VirtualBox

Ticket #12969 (reopened defect)

Opened 3 years ago

Last modified 5 months ago

SSL authentication failed

Reported by: Rmplstltskn Owned by:
Priority: major Component: other
Version: VirtualBox 4.3.10 Keywords: SSL authentication failed
Cc: Guest type: other
Host type: other

Description

  1. Launch new installed VirtualBox.
  2. Check for updates - everything ОК.
  3. In Windows Explorer find the image *.vbox from old HDD, which already in folder "VirtualBox VMs" and add it to the list in application (two clicks).
  4. Check for updates - SSL authentication failed
  5. Deleting recently added vritual machine from list.
  6. Restart of application.
  7. Checking update - everything ОК.

Attachments

VBoxSVC.log Download (1.3 KB) - added by Rmplstltskn 3 years ago.
VBoxSVC.2.log Download (1.6 KB) - added by ItielMaN 3 years ago.
VirtualBox.xml Download (5.9 KB) - added by ItielMaN 3 years ago.
VirtualBox.2.xml Download (6.1 KB) - added by ItielMaN 3 years ago.
VBoxSVC.3.log Download (1.5 KB) - added by ItielMaN 3 years ago.

Change History

Changed 3 years ago by Rmplstltskn

comment:1 follow-up: ↓ 2 Changed 3 years ago by frank

  • Status changed from new to closed
  • Resolution set to fixed

Should be fixed a while ago (4.3.12 or 4.3.14).

comment:2 in reply to: ↑ 1 Changed 3 years ago by Rmplstltskn

Replying to frank:

Should be fixed a while ago (4.3.12 or 4.3.14).

Bug still not fixed (new installed 4.3.16)

comment:3 Changed 3 years ago by Rmplstltskn

  • Status changed from closed to reopened
  • Resolution fixed deleted

comment:4 follow-up: ↓ 5 Changed 3 years ago by frank

I cannot reproduce this problem, even after registering a new VM by clicking on a .vbox file.

comment:5 in reply to: ↑ 4 ; follow-up: ↓ 6 Changed 3 years ago by Rmplstltskn

Replying to frank:

I cannot reproduce this problem, even after registering a new VM by clicking on a .vbox file.

If I can give information about the system, it will help the cause? But what information?

Changed 3 years ago by ItielMaN

Changed 3 years ago by ItielMaN

comment:6 in reply to: ↑ 5 ; follow-up: ↓ 7 Changed 3 years ago by ItielMaN

Replying to Rmplstltskn:

Replying to frank:

I cannot reproduce this problem, even after registering a new VM by clicking on a .vbox file.

If I can give information about the system, it will help the cause? But what information?

I have the same issue. To be honest, I didn't double click the vbox files, it just happened by it's own a few versions ago. Using WIndows 7 SP1 x86 and latest version of VirtualBox. COMODO Internet Security installed. Disabling it's defenses didn't help.

I've attached some logs that might be of some help.

comment:7 in reply to: ↑ 6 Changed 3 years ago by Rmplstltskn

Replying to ItielMaN:

I have the same issue. To be honest, I didn't double click the vbox files, it just happened by it's own a few versions ago. Using WIndows 7 SP1 x86 and latest version of VirtualBox. COMODO Internet Security installed. Disabling it's defenses didn't help.

I've attached some logs that might be of some help.

Double click is not required it's just example. When I added one, or more VM's, in list of VM's i've got this error.

comment:8 Changed 3 years ago by ItielMaN

Some more info:

  1. Tried removing VirtualBox (without deleting the VMs) totally and re-installed.
  2. After upgrading to newer VB version and clicking the update feature (that as I mentioned- failed), it automatically detects the VirtualBox Extension Pack update and installs it successfully, which mean it can get to the server or something.

