Posts by SoCrunchy

1) Message boards : BOINC client : "SSL Connect Error" BOINC 7.20.2 for Windows 10 22H2 (Message 111572) Posted 15 Apr 2023 by SoCrunchy Post: BOINC 7.20.2 on Windows 7 Pro SP1 64-bit works fine: 4/15/2023 8:53:43 AM \| World Community Grid \| update requested by user 4/15/2023 8:53:43 AM \| \| [http] HTTP_OP::init_get(): https://www.worldcommunitygrid.org/viewNoticesRSSFeed.action?userIdHash=blah 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Info: Too old connection (127 seconds idle), disconnect it 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Info: Connection 3 seems to be dead 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Info: Closing connection 3 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Info: schannel: shutting down SSL/TLS connection with boinc.berkeley.edu port 443 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Info: Too old connection (127 seconds idle), disconnect it 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Info: Connection 2 seems to be dead 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Info: Closing connection 2 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Info: schannel: shutting down SSL/TLS connection with scheduler.worldcommunitygrid.org port 443 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Info: Too old connection (124 seconds idle), disconnect it 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Info: Connection 4 seems to be dead 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Info: Closing connection 4 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Info: schannel: shutting down SSL/TLS connection with download.worldcommunitygrid.org port 443 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Info: Found bundle for host: 0x2b06da0 [serially] 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Info: Trying 199.241.167.118:443... 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Info: Connected to www.worldcommunitygrid.org (199.241.167.118) port 443 (#6) 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Info: schannel: disabled automatic use of client certificate 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Sent header to server: GET /viewNoticesRSSFeed.action?userIdHash=blahblahHTTP/1.1 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Sent header to server: Host: www.worldcommunitygrid.org 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Sent header to server: User-Agent: BOINC client (windows_x86_64 7.20.2) 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Sent header to server: Accept: / 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Sent header to server: Accept-Encoding: deflate, gzip 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Sent header to server: Accept-Language: en_US 4/15/2023 8:53:44 AM \| \| [http] [ID#0] Sent header to server:
2) Message boards : BOINC client : "SSL Connect Error" BOINC 7.20.2 for Windows 10 22H2 (Message 111571) Posted 15 Apr 2023 by SoCrunchy Post: The change from ca-bundle.crt to schannel was the subject of intense discussion and testing in early October 2021 - I was heavily involved in that process. The first Windows release for v7.20 (7.20.0) became available in mid-June 2022. Details in https://github.com/BOINC/boinc/pull/4545. My question would be - what is the internet access like for other, more generic, applications on the affected machines? Do web browsers connect to secure sites normally? Is Windows Update working normally? Or is the connection problem limited, specifically, to BOINC and only BOINC? Hi Richard! I've posted a little on the GitHub over the years but made an account here. Been out of the loop a couple years. This only affects BOINC 7.20.0+ and only BOINC 7.20.0+ on the affected machines. Windows Updates and everything works without any issue. All web browsers (including Internet Explorer, Edge) connect to https sites without issue. No proxy or VPN or anything out of the ordinary. The only thing that comes to mind is I've disabled IPv6 on the adapters, leaving only IPv4. I haven't done anything in the Registry except disable the Windows Script Host, which prevents execution of .js and .vbs files. I can't think of anything out of the ordinary on these machines. Everything works except BOINC 7.20 and above. Desktop 1: Firefox Beta, Firefox Developer, Chromium, Thunderbird, messaging apps, MS Office, Spotify, dozens more normal apps that typically use https. Desktop 2: Firefox Beta, Google Chrome, Android Studio, etc. Laptop 3: Currently never had BOINC installed, but is a fresher Windows 10 install than the desktops. I can try BOINC 7.20.0 on it (and assume it will work lol). Worst case scenario: It's not the end of the world. I plan on retiring both of these desktops sometime in 2023. Selling one and putting Linux on the other. I can get by just fine with 7.16 which uses ca-bundle.crt. This is more of a curiosity and wanting to be on the latest stable release.
