Loading...
  OR  Zero-K Name:    Password:   

Forum index  > General discussion   > Help and bugs   >

Cannot start Zero-K lobby

5 posts, 900 views
Post comment
Filter:    Player:  
sort
CZrankpsaniac
3 years ago
When attempting to start ZK, it throws weird errors, then crashes.

I'm using the Linux non-steam version.

https://controlc.com/289cac14
+1 / -0
DKrankRustyRissole
3 years ago
(edited 3 years ago)
I have the same issue, i can also verify that the CA is on my host, 

$ curl -v https://repos.springrts.com > /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 78.46.21.29:443...
* Connected to repos.springrts.com (78.46.21.29) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [4060 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=repos.springrts.com
*  start date: Sep 14 09:57:34 2021 GMT
*  expire date: Dec 13 09:57:33 2021 GMT
*  subjectAltName: host "repos.springrts.com" matched cert's "repos.springrts.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
} [5 bytes data]
> GET / HTTP/1.1
> Host: repos.springrts.com
> User-Agent: curl/7.74.0
> Accept: */*
> 
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [297 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [281 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Sun, 10 Oct 2021 09:59:58 GMT
< Server: Apache/2.4.38 (Debian)
< Vary: Accept-Encoding
< Transfer-Encoding: chunked
< Content-Type: text/html;charset=UTF-8
< 
{ [6 bytes data]
100 10888    0 10888    0     0  82484      0 --:--:-- --:--:-- --:--:-- 82484
* Connection #0 to host repos.springrts.com left intact


so it looks like the problem is isolated to mono,

I tried importing the certificate directly and that didn't help eithe...
$ certmgr -ssl https://repos.springrts.com
Mono Certificate Manager - version 6.8.0.105
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.


X.509 Certificate v3
   Issued from: O=Digital Signature Trust Co., CN=DST Root CA X3
   Issued to:   C=US, O=Internet Security Research Group, CN=ISRG Root X1
   Valid from:  20/01/2021 7:14:03 PM
   Valid until: 30/09/2024 6:14:03 PM
   *** WARNING: Certificate signature is INVALID ***
This certificate is already in the CA store.

X.509 Certificate v3
   Issued from: C=US, O=Internet Security Research Group, CN=ISRG Root X1
   Issued to:   C=US, O=Let's Encrypt, CN=R3
   Valid from:  4/09/2020 12:00:00 AM
   Valid until: 15/09/2025 4:00:00 PM
   *** WARNING: Certificate signature is INVALID ***
This certificate is already in the CA store.

X.509 Certificate v3
   Issued from: C=US, O=Let's Encrypt, CN=R3
   Issued to:   CN=repos.springrts.com
   Valid from:  14/09/2021 9:57:34 AM
   Valid until: 13/12/2021 9:57:33 AM
This certificate is already in the AddressBook store.

No certificate were added to the stores.


i still get the same error from Zero-k that you are seeing,
+0 / -0


AUrankAdminGoogleFrog
3 years ago
It sounds like something is broken regarding certificate management, Linux, and the springrts domain.
+0 / -0
CArankPorkchop
3 years ago
(edited 3 years ago)
What looks to be happening is that the non-steam version works fine on Windows 10, but can't negotiate a connection to springrts.com if run on other platforms.

I've submitted a PR that makes the launcher able to download packages on earlier versions of Windows as well as Linux. I'm seeing it fix the "Download of zkmenu:stable has failed" error and make it in-game.

The patch just fixes the issue mentioned here: https://zero-k.info/Forum/Post/244537#244537

This is more or less what's happening when the launcher makes a request that pops the error message:
$ curl https://repos.springrts.com --tlsv1.0 --tls-max 1.0 --verbose
*   Trying 78.46.21.29:443...
* TCP_NODELAY set
* Connected to repos.springrts.com (78.46.21.29) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS alert, internal error (592):
* error:141E70BF:SSL routines:tls_construct_client_hello:no protocols available
* Closing connection 0
curl: (35) error:141E70BF:SSL routines:tls_construct_client_hello:no protocols available

+5 / -0
USrank[I]burp
3 years ago
This issue can be fixed by importing the root certificates from mozilla with the program `mozroots` provided by mono:

mozroots --import --quiet

When you have those certificates in some place in PEM/.crt format, one can apparently also use `cert-sync`.
+1 / -0