid | update requested by user
4/15/2023 8:53:43 AM |  | [http] HTTP_OP::init_get(): https://www.worldcommunitygrid.org/viewNoticesRSSFeed.action?userIdHash=blah
4/15/2023 8:53:44 AM |  | [http] [ID#0] Info:  Too old connection (127 seconds idle), disconnect it
4/15/2023 8:53:44 AM |  | [http] [ID#0] Info:  Connection 3 seems to be dead
4/15/2023 8:53:44 AM |  | [http] [ID#0] Info:  Closing connection 3
4/15/2023 8:53:44 AM |  | [http] [ID#0] Info:  schannel: shutting down SSL/TLS connection with boinc.berkeley.edu port 443
4/15/2023 8:53:44 AM |  | [http] [ID#0] Info:  Too old connection (127 seconds idle), disconnect it
4/15/2023 8:53:44 AM |  | [http] [ID#0] Info:  Connection 2 seems to be dead
4/15/2023 8:53:44 AM |  | [http] [ID#0] Info:  Closing connection 2
4/15/2023 8:53:44 AM |  | [http] [ID#0] Info:  schannel: shutting down SSL/TLS connection with scheduler.worldcommunitygrid.org port 443
4/15/2023 8:53:44 AM |  | [http] [ID#0] Info:  Too old connection (124 seconds idle), disconnect it
4/15/2023 8:53:44 AM |  | [http] [ID#0] Info:  Connection 4 seems to be dead
4/15/2023 8:53:44 AM |  | [http] [ID#0] Info:  Closing connection 4
4/15/2023 8:53:44 AM |  | [http] [ID#0] Info:  schannel: shutting down SSL/TLS connection with download.worldcommunitygrid.org port 443
4/15/2023 8:53:44 AM |  | [http] [ID#0] Info:  Found bundle for host: 0x2b06da0 [serially]
4/15/2023 8:53:44 AM |  | [http] [ID#0] Info:    Trying 199.241.167.118:443...
4/15/2023 8:53:44 AM |  | [http] [ID#0] Info:  Connected to www.worldcommunitygrid.org (199.241.167.118) port 443 (#6)
4/15/2023 8:53:44 AM |  | [http] [ID#0] Info:  schannel: disabled automatic use of client certificate
4/15/2023 8:53:44 AM |  | [http] [ID#0] Sent header to server: GET /viewNoticesRSSFeed.action?userIdHash=blahblahHTTP/1.1
4/15/2023 8:53:44 AM |  | [http] [ID#0] Sent header to server: Host: www.worldcommunitygrid.org
4/15/2023 8:53:44 AM |  | [http] [ID#0] Sent header to server: User-Agent: BOINC client (windows_x86_64 7.20.2)
4/15/2023 8:53:44 AM |  | [http] [ID#0] Sent header to server: Accept: */*
4/15/2023 8:53:44 AM |  | [http] [ID#0] Sent header to server: Accept-Encoding: deflate, gzip
4/15/2023 8:53:44 AM |  | [http] [ID#0] Sent header to server: Accept-Language: en_US
4/15/2023 8:53:44 AM |  | [http] [ID#0] Sent header to server:
ID: 111572 · Report as offensive
ProfileJoseph Stateson
Volunteer tester
Avatar

Send message
Joined: 27 Jun 08
Posts: 641
United States
Message 111573 - Posted: 15 Apr 2023, 13:26:36 UTC
Last modified: 15 Apr 2023, 13:33:58 UTC

I had a similar problem upgrading to 22H2: a required driver had an expired certificate and "core isolation" declared it explicitly revoked. l was unable to run the app except on a pre-22h2 system.

If you have core isolation enabled, then disabled it. if it is disabled then enable it.

Look in the (boinc) event log and see if the error message changes when you make changes in core isolation. windows event log may show more info so you might check that.

If is is not possible to enable core isolation, then click on "details" and see why it cannot be enabled. I had about 6 problem drivers. that I had to update or remove to enable core isolatiion.

edit: changed protection to isolation.
ID: 111573 · Report as offensive
ProfileJoseph Stateson
Volunteer tester
Avatar

Send message
Joined: 27 Jun 08
Posts: 641
United States
Message 111574 - Posted: 15 Apr 2023, 15:39:32 UTC - in response to Message 111572.  
Last modified: 15 Apr 2023, 16:11:12 UTC

BOINC 7.20.2 on Windows 7 Pro SP1 64-bit works fine:

4/15/2023 8:53:43 AM | World Community Grid | update requested by user
4/15/2023 8:53:43 AM |  | [http] HTTP_OP::init_get(): https://www.worldcommunitygrid.org/viewNoticesRSSFeed.action?userIdHash=blah



l just noticed you are using https

Detach and use http://www.worldcommunity
The list in boinc folder is incorrect and shows https it should be http

maybe this makes a difference in 22h2
just guessing

edit: if "global_prefs:" has worldcommunity make sure it is http and not https
ID: 111574 · Report as offensive
ProfileJord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15573
Netherlands
Message 111576 - Posted: 15 Apr 2023, 16:30:26 UTC - in response to Message 111574.  

No, that's normal. It's in my log as well:
14/04/2023 15:38:58 |  | [http] HTTP_OP::init_get(): https://www.worldcommunitygrid.org/viewNoticesRSSFeed.action?userIdHash=169974_edf17a5b8421cc294c6dace3cc57d81d
You connect using http, but the internal server code changes that to https. AFAIK all projects are https these days.
ID: 111576 · Report as offensive
1 · 2 · Next

Message boards : BOINC client : "SSL Connect Error" BOINC 7.20.2 for Windows 10 22H2

Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.