client icon indicating copy to clipboard operation
client copied to clipboard
verified publisher icon keybase

Reporting errors in-app does not work if the SSL certificate is bad

Open jefflaing opened this issue 2 years ago • 7 comments

Keybase GUI Version: 6.2.4-20231019211625+5cfcf6b41e

I'm getting this:

Error: ERROR CODE 1601 - API network error: Post "https://api-0.core.keybaseapi.com/_/api/1.0/logdump/send.json": x509: certificate signed by unknown authority in method keybase.1.config.logSend at new RPCError (file:///Applications/Keybase.app/Contents/Resources/app/desktop/dist/main.bundle.js:1:4125048) at convertToRPCError (file:///Applications/Keybase.app/Contents/Resources/app/desktop/dist/main.bundle.js:1:4102243) at convertToError (file:///Applications/Keybase.app/Contents/Resources/app/desktop/dist/main.bundle.js:1:4102334) at file:///Applications/Keybase.app/Contents/Resources/app/desktop/dist/main.bundle.js:1:2473166 at file:///Applications/Keybase.app/Contents/Resources/app/desktop/dist/105.bundle.js:2:215977 at Deferrals._call (file:///Applications/Keybase.app/Contents/Resources/app/desktop/dist/105.bundle.js:2:894539) at file:///Applications/Keybase.app/Contents/Resources/app/desktop/dist/105.bundle.js:2:894731 at trampoline (file:///Applications/Keybase.app/Contents/Resources/app/desktop/dist/105.bundle.js:2:894267) at Deferrals._fulfill (file:///Applications/Keybase.app/Contents/Resources/app/desktop/dist/105.bundle.js:2:894684) at ret (file:///Applications/Keybase.app/Contents/Resources/app/desktop/dist/105.bundle.js:2:893677)

when it tries to send feedback in-app. The error looks transient - that is, when you fix the certificate, it will be a non-issue. But a feedback mechanism should not "fail with a stack trace"

jefflaing avatar Jan 13 '24 02:01 jefflaing

Hi, it was an issue with the SSL certificat being expire or unvalidate. That issue has been corrected on the last update.

th333boo avatar Jan 15 '24 09:01 th333boo

Yes, the certificate may be repaired but the exception path through the app still exists in a "sub-optimal" form. When someone wants to report a problem, the app needs to work - falling back on a mailto: link would be an improvement.

jefflaing avatar Jan 15 '24 10:01 jefflaing

certificate is valid , but it doesn't not have the full chain , so it throws error for the unknown Certificate Authority . Uploading a file ,opening the teams or reporting an issue gives and error. This is the reason I am posting here since I could not find another way. image

liviutoma avatar Jan 23 '24 08:01 liviutoma

Again, I feel like the point is being missed. The issue is that the "report a problem" feature threw a problem of its own, rather than falling back on catching the error cleanly and saying something like "I really can't cope with this - please copy the following and send an email to [email protected]"

Yes, the certificate is bad and will be better at some point. That's not the issue.

There was no catch statement to intercept that stack trace display, and that looks catastrophically bad to someone who wants to trust the software not to "lose their stuff" even when things go wrong.

Exception paths in code are HARD to make user friendly, and I accept that there will be lots of paths through the regular app that can fail for all sorts of unimaginable reasons. But the REPORT A PROBLEM function needs to be, or at least appear to be, a lot more robust.

jefflaing avatar Jan 23 '24 08:01 jefflaing

None of you mentioned the platform (OS). It's an important detail. After contributing to the Windows package update that was recently merged, I just installed the new version on Win11 and everything seems to work fine. I could reproduce only the Feedback issue, which indeed throws: API_NETWORK_ERROR: ERROR CODE 1601 - API network error: Post "https://api-0.core.keybaseapi.com/_/api/1.0/logdump/send.json": EOF in method keybase.1.config.logSend

orgcontrib avatar Jan 26 '24 18:01 orgcontrib

Sorry, I figured that seeing the traceback is out of /Applications/Keybase.app told everyone this is MacOS. And, correct me if I'm wrong, but you seem to be saying you see the same issue on Windows, which will be no surprise.

To be honest, I think this is one of those "why are you bothering to use HTTPS on a feedback form?" issues. If the modern internet fetish for "encrypt everything, just in case" wasn't there, this wouldn't be an issue. So, as it stands, I think a mechanism that tried https, then fell back on plain http would have completely avoided this problem.

AGAIN, this is for the Bug Feedback data path, and it could even warn the user that it was doing so.

jefflaing avatar Jan 27 '24 00:01 jefflaing

Sorry, I figured that seeing the traceback is out of /Applications/Keybase.app told everyone this is MacOS. And, correct me if I'm wrong, but you seem to be saying you see the same issue on Windows, which will be no surprise.

To be honest, I think this is one of those "why are you bothering to use HTTPS on a feedback form?" issues. If the modern internet fetish for "encrypt everything, just in case" wasn't there, this wouldn't be an issue. So, as it stands, I think a mechanism that tried https, then fell back on plain http would have completely avoided this problem.

AGAIN, this is for the Bug Feedback data path, and it could even warn the user that it was doing so.

You were right about that. I was weighting on all inputs in this thread at the time, so I've lost sight of the obvious macOS path. I still think it's a good idea to be thorough when reporting an[y] issue.

orgcontrib avatar Jan 27 '24 20:01 orgcontrib