Are there any more logs I can supply that may help locating the issue?

comment:9 Changed 3 years ago by LNabais

I have the same issue, when Check for updates, cannot connect, SSL authentication failed. Windows 8.1 x64, Java 8 Update 25 x64, VirtualBox 4.3.18 r96516. No firewall except windows (and tried with it disabled). What more can I give to help on this?

comment:10 Changed 3 years ago by tgm

I also see this issue (check for update - SSL failure) in both 4.3.16 and 4.3.18. Running on Windows 7 Pro (SP1) 64 bit. I manually downloaded the 4.3.18 update and installed. Interesting thing though.. After upgrade VB prompts to update extension pack (expected behavior). I approved and installed directly without any issues. Wonder why no SSL error with this action.

comment:11 Changed 3 years ago by woodbridge

I have exactly same issue after just downloaded and installed newest version today. My laptop is Windows 7 Professional SP 1. Not sure what information I can provide. The errors showed in log file is basically same as already attached file.

comment:12 follow-up: ↓ 13 Changed 3 years ago by Rmplstltskn

In version 4.3.20 bug still not fixed.

comment:13 in reply to: ↑ 12 Changed 3 years ago by ItielMaN

Replying to Rmplstltskn:

In version 4.3.20 bug still not fixed.

Same here :(

comment:14 follow-up: ↓ 15 Changed 3 years ago by frank

If you remove the file vbox-ssl-cacertificate.crt in your .VirtualBox directory ($HOME/.VirtualBox on Linux, c:\users\USER\.VirtualBox on Windows) and do the test again, does this change anything?

comment:15 in reply to: ↑ 14 Changed 3 years ago by ItielMaN

Replying to frank:

If you remove the file vbox-ssl-cacertificate.crt in your .VirtualBox directory ($HOME/.VirtualBox on Linux, c:\users\USER\.VirtualBox on Windows) and do the test again, does this change anything?

Nope. After starting VB and trying again- same error. And the file vbox-ssl-cacertificate.crt is being recreated afterwards.

comment:16 Changed 3 years ago by mhanor

I can reproduce the issue with the PUEL version, running the VirtualBox Manager inside a Windows 7 x64 (clean install + updates) VM. I can't reproduce the SSL failure using the OSE build (inside the VM) and it doesn't occur on my host (Windows 8.1 x64).

I'm not sure if this is related to the SSL authentification failure, but, most of the times, both the OSE and the PUEL version, try to access the vbox-ssl-cacertificate.crt in the current folder (which is the installation folder) and in C:\etc\, but not in the user's home folder. When it happens, two first chance 800401f0 exceptions occur during the COMGETTER(HomeFolder) call (see one call stack below, 4.3.20 sources). The "." path is returned and converted to a full path.

The Manager accesses the .crt file in the user home folder if I check for updates in the first 2 seconds after it has started. After this time interval, all attempts to check for an update, fail.

When the SSL authentification fails, the VirtualBox Manager sends to the TLS server an alert message: Level 0x2 (fatal), description - 0x30 (Unknown CA).

KERNELBASE!RaiseException+0x39
RPCRT4!RpcpRaiseException+0x33
ole32!NdrExtpProxyGetBuffer+0x35c0
RPCRT4!NdrpProxyGetBuffer+0x1b
RPCRT4!NdrpClientCall2+0x9d1
ole32!ObjectStublessClient+0x1ad [d:\w7rtm\com\rpc\ndrole\amd64\stblsclt.cxx @ 620]
ole32!ObjectStubless+0x42 [d:\w7rtm\com\rpc\ndrole\amd64\stubless.asm @ 117]
VirtualBox!CVirtualBox::GetHomeFolder+0xeb [c:\work_x64\vbox\out\win.amd64\debug\obj\virtualbox\include\comwrappers.cpp @ 940]
VirtualBox!UINetworkReplyPrivateThread::fullCertificateFileName+0x8c [c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp @ 203]
VirtualBox!UINetworkReplyPrivateThread::applyHttpsCertificates+0x31 [c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp @ 129]
VirtualBox!UINetworkReplyPrivateThread::run+0xc2 [c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp @ 182]
QtCore4!QThreadPrivate::start+0x1a7 [c:\work_x64\qt\src\corelib\thread\qthread_win.cpp @ 357]
MSVCR100!_callthreadstartex+0x17
MSVCR100!_threadstartex+0x7f
kernel32!BaseThreadInitThunk+0xd
ntdll!RtlUserThreadStart+0x1d
Last edited 3 years ago by mhanor (previous) (diff)

comment:17 Changed 3 years ago by frank

Interesting information. GetHomeFolder() should always return the folder where the VirtualBox.xml file is resided in but never c:
etc or something like that...

