1
0
mirror of https://github.com/Radarr/Radarr.git synced 2024-11-04 10:02:40 +01:00

Fixed: Added fallback and log errors when Tls1.2 clashes with https certificate with obsolete md5 hash.

This commit is contained in:
Taloth Saldono 2016-09-13 22:57:07 +02:00
parent 713e109bc9
commit 816cf608fc
5 changed files with 40 additions and 7 deletions

View File

@ -1,7 +1,9 @@
using System; using System;
using System.Net; using System.Net;
using NzbDrone.Common.EnvironmentInfo;
using NzbDrone.Common.Extensions; using NzbDrone.Common.Extensions;
using NzbDrone.Common.Http.Proxy; using NzbDrone.Common.Http.Proxy;
using NzbDrone.Common.Security;
namespace NzbDrone.Common.Http.Dispatchers namespace NzbDrone.Common.Http.Dispatchers
{ {
@ -60,6 +62,11 @@ public HttpResponse GetResponse(HttpRequest request, CookieContainer cookies)
} }
catch (WebException e) catch (WebException e)
{ {
if (e.Status == WebExceptionStatus.SecureChannelFailure && OsInfo.IsWindows)
{
SecurityProtocolPolicy.DisableTls12();
}
httpWebResponse = (HttpWebResponse)e.Response; httpWebResponse = (HttpWebResponse)e.Response;
if (httpWebResponse == null) if (httpWebResponse == null)
@ -89,7 +96,7 @@ protected virtual void AddProxy(HttpWebRequest webRequest, HttpRequest request)
webRequest.Proxy = _createManagedWebProxy.GetWebProxy(proxySettings); webRequest.Proxy = _createManagedWebProxy.GetWebProxy(proxySettings);
} }
} }
protected virtual void AddRequestHeaders(HttpWebRequest webRequest, HttpHeader headers) protected virtual void AddRequestHeaders(HttpWebRequest webRequest, HttpHeader headers)
{ {
foreach (var header in headers) foreach (var header in headers)

View File

@ -24,6 +24,7 @@ public static void Register()
protocol |= Tls11; protocol |= Tls11;
} }
// Enabling Tls1.2 invalidates certificates using md5, so we disable Tls12 on the fly if that happens.
if (Enum.IsDefined(typeof(SecurityProtocolType), Tls12)) if (Enum.IsDefined(typeof(SecurityProtocolType), Tls12))
{ {
protocol |= Tls12; protocol |= Tls12;
@ -36,5 +37,23 @@ public static void Register()
Logger.Debug(ex, "Failed to set TLS security protocol."); Logger.Debug(ex, "Failed to set TLS security protocol.");
} }
} }
public static void DisableTls12()
{
try
{
var protocol = ServicePointManager.SecurityProtocol;
if (protocol.HasFlag(Tls12))
{
Logger.Warn("Disabled Tls1.2 due to remote certificate error.");
ServicePointManager.SecurityProtocol = protocol & ~Tls12;
}
}
catch (Exception ex)
{
Logger.Debug(ex, "Failed to disable TLS 1.2 security protocol.");
}
}
} }
} }

View File

@ -24,6 +24,13 @@ private static bool ShouldByPassValidationError(object sender, X509Certificate c
return true; return true;
} }
var req = sender as HttpWebRequest;
var cert2 = certificate as X509Certificate2;
if (cert2 != null && req != null && cert2.SignatureAlgorithm.FriendlyName == "md5RSA")
{
Logger.Error("https://{0} uses the obsolete md5 hash in it's https certificate, if that is your certificate, please (re)create certificate with better algorithm as soon as possible.", req.RequestUri.Authority);
}
if (sslPolicyErrors == SslPolicyErrors.None) if (sslPolicyErrors == SslPolicyErrors.None)
{ {
return true; return true;
@ -34,4 +41,4 @@ private static bool ShouldByPassValidationError(object sender, X509Certificate c
return true; return true;
} }
} }
} }

View File

@ -21,8 +21,8 @@ public static void Start(StartupContext startupContext, IUserAlert userAlert, Ac
{ {
try try
{ {
X509CertificateValidationPolicy.Register();
SecurityProtocolPolicy.Register(); SecurityProtocolPolicy.Register();
X509CertificateValidationPolicy.Register();
Logger.Info("Starting Sonarr - {0} - Version {1}", Assembly.GetCallingAssembly().Location, Assembly.GetExecutingAssembly().GetName().Version); Logger.Info("Starting Sonarr - {0} - Version {1}", Assembly.GetCallingAssembly().Location, Assembly.GetExecutingAssembly().GetName().Version);
@ -144,4 +144,4 @@ private static bool IsInUtilityMode(ApplicationModes applicationMode)
} }
} }
} }
} }

View File

@ -30,14 +30,14 @@ public static void Main(string[] args)
{ {
try try
{ {
SecurityProtocolPolicy.Register();
X509CertificateValidationPolicy.Register();
var startupArgument = new StartupContext(args); var startupArgument = new StartupContext(args);
NzbDroneLogger.Register(startupArgument, true, true); NzbDroneLogger.Register(startupArgument, true, true);
Logger.Info("Starting Sonarr Update Client"); Logger.Info("Starting Sonarr Update Client");
X509CertificateValidationPolicy.Register();
SecurityProtocolPolicy.Register();
_container = UpdateContainerBuilder.Build(startupArgument); _container = UpdateContainerBuilder.Build(startupArgument);
_container.Resolve<UpdateApp>().Start(args); _container.Resolve<UpdateApp>().Start(args);