muse-sounds-manager invalid SSL certificate
I have downloaded the beta muse-sounds-manager to my linux opensuse tumbleweed system. MSM loads fine, but when I click to download a sounds file (harp) I get a message to say something went wrong. From running MSM in a terminal I see:
2023-12-28 15:35:37.2331|INFO|Muse.Client.Linux.Services.LinuxMuseBackgroundService|Parsing message Muse.Common.Messages.Actions.RegisterHiddenDownloadAction (ItemId=musesampler;ItemType=Application;P2PInfoFile=https://muse-webservice.azurewebsites.net/musedownload/application-buil…) ...
2023-12-28 15:35:37.2348|INFO|Muse.Common.Interop.ServiceCore|Registering Hidden Item (Type: Application, Id: musesampler, Name: MuseSampler)...
curl_easy_perform() failed: Problem with the SSL CA cert (path? access rights?)
2023-12-28 15:35:37.2896|INFO|Muse.Common.Interop.ServiceCore|Error getting .musedownload file
2023-12-28 15:35:37.2896|ERROR|Muse.Common.Interop.ServiceCore|Error registering hidden download: musesampler: MuseSampler
2023-12-28 15:35:37.4478|INFO|Muse.Client.Linux.Services.LinuxMuseBackgroundService|Parsing message Muse.Common.Messages.Actions.ForceItemStateAction (Type=Application;Id=hub;Name=Muse Hub;Version=1.1.0.587;State=Installed) ...
2023-12-28 15:35:37.4478|INFO|Muse.Common.Interop.ServiceCore|Forcing Item State (Type: Application, Id: hub, Name: Muse Hub, Version: 1.1.0.587, State: Installed)...
2023-12-28 15:35:45.0416|INFO|Muse.Client.Linux.Services.LinuxMuseBackgroundService|Parsing message Muse.Common.Messages.Actions.StartDownloadAction (ItemId=cba44cea-47bc-4c61-bf57-abcb4e998bc9;ItemType=Instrument;P2PInfoFile=https://muse-webservice.azurewebsites.net/musedownload/library-packages… Harp) ...
2023-12-28 15:35:45.0457|INFO|Muse.Common.Interop.ServiceCore|Downloading Item (Type: Instrument, id: cba44cea-47bc-4c61-bf57-abcb4e998bc9, Name: Muse Harp)...
curl_easy_perform() failed: Problem with the SSL CA cert (path? access rights?)
2023-12-28 15:35:45.0909|INFO|Muse.Common.Interop.ServiceCore|Error getting .musedownload file
2023-12-28 15:35:45.0911|ERROR|Muse.Common.Interop.ServiceCore|Error adding download: cba44cea-47bc-4c61-bf57-abcb4e998bc9: Muse Harp
which seems to imply there is something wrong on the curl call.
Can anyone help me to identify and fix the problem?
Comments
IDK but looks like an internet connection issue, maybe the firewall or internet problems? Try installing it again.
In reply to IDK but looks like an… by MK140221
I tried removing all instances of musescore musehub and muse-sounds then istalled musescore and muse-sounds-manager. I even cleared cache from my user. It is no different. When I click to download sounds the same problem occurrs.
I tried a web test on the azure domain which told me that the domain is valid and certificates good. I have no problems accessing musescore.com or org.
Is there any way to get more diagnostics from muse-sounds-manager or devising some kind of test against what the msm curl call issues?
In reply to I tried removing all… by haslamorama
The problem seems to be
curl_easy_perform() failed: Problem with the SSL CA cert (path? access rights?)
When i start MSM, one on the first things log entries is:
024-01-03 13:56:14.2280|INFO|Muse.Client.Linux.App|Setting SSL_CERT_DIR to /usr/lib/ssl/certs
2024-01-03 13:56:14.2280|INFO|Muse.Client.Linux.App|Setting SSL_CERT_FILE to /usr/lib/ssl/certs/ca-certificates.crt
On my system (ubuntu 22.04), this is a symlink
lrwxrwxrwx 1 root root 14 dec 15 2022 /usr/lib/ssl/certs -> /etc/ssl/certs
Perhaps there is a problem with this?
The CA used here is Microsoft RSA Root Certificate Authority 2017.
It cannot hurt to check if the Microsoft CA is on your system.