comment:18 Changed 3 years ago by mhanor

It returns "." along that exception, which gets translated to the current folder (the installation folder) by one of the methods called by fullCertificateFileName(). The C:\etc\ path is accessed at some other point in the execution of the program, see below the call stack (as Process Monitor shows it):

0	fltmgr.sys	FltAcquirePushLockShared + 0x907	0xfffff8800112d067	C:\Windows\system32\drivers\fltmgr.sys
1	fltmgr.sys	FltIsCallbackDataDirty + 0x20ba	0xfffff8800112f9aa	C:\Windows\system32\drivers\fltmgr.sys
2	fltmgr.sys	FltReadFile + 0x10363	0xfffff8800114d2a3	C:\Windows\system32\drivers\fltmgr.sys
3	ntoskrnl.exe	MmCreateSection + 0x279c	0xfffff80002993efc	C:\Windows\system32\ntoskrnl.exe
4	ntoskrnl.exe	SeQueryInformationToken + 0xc48	0xfffff8000298f878	C:\Windows\system32\ntoskrnl.exe
5	ntoskrnl.exe	ObOpenObjectByName + 0x306	0xfffff80002990a96	C:\Windows\system32\ntoskrnl.exe
6	ntoskrnl.exe	PsTerminateSystemThread + 0x244	0xfffff80002924b34	C:\Windows\system32\ntoskrnl.exe
7	ntoskrnl.exe	KeSynchronizeExecution + 0x3a23	0xfffff80002692e53	C:\Windows\system32\ntoskrnl.exe
8	ntdll.dll	ZwQueryFullAttributesFile + 0xa	0x76d1241a	C:\Windows\SYSTEM32\ntdll.dll
9	KERNELBASE.dll	GetFileAttributesExW + 0x9d	0x7fefcd57e3d	C:\Windows\system32\KERNELBASE.dll
10	VBoxRT.dll	RTPathQueryInfoEx + 0x17c, c:\work_x64\vbox\src\vbox\runtime\r3\win\path-win.cpp(253)	0x7feefd9807c	C:\work_x64\vbox\out\win.amd64\debug\bin\VBoxRT.dll
11	VBoxRT.dll	RTFileExists + 0x3c, c:\work_x64\vbox\src\vbox\runtime\generic\rtfileexists-generic.cpp(41)	0x7feefd87b2c	C:\work_x64\vbox\out\win.amd64\debug\bin\VBoxRT.dll
12	VBoxRT.dll	rtHttpGet + 0xe8, c:\work_x64\vbox\src\vbox\runtime\common\misc\http.cpp(466)	0x7feefd857b8	C:\work_x64\vbox\out\win.amd64\debug\bin\VBoxRT.dll
13	VBoxRT.dll	RTHttpGetBinary + 0x31, c:\work_x64\vbox\src\vbox\runtime\common\misc\http.cpp(515)	0x7feefd85e31	C:\work_x64\vbox\out\win.amd64\debug\bin\VBoxRT.dll
14	VirtualBox.exe	UINetworkReplyPrivateThread::performGetRequestForBinary + 0x134, c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp(292)	0x13fc5ca64	C:\work_x64\vbox\out\win.amd64\debug\bin\VirtualBox.exe
15	VirtualBox.exe	UINetworkReplyPrivateThread::downloadCertificates + 0xeb, c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp(385)	0x13fc5d14b	C:\work_x64\vbox\out\win.amd64\debug\bin\VirtualBox.exe
16	VirtualBox.exe	UINetworkReplyPrivateThread::applyHttpsCertificates + 0x9d, c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp(139)	0x13fc5bcbd	C:\work_x64\vbox\out\win.amd64\debug\bin\VirtualBox.exe
17	VirtualBox.exe	UINetworkReplyPrivateThread::run + 0xc2, c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp(181)	0x13fc5bf02	C:\work_x64\vbox\out\win.amd64\debug\bin\VirtualBox.exe
18	QtCore4.dll	QThreadPrivate::start + 0x1a7, c:\work_x64\qt\src\corelib\thread\qthread_win.cpp(355)	0x73c1f587	C:\work_x64\vbox\out\win.amd64\debug\bin\QtCore4.dll
19	MSVCR100.dll	endthreadex + 0x43	0x740b1d9f	C:\Windows\system32\MSVCR100.dll
20	MSVCR100.dll	endthreadex + 0xdf	0x740b1e3b	C:\Windows\system32\MSVCR100.dll
21	kernel32.dll	BaseThreadInitThunk + 0xd	0x76ab59ed	C:\Windows\system32\kernel32.dll
22	ntdll.dll	RtlUserThreadStart + 0x21	0x76cec541	C:\Windows\SYSTEM32\ntdll.dll