3) Message boards : BOINC client : "SSL Connect Error" BOINC 7.20.2 for Windows 10 22H2 (Message 111568) Posted 14 Apr 2023 by SoCrunchy Post: Btw, something you said: I noticed in the changelog that instead of using C:\Program Files\BOINC\ca-bundle.crt like earlier branches, the 7.20 branch uses Windows's built-in CA certificates. Where did you see this? As I cannot find it. Neither in the 7.20 changelog, nor in the 7.22 changelog (checked in case you looked wrong), nor in the Release Notes in our Wiki. 2nd line in the Wiki release notes. It wasn't immediately clear at first since it didn't say "CA" or "certificate" bundle, but it's clear if you think about it. Changes in 7.20.0 Client: detect > 4 GB RAM on NIVIDIA GPUs Client: use system's OS bundle rather than our own In other words: * In 7.16: Event Log with http_debug turned on: See BOINC mention using C:\Program Files\BOINC\ca-bundle.crt specifically and then successfully connect to WCG, Berkeley, Google, etc. * In 7.20+: Event Log with http_debug turned on: See BOINC mention Microsoft Schannel, which means BOINC now relies on Windows to set up the TLS session using built-in CA certificate store and built-in cryptographic libraries I can post the Event Log that 7.16 uses. But yes, I do believe since 7.20.0 that the OS's cert bundle is used.
4) Message boards : BOINC client : "SSL Connect Error" BOINC 7.20.2 for Windows 10 22H2 (Message 111563) Posted 14 Apr 2023 by SoCrunchy Post: The revocation function was unable to check revocation because the revocation server was offline How do you connect to the internet? Via a proxy? A VPN? Any other means that uses its own certificate or certificate server, like a corporate server (active server or domain) or firewall? No proxy. No VPN. No special certificate or CA situation. No corporate server, just home user and home network. No special firewall or TLS decryption/deep packet inspection stuff. No Active Directory domain or anything fancy like that. No fancy HIDS/HIPS or even 3rd party antivirus. Just using Windows Defender. BOINC 7.16.x version works perfectly fine, but it uses C:\Program Files\BOINC\ca-bundle.crt instead of relying on Windows. Edited to Add: I tried BOINC 7.22.0 for Windows (unreleased I believe), and it's the same error. Here's a part where it tries to access the reference site: 4/14/2023 11:00:03 AM \| \| [http] [ID#0] Info: Trying 64.233.185.147:443... 4/14/2023 11:00:03 AM \| \| [http] [ID#0] Info: Connected to www.google.com (64.233.185.147) port 443 (#1) 4/14/2023 11:00:03 AM \| \| [http] [ID#0] Info: schannel: disabled automatic use of client certificate 4/14/2023 11:00:03 AM \| \| [http] [ID#0] Info: ALPN: offers http/1.1 4/14/2023 11:00:03 AM \| \| [http] [ID#0] Info: schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline. 4/14/2023 11:00:03 AM \| \| [http] [ID#0] Info: Closing connection 1 4/14/2023 11:00:03 AM \| \| [http] HTTP error: SSL connect error 4/14/2023 11:00:03 AM \| \| BOINC can't access Internet - check network connection or proxy configuration.