I have these on the system:
lrwxrwxrwx 1 root root 49 dec 15 2022 8d89cda1.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root 49 dec 15 2022 bf53fb88.0 -> Microsoft_RSA_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root 84 dec 15 2022 Microsoft_ECC_Root_Certificate_Authority_2017.pem -> /usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root root 84 dec 15 2022 Microsoft_RSA_Root_Certificate_Authority_2017.pem -> /usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt
Does this command work?
curl https://muse-webservice.azurewebsites.net/
Common ca-certificates can be installed with (edit: on ubuntu that is, i am sure there is a similar package on opensuse)
sudo apt install ca-certificates
if needed.
In reply to The problem seems to be curl… by graffesmusic
I have the following Microsoft certificates:-
/etc/ssl/certs/Microsoft_ECC_Root_Certificate_Authority_2017.pem
/etc/ssl/certs/Microsoft_RSA_Root_Certificate_Authority_2017.pem
/var/lib/ca-certificates/pem/Microsoft_ECC_Root_Certificate_Authority_2017.pem
/var/lib/ca-certificates/pem/Microsoft_RSA_Root_Certificate_Authority_2017.pem
/var/lib/ca-certificates/openssl/Microsoft_ECC_Root_Certificate_Authority_2017.pem
/var/lib/ca-certificates/openssl/Microsoft_RSA_Root_Certificate_Authority_2017.pem
also in /var/lib/ca-certificates/openssl there is:
lrwxrwxrwx 1 root root 49 Dec 25 13:19 01419da9.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root 49 Dec 25 13:19 8d89cda1.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root 49 Dec 25 13:19 9591a472.0 -> Microsoft_RSA_Root_Certificate_Authority_2017.pem
-r--r--r-- 1 root root 972 Dec 25 13:19 Microsoft_ECC_Root_Certificate_Authority_2017.pem
-r--r--r-- 1 root root 2122 Dec 25 13:19 Microsoft_RSA_Root_Certificate_Authority_2017.pem
The start of MSM picks different directories than yours but is for this OpenSuse Tumbleweed system:
/home/turtle$ muse-sounds-manager
2024-01-03 15:33:12.8679|INFO|Muse.Common.Services.SettingsService|Reloading settings...
2024-01-03 15:33:12.9128|INFO|Muse.Common.Services.SettingsService|Settings file does not exist. 'createFileIfMissing' is set to true, so creating a new default settings file.
2024-01-03 15:33:12.9128|INFO|Muse.Common.Services.SettingsService|Saving settings...
2024-01-03 15:33:13.0043|INFO|Muse.Client.Linux.App|Attempting to set the users language to en-US using file /opt/muse-sounds-manager/Assets/Strings/en-US/Localizable.strings
2024-01-03 15:33:13.0097|INFO|Muse.Client.Linux.App|Setting SSL_CERT_DIR to /etc/ssl/certs
2024-01-03 15:33:13.0097|INFO|Muse.Client.Linux.App|Setting SSL_CERT_FILE to /etc/ssl/ca-bundle.pem
2024-01-03 15:33:13.3885|INFO|Muse.Common.Interop.ServiceCore|Checking to see if the user downloads directory (/home/turtle/.muse-sounds-manager/downloads) is writable...
2024-01-03 15:33:13.3930|INFO|Muse.Common.Interop.ServiceCore|Setting download location to /home/turtle/.muse-sounds-manager/downloads...
2024-01-03 15:33:13.3930|INFO|Muse.Common.Interop.ServiceCore|Setting Sampler install location to /home/turtle/.local/share/MuseSampler/lib/...
2024-01-03 15:33:13.3930|INFO|Muse.Common.Interop.ServiceCore|Setting distribution state to Off...
2024-01-03 15:33:13.3950|INFO|Muse.Common.Interop.ServiceCore|Muse Hub Version: 1.1.0.587
2024-01-03 15:33:13.3950|INFO|Muse.Common.Interop.ServiceCore|Initializing ServiceCore...
2024-01-03 15:33:13.3950|ERROR|Muse.Common.Interop.ServiceCore|Could not read from backing file! May not exist?