The actual path is C:\etc\ssl\certs\ca-certificates.crt

Last edited 3 years ago by mhanor (previous) (diff)

comment:19 Changed 3 years ago by mhanor

With the PUEL version, the usual installation folder access rights/user access rights/UAC prohibits the creation of the crt file inside C:\Program Files\Oracle\VirtualBox\

comment:20 Changed 3 years ago by frank

Now I'm confused. How comes the installation folder into play? Again, GetHomeFolder() should deliver the position of VirtualBox.xml. If it returns '.' then that's a bug.

comment:21 Changed 3 years ago by frank

So far unable to reproduce. GetHomeFolder() always returns the correct home folder, therefore the .crt file is always found.

comment:22 Changed 3 years ago by mhanor

Have you tried with a fresh install of Windows 7? Also, let the Manager wait for 10 seconds then check for updates.

I was wrong, GetHomeFolder() doesn't return ".", it returns "". I think it just fails, because mRC is set to 800401f0 and aHomeFolder doesn't seem to be modified after the COMGETTER(HomeFolder) call (it's set to "" by the class constructor). The "." gets set in by one of the multitude of methods and constructors called by fullCertificateFileName(). I will try with the unoptimized Qt libraries. When it's about to fail the SSL authentification, the Manager process also decides to download the roots.zip file from verisign.com. When it's about to succeed (like in the first 2 seconds of the process lifetime), for some reason it doesn't download the roots.zip file.

Last edited 3 years ago by mhanor (previous) (diff)

comment:23 Changed 3 years ago by mhanor

The "." originates from the Qt library, see Qt\src\corelib\io\qdir.cpp line 100 (Qt 4.8.6).

comment:24 follow-up: ↓ 25 Changed 3 years ago by frank

Actually the Win7 VM is a good testcase. I can reproduce the problem there and will try to debug + fix it.

comment:25 in reply to: ↑ 24 Changed 3 years ago by Rmplstltskn

Replying to frank:

Actually the Win7 VM is a good testcase. I can reproduce the problem there and will try to debug + fix it.

I think, version of OS not important, i got same error on W7 x64 and W8.1 x64. Maybe language or regional settings important? For me it is russian.

comment:26 follow-up: ↓ 28 Changed 3 years ago by frank

Finally found and fixed. Right, it does not depend on the Windows versions, but the bug is Windows-only, that is, on non-Windows platforms this didn't happen. It was a bit hard to find because the function often succeeds but Mihais testcase was a great help for debugging. I have prepared a test build. I would appreciate if users who are affected by this bug could confirm that the latest Windows test build from here fixes the problem. Thank you!

comment:27 Changed 3 years ago by mhanor

I can't reproduce the issue with the new build and my Windows 7 VM. But why would the Windows build ever want to check for "/etc/ssl/certs/ca-certificates.crt"? See src\VBox\Runtime\common\misc\http.cpp line 552, in RTHttpGetFile(). It hits this piece of code, if it can't access the vbox-ssl-cacertificate.crt file in the user home folder.

Last edited 3 years ago by mhanor (previous) (diff)

comment:28 in reply to: ↑ 26 Changed 3 years ago by ItielMaN

Replying to frank:

Finally found and fixed. Right, it does not depend on the Windows versions, but the bug is Windows-only, that is, on non-Windows platforms this didn't happen. It was a bit hard to find because the function often succeeds but Mihais testcase was a great help for debugging. I have prepared a test build. I would appreciate if users who are affected by this bug could confirm that the latest Windows test build from here fixes the problem. Thank you!

Oh come on! In the latest build still same error. Also removing vbox-ssl-cacertificate file didn't do the trick. VBoxSVC.log and VirtualBox.xml are again attached (if needed).

Changed 3 years ago by ItielMaN

Changed 3 years ago by ItielMaN

comment:29 follow-ups: ↓ 30 ↓ 31 Changed 3 years ago by mhanor

What's the error message it gives you? Have you edited the log file to hide the name of the home folder? What's the language of your host OS?

Last edited 3 years ago by mhanor (previous) (diff)

comment:30 in reply to: ↑ 29 Changed 3 years ago by ItielMaN

Replying to mhanor:

What's the error message it gives you? Have you edited the log file to hide the name of the home folder?

Same error as always: "The network operation failed with the following error: SSL authentication failed." And no, I didn't. The home folder's name is written in hebrew, that's why you see "עליז×".

comment:31 in reply to: ↑ 29 Changed 3 years ago by ItielMaN

Replying to mhanor:

What's the language of your host OS?

Hebrew.

comment:32 Changed 3 years ago by mhanor

Indeed. I can reproduce the SSL failure on my Windows 7 VM, if the home folder name contains special caracters (I have picked one from the character map, ș).

comment:33 Changed 3 years ago by frank

Many thanks guys for this hint. With this information we were able to reproduce the problem. We believe that we fixed it now properly. Could you confirm that this package works for you? Thank you!

comment:34 follow-up: ↓ 37 Changed 3 years ago by frank

To be more precise: This was an additional problem to the one we fixed with the previous test build.

comment:35 Changed 3 years ago by mhanor

It's OK on my test VM.

comment:36 Changed 3 years ago by ItielMaN

Hell yeah! Working great now. Thanks frank :)

comment:37 in reply to: ↑ 34 Changed 3 years ago by Rmplstltskn

Replying to frank:

To be more precise: This was an additional problem to the one we fixed with the previous test build.

Glad to see that! I aproove.

comment:38 Changed 3 years ago by VgnJhd

I can confirm that this fixed all my issue Thanks Frank !

comment:39 Changed 3 years ago by frank

Thanks for helping debugging and for all the feedback!

comment:40 Changed 3 years ago by NwDx

Thank you! This last update is working for me. Had special characters in path too: 'é'

comment:41 Changed 2 years ago by frank

  • Status changed from reopened to closed
  • Resolution set to fixed

Fix is finally part of VBox 4.3.22. Please don't reopen this ticket before you installed VBox 4.3.22!

comment:42 Changed 2 years ago by BGarber

I'm seeing this issue on 4.3.28 r100309 Win 7 x64

comment:43 Changed 5 months ago by MericClan

  • Status changed from closed to reopened
  • Resolution fixed deleted

I have the same issue. Installed latest VB, extensions, guest tools with no success. System cannot validate SSL certificates. Manually installing SSL certficates doesn't work. Deleting vbox-ssl-cacertificate.crt doesn't work. I can't install applications that require SSL connections like Adobe Acrobat, can't google without going through error messages. OS: Windows Server 2012

comment:44 Changed 5 months ago by mhanor

What version of VirtualBox are you using? What's the exact error message?

Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use