5) Message boards : BOINC client : "SSL Connect Error" BOINC 7.20.2 for Windows 10 22H2 (Message 111561) Posted 14 Apr 2023 by SoCrunchy Post: Thanks for the http_debug idea. I upgraded one of the boxes from 7.16.11 to 7.20.2 4/14/2023 10:27:11 AM \| World Community Grid \| update requested by user 4/14/2023 10:27:12 AM \| \| [http] HTTP_OP::init_get(): https://www.worldcommunitygrid.org/viewNoticesRSSFeed.action?userIdHash=[hash-redacted] 4/14/2023 10:27:12 AM \| \| [http] [ID#0] Info: Hostname in DNS cache was stale, zapped 4/14/2023 10:27:12 AM \| \| [http] [ID#0] Info: Trying 199.241.167.118:443... 4/14/2023 10:27:12 AM \| \| [http] [ID#0] Info: Connected to www.worldcommunitygrid.org (199.241.167.118) port 443 (#3) 4/14/2023 10:27:12 AM \| \| [http] [ID#0] Info: schannel: disabled automatic use of client certificate 4/14/2023 10:27:12 AM \| \| [http] [ID#0] Info: ALPN: offers http/1.1 4/14/2023 10:27:12 AM \| \| [http] [ID#0] Info: schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline. 4/14/2023 10:27:12 AM \| \| [http] [ID#0] Info: Closing connection 3 4/14/2023 10:27:12 AM \| \| [http] HTTP error: SSL connect error 4/14/2023 10:27:15 AM \| World Community Grid \| Sending scheduler request: Requested by user. 4/14/2023 10:27:15 AM \| World Community Grid \| Reporting 1 completed tasks 4/14/2023 10:27:15 AM \| World Community Grid \| Not requesting tasks: don't need () 4/14/2023 10:27:15 AM \| World Community Grid \| [http] HTTP_OP::init_post(): https://scheduler.worldcommunitygrid.org/boinc/wcg_cgi/fcgi 4/14/2023 10:27:15 AM \| \| [http] HTTP_OP::init_get(): https://boinc.berkeley.edu/download.php?xml=1 4/14/2023 10:27:15 AM \| \| [http] [ID#0] Info: Trying 208.68.240.115:443... 4/14/2023 10:27:15 AM \| World Community Grid \| [http] [ID#1] Info: Trying 199.241.167.118:443... 4/14/2023 10:27:15 AM \| World Community Grid \| [http] [ID#1] Info: Connected to scheduler.worldcommunitygrid.org (199.241.167.118) port 443 (#4) 4/14/2023 10:27:15 AM \| World Community Grid \| [http] [ID#1] Info: schannel: disabled automatic use of client certificate 4/14/2023 10:27:15 AM \| World Community Grid \| [http] [ID#1] Info: ALPN: offers http/1.1 4/14/2023 10:27:15 AM \| \| [http] [ID#0] Info: Connected to boinc.berkeley.edu (208.68.240.115) port 443 (#5) 4/14/2023 10:27:15 AM \| \| [http] [ID#0] Info: schannel: disabled automatic use of client certificate 4/14/2023 10:27:15 AM \| \| [http] [ID#0] Info: ALPN: offers http/1.1 4/14/2023 10:27:15 AM \| World Community Grid \| [http] [ID#1] Info: schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline. 4/14/2023 10:27:15 AM \| World Community Grid \| [http] [ID#1] Info: Closing connection 4 4/14/2023 10:27:15 AM \| World Community Grid \| [http] HTTP error: SSL connect error 4/14/2023 10:27:15 AM \| \| [http] [ID#0] Info: schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - The revocation function was unable to check revocation because the revocation server was offline. 4/14/2023 10:27:15 AM \| \| [http] [ID#0] Info: Closing connection 5 4/14/2023 10:27:15 AM \| \| [http] HTTP error: SSL connect error 4/14/2023 10:27:16 AM \| World Community Grid \| Scheduler request failed: SSL connect error
6) Message boards : BOINC client : "SSL Connect Error" BOINC 7.20.2 for Windows 10 22H2 (Message 111559) Posted 14 Apr 2023 by SoCrunchy Post: I'm gonna try this tool and see if I'm compromised by malware that installed a rogue CA certificate. https://www.ghacks.net/2015/11/25/give-your-windows-certificate-store-a-thorough-scan-for-suspicious-certs/ But even if I was, BOINC would still be able to hit the Google.com test site. It'd just be MITM to the attacker. Edit: Microsoft Sigcheck seems newer and part of their SysInternals suite. I'll run that.