2024-01-03 15:33:13.4612|INFO|Muse.Common.Interop.ServiceCore|[MuseDownloaderInitialStateCallbackHandler] ID: hub, Name: Muse Hub, Item Type: Application, State: Installed, Version: 1.1.0.587
2024-01-03 15:33:13.4716|INFO|Muse.Common.Interop.ServiceCore|No resume data file for Muse Hub (hub.resume)
curl_easy_perform() failed: Problem with the SSL CA cert (path? access rights?)
curl_easy_perform() failed: Problem with the SSL CA cert (path? access rights?)
But it still fails..... :-(
In reply to I have the following… by haslamorama
Here is the result of the curl request:
/home/turtle$ curl https://muse-webservice.azurewebsites.net/
In reply to Here is the result of the… by haslamorama
I get the same result from my browser when I access that link
In reply to I get the same result from… by MK140221
Strange.
Nevertheless, this is a CA-cert problem, obviously.
It seems that curl and libcurl (can) use other cacert paths.
You could test with
https://raw.githubusercontent.com/curl/curl/master/docs/examples/simple…
adapt url to
curl_easy_setopt(curl, CURLOPT_URL, "https://muse-webservice.azurewebsites.net/");
and compile with
gcc simple.c -lcurl -o testlibcurl
The resulting program 'testlibcurl' should run without error if ca is OK
In reply to Strange. Nevertheless, this… by graffesmusic
I got the test 'C' code, replaced the URL as you said, compiled and ran it.
Here is what I got:-
/home/turtle/code/curltest$ ./curltest
/home/turtle/code/curltest$
So the fact we got something and there was no failure message from the curl call, does this mean it is not a certificate problem but rather something that the MSM code is finding wrong and reporting or maybe giving an incorrect curl call?
I don't quite understand other than different system file/directory structure why it works on Ubuntu and not Opensuse. Does anyone have access to the MSM code?
In reply to I got the test 'C' code,… by haslamorama
We don't have access to the code, this is not open source.
Best ask over there: https://musehub.zendesk.com/hc/en-gb
This is strange. Perhaps a difference in libcurl version. Anyway, we cannot know how this has been compiled. Surely, it has not been tested with Opensuse.
Since the curltest works fine, this cannot be a missing ca-cert.
If this does not exist yet, why not try with a symlink
/usr/lib/ssl/certs -> /etc/ssl/certs
One never knows ...
(to be sure:
ldd /opt/muse-sounds-manager/Muse.Client.Linux
is OK?)
Is teh output of
openssl version -d
give you /etc/ssl ?
On my system that is:
OPENSSLDIR: "/usr/lib/ssl"
In reply to We don't have access to the… by graffesmusic
I get:-
/home/turtle$ openssl version -d
OPENSSLDIR: "/etc/ssl"
/home/turtle$ ldd /opt/muse-sounds-manager/Muse.Client.Linux
linux-vdso.so.1 (0x00007fffe4159000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f3718637000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f3718632000)
libz.so.1 => /lib64/libz.so.1 (0x00007f3718618000)
librt.so.1 => /lib64/librt.so.1 (0x00007f3718611000)
libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f37185ec000)
libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007f3717600000)
libm.so.6 => /lib64/libm.so.6 (0x00007f3718505000)
libc.so.6 => /lib64/libc.so.6 (0x00007f3717200000)
/lib64/ld-linux-x86-64.so.2 (0x00007f3718662000)
/home/turtle$
which would seem to be correct. I also tried to force the certificates file through environment variables which MSM picked up but it made no difference to the result.
MSM is not available yet through Opensuse - got the .rpm file from the Muse download website. Looks as though I will have to wait......unless someone has a solution to this. (sigh!)
In reply to I get:- /home/turtle$… by haslamorama
Best to ask musehub support i think.
https://musehub.zendesk.com/hc/en-gb
In reply to Best to ask musehub support… by graffesmusic
Did anyone figure this out yet? I have the same problem on openSUSE Tumbleweed :-(
In reply to Did anyone figure this out… by adam.spiers
Based on a hint from https://forums.opensuse.org/t/looking-for-ca-certificates-crt-file-wher… I found that the following fixes it:
ln -s /var/lib/ca-certificates/ca-bundle.pem /etc/ssl/certs/ca-certificates.crt
In reply to Based on a hint from https:/… by adam.spiers
Thank you! This info enabled me to fix the same problem on Mageia. I just created this link: /etc/pki/tls/certs/ca-certificates.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem