subliminal icon indicating copy to clipboard operation
subliminal copied to clipboard

Published 20 hours ago verified publisher icon Diaoul

RESOLVED: Some providers have been discarded due to unexpected errors

Open jonfen opened this issue 2 years ago • 10 comments

Issue

Running Ubuntu 20.04.4 LTS via Windows Subsystem for Linux (WSL) on Windows 11 if you receive this error "Some providers have been discarded due to unexpected errors" try adding the --debug flag. In my case, I saw 'SSL routines', 'tls12_check_peer_sigalg', 'wrong signature type'

This is saying that the SSL security level is set too high on Ubuntu 20.04 to work with those providers.

Request

Provide a user-friendly error to the user if the OS SSL Security is too high -- or increase the security.

Workaround

Lower the SSL Security Level to 1 on Ubuntu 20.04

Edit openssl.conf file:

sudo nano /etc/ssl/openssl.cnf Extra points if you use vi

Add this line to the top:

openssl_conf = openssl_init

And these lines to the very bottom:

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
CipherString = DEFAULT@SECLEVEL=1

jonfen avatar Mar 13 '22 19:03 jonfen

Sorry for bringing this back up, but I was about to open an issue about discarded providers and I just came accross your solution. I am on openssl 3.0.3 though (debian testing/unstable x64). Also, ubuntu 22.04 is on 3.0.2, so this may interest someone else too.

All the forementioned parts are already there, so there is nothing to add, but the last one under [system_default_sect] is a bit different

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT:@SECLEVEL=2

Any ideas? It would also be nice if the above were set only for the user instead of being system wide.

pitsi avatar Jun 20 '22 09:06 pitsi

Yeah, I don't wanna do this system wide, is it possible to set it for subliminal? Or via an environment variable?

markonius avatar Aug 06 '22 15:08 markonius

Yeah, I don't wanna do this system wide, is it possible to set it for subliminal? Or via an environment variable?

Interested in this as well.

ronilaukkarinen avatar Sep 03 '22 09:09 ronilaukkarinen

Can someone please try the solution described here with "export=blablabla"? https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level

I would try it, but I have nothing that needs subs right now.

---edit I tried it just now, with a popular movie and with english as the language for the subs, so it would definitely find at least one from all those providers. And unfortunately, nothing has changed. Then I changed the system's configuration on the forementioned file, but it still gives me the same errors, so I assume something bigger has changed with openssl's upgrade from 1.1.x to 3.x. If anyone is on ubuntu 20.04 or older or debian 11 or older or any other distro that still uses openssl 1.1.x, please offer some feedback about the workaround.

pitsi avatar Sep 06 '22 05:09 pitsi

I got access to a vm with debian 11 yesterday and tried the workaround mentioned at the start. I am delighted to say that it works flawlessly. Zero errors, just a confirmation that 1 subtitle file was downloaded.

So, besides request above for a way to change the settings for the user only and not system wide, what other changes must be done for the distros that are on libssl 3.x?

pitsi avatar Sep 22 '22 09:09 pitsi

just found this tool, and I have this issue. I tried suggested workarounds but the problem persist. I'm in ubuntu 20.04

kurokirasama avatar Apr 27 '23 15:04 kurokirasama 

import requests

requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS = 'DEFAULT@SECLEVEL=1'

Adding this on the top of each provider module (e.g. providers/podnapisi.py) will fix it for that provider. I would do a PR but it's a bit of a hack really.

dekomote avatar May 28 '23 18:05 dekomote 

import requests

requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS = 'DEFAULT@SECLEVEL=1'

Adding this on the top of each provider module (e.g. providers/podnapisi.py) will fix it for that provider. I would do a PR but it's a bit of a hack really.

This doesn't seem to work for me. Still getting errors about 'Wrong signature type' from SSL. I'm running Windows 10.

stingwraith avatar Jul 09 '23 11:07 stingwraith

Just run the below after signing up for an account.

subliminal --debug --opensubtitles "username" "password" download -p opensubtitles -l en .

benpietras avatar Nov 20 '23 11:11 benpietras

SSL certificate for Podnapisi.NET should be solved now.

MasterMind2k avatar Jan 06 '24 18:01 MasterMind2k

@getzze I just got the notiffication that you closed the issue. Does this mean that subliminal will get a new release soon? Or will the project be archived?

pitsi avatar May 17 '24 09:05 pitsi

This issue was (seemingly) solved by https://github.com/Diaoul/subliminal/commit/faffd7a335384e5949e6322609b01c1f2ce682e8 that was merged in develop. See https://github.com/Diaoul/subliminal/pull/1057 also.

We are working on a new release yes!

getzze avatar May 17 '24 13:05 getzze