naim94a/lumen

lumina: Certificate verification failed: certificate has expired

Closed this issue · 2 comments

romanholidaypancakes commented

Describe the bug
lumina: Certificate verification failed: certificate has expired

To Reproduce

  • client
lumina: Certificate verification failed: certificate has expired
Command "LuminaPullAllMds" failed
lumina: Certificate verification failed: certificate has expired
Command "LuminaPullAllMds" failed
  • server
 2021-02-04T15:45:03.857Z INFO  lumen > starting private lumen server...
 2021-02-04T15:45:03.884Z INFO  lumen > starting http api server on 0.0.0.0:8082
 2021-02-04T15:45:03.884Z INFO  lumen > listening on 0.0.0.0:1234 secure=true
 2021-02-04T15:45:21.174Z WARN  lumen > err: IOError(Custom { kind: UnexpectedEof, error: "early eof" })
 2021-02-04T15:45:28.010Z WARN  lumen > err: IOError(Custom { kind: UnexpectedEof, error: "early eof" })
 2021-02-04T15:51:36.887Z WARN  lumen > err: IOError(Custom { kind: UnexpectedEof, error: "early eof" })
 2021-02-04T15:51:40.747Z WARN  lumen > err: IOError(Custom { kind: UnexpectedEof, error: "early eof" })
 2021-02-04T15:55:57.878Z WARN  lumen > err: IOError(Custom { kind: UnexpectedEof, error: "early eof" })
 2021-02-04T15:56:16.972Z WARN  lumen > err: IOError(Custom { kind: UnexpectedEof, error: "early eof" })
  • server config
[lumina]
# address that lumen will listen on for IDA to connect to
bind_addr = "0.0.0.0:1234"
# indicates if TLS should be used for connections, if true the `lumina.tls` section is required.
# <<<<<<<<<<<<<<<<<
use_tls = true
# server display name; appears in IDA output window
server_name = "lumen"

# only required when `use_tls` is