7) Message boards : BOINC client : "SSL Connect Error" BOINC 7.20.2 for Windows 10 22H2 (Message 111558) Posted 14 Apr 2023 by SoCrunchy Post: I'm on Win10Pro 22H2 and make sure to get the monthly Windows Updates. Currently on April 2023 patch level. I just wish there was a way to troubleshoot this. Maybe I can run a packet capture on the router and see if the Windows boxes are even making an outbound attempt to Google from BOINC, but I think they're not even leaving the system. I do have Secure Boot disabled on these boxes unfortunately. It's weird that it affects two of my desktops instead of just one. There was a known issue in Windows 11 where TLS handshakes would fail, but I couldn't find a known issue in Windows 10 for the same thing. I could somehow try to find the source code on GitHub on how BOINC 7.20+ uses the Windows API for TLS, but... my programming is rusty. I have a newer laptop on Windows as well and could try BOINC 7.20 and see if the problem occurs on the laptop too or not. For now, 7.16 works fine, and I do plan on selling or retiring both of these PCs. It's just annoying I can't find out root cause.
8) Message boards : BOINC client : "SSL Connect Error" BOINC 7.20.2 for Windows 10 22H2 (Message 111556) Posted 14 Apr 2023 by SoCrunchy Post: This has nothing to do with WCG being up or down and everything to do with why 7.20 (which uses Windows's CA certificate bundle instead of BOINC's ca-bundle.crt) doesn't work. In case it's not clear from my OP: 1. In 7.20 on Windows, even the reference site connectivity fails to https://google.com 2. Downgrading to 7.16 on Windows works fine. I need help identifying the reason BOINC 7.20.x on Windows fails to set up a TLS handshake.
9) Message boards : BOINC client : "SSL Connect Error" BOINC 7.20.2 for Windows 10 22H2 (Message 111552) Posted 14 Apr 2023 by SoCrunchy Post: Originally asked on the WCG forums: https://www.worldcommunitygrid.org/forums/wcg/viewthread_thread,44701 Hi, first post on the BOINC forums. I tend to prefer using the latest stable release of software and was excited to upgrade to the 7.20 branch of BOINC client/manager. I noticed in the changelog that instead of using C:\Program Files\BOINC\ca-bundle.crt like earlier branches, the 7.20 branch uses Windows's built-in CA certificates. Yet when attempting to use 7.20.x, I get: 11/10/2022 7:23:25 PM \| World Community Grid \| Requesting new tasks for CPU 11/10/2022 7:23:26 PM \| \| Project communication failed: attempting access to reference site 11/10/2022 7:23:26 PM \| World Community Grid \| Scheduler request failed: Couldn't connect to server 11/10/2022 7:23:27 PM \| \| BOINC can't access Internet - check network connection or proxy configuration. 11/10/2022 7:24:13 PM \| World Community Grid \| update requested by user 11/10/2022 7:24:16 PM \| World Community Grid \| Sending scheduler request: Requested by user. 11/10/2022 7:24:16 PM \| World Community Grid \| Requesting new tasks for CPU 11/10/2022 7:24:17 PM \| World Community Grid \| Scheduler request failed: SSL connect error Note: I'm able to connect to other local computers on the local network, which means that networking works fine in BOINC Manager. The issue is solely with connectivity to the outside world, since 1) connectivity to WCG fails; and 2) connectivity to the reference site (I believe BOINC uses https://google.com) also fails. I've since reverted back to the 7.16.11 version, which works fine. Can someone help me troubleshoot and resolve this? I'm not using a proxy or anything. Just a home user on Windows 10 Pro 22H2. This SSL error occurs on two PCs, and the workaround to downgrade to 7.16 worked on both PCs. Either BOINC cannot access the Windows CA certificates, or maybe my computers are compromised, which would be creepy. Any ideas? I didn't get any solutions on the WCG forums.

Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.