Jump to content

Specify additional CA within emby

fbartels

By fbartels
in Feature Requests

 Share

Recommended Posts

fbartels

fbartels   9

Posted
Posted (edited)

Hi, 

 

Prelude:

I am trying to configure the ldap plugin for emby running on a synology nas. I wanted to use the "active directory server" package in synology to share users between the nas and emby. The ads on Synology only allows logins over ssl, but this does not work with emby either, since the ads is using a self signed ssl certificate, which is not know to emby.

 

When trying to login the following error is logged:

2018-11-24 19:06:38.582 Error UserManager: Error authenticating with provider LDAP
	*** Error Report ***
	Version: 3.5.3.0
	Command line: /var/packages/EmbyServer/target/server/EmbyServer.exe -package synology -programdata /var/packages/EmbyServer/target/var -ffmpeg /var/packages/EmbyServer/target/ffmpeg/bin/ffmpeg -ffprobe /var/packages/EmbyServer/target/ffmpeg/bin/ffprobe -restartexitcode 121
	Operating system: Unix 4.4.59.0
	64-Bit OS: True
	64-Bit Process: True
	User Interactive: False
	Mono: 5.14.0.177 (tarball Sun Nov  4 20:48:29 UTC 2018)
	Processor count: 4
	Program data path: /var/packages/EmbyServer/target/var
	Application directory: /volume1/@appstore/EmbyServer/releases/3.5.3.0
	System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
	  at /source/mono/external/boringssl/ssl/handshake_client.c:1132
	  at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00038] in <2e58ecde50444b6baf2e884bbf90860c>:0 
	  at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status) [0x0003e] in <2e58ecde50444b6baf2e884bbf90860c>:0 
	  at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus)
	  at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in <2e58ecde50444b6baf2e884bbf90860c>:0 
	  at Mono.Net.Security.AsyncProtocolRequest+<ProcessOperation>d__24.MoveNext () [0x000ff] in <2e58ecde50444b6baf2e884bbf90860c>:0 
	--- End of stack trace from previous location where exception was thrown ---
	  at Mono.Net.Security.AsyncProtocolRequest+<StartOperation>d__23.MoveNext () [0x0008b] in <2e58ecde50444b6baf2e884bbf90860c>:0 
	   --- End of inner exception stack trace ---
	  at Novell.Directory.Ldap.AsyncExtensions.WaitAndUnwrap (System.Threading.Tasks.Task task, System.Int32 timeout) [0x00036] in <a536c9104cea481e979954db10659c7f>:0 
	  at Novell.Directory.Ldap.Connection.connect (System.String host, System.Int32 port, System.Int32 semaphoreId) [0x000c3] in <a536c9104cea481e979954db10659c7f>:0 
	  at Novell.Directory.Ldap.Connection.connect (System.String host, System.Int32 port) [0x00000] in <a536c9104cea481e979954db10659c7f>:0 
	  at Novell.Directory.Ldap.LdapConnection.Connect (System.String host, System.Int32 port) [0x0006a] in <a536c9104cea481e979954db10659c7f>:0 
	  at LDAP.AuthenticationProvider+<Authenticate>d__11.MoveNext () [0x000dc] in <a536c9104cea481e979954db10659c7f>:0 
	--- End of stack trace from previous location where exception was thrown ---
	  at Emby.Server.Implementations.Library.UserManager+<AuthenticateWithProvider>d__57.MoveNext () [0x0011b] in <8252e50122f84f82af882c36d707f6ce>:0 
	System.Security.Authentication.AuthenticationException
	  at Novell.Directory.Ldap.AsyncExtensions.WaitAndUnwrap (System.Threading.Tasks.Task task, System.Int32 timeout) [0x00036] in <a536c9104cea481e979954db10659c7f>:0 
	  at Novell.Directory.Ldap.Connection.connect (System.String host, System.Int32 port, System.Int32 semaphoreId) [0x000c3] in <a536c9104cea481e979954db10659c7f>:0 
	  at Novell.Directory.Ldap.Connection.connect (System.String host, System.Int32 port) [0x00000] in <a536c9104cea481e979954db10659c7f>:0 
	  at Novell.Directory.Ldap.LdapConnection.Connect (System.String host, System.Int32 port) [0x0006a] in <a536c9104cea481e979954db10659c7f>:0 
	  at LDAP.AuthenticationProvider+<Authenticate>d__11.MoveNext () [0x000dc] in <a536c9104cea481e979954db10659c7f>:0 
	--- End of stack trace from previous location where exception was thrown ---
	  at Emby.Server.Implementations.Library.UserManager+<AuthenticateWithProvider>d__57.MoveNext () [0x0011b] in <8252e50122f84f82af882c36d707f6ce>:0 
	InnerException: Mono.Btls.MonoBtlsException
	Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
	  at /source/mono/external/boringssl/ssl/handshake_client.c:1132
	  at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00038] in <2e58ecde50444b6baf2e884bbf90860c>:0 
	  at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status) [0x0003e] in <2e58ecde50444b6baf2e884bbf90860c>:0 
	  at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus)
	  at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in <2e58ecde50444b6baf2e884bbf90860c>:0 
	  at Mono.Net.Security.AsyncProtocolRequest+<ProcessOperation>d__24.MoveNext () [0x000ff] in <2e58ecde50444b6baf2e884bbf90860c>:0 
	--- End of stack trace from previous location where exception was thrown ---
	  at Mono.Net.Security.AsyncProtocolRequest+<StartOperation>d__23.MoveNext () [0x0008b] in <2e58ecde50444b6baf2e884bbf90860c>:0 
	  at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00038] in <2e58ecde50444b6baf2e884bbf90860c>:0 
	  at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status) [0x0003e] in <2e58ecde50444b6baf2e884bbf90860c>:0 
	  at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus)
	  at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in <2e58ecde50444b6baf2e884bbf90860c>:0 
	  at Mono.Net.Security.AsyncProtocolRequest+<ProcessOperation>d__24.MoveNext () [0x000ff] in <2e58ecde50444b6baf2e884bbf90860c>:0 
	--- End of stack trace from previous location where exception was thrown ---
	  at Mono.Net.Security.AsyncProtocolRequest+<StartOperation>d__23.MoveNext () [0x0008b] in <2e58ecde50444b6baf2e884bbf90860c>:0

I already tried importing the the ca of the certificate into openssl, but this had no effect. I would therefore welcome the possibility to specify and additional root ca within emby to mark this connection as trusted.

 

EDIT: for the moment I have worked around this with a small stunnel docker container

Edited by fbartels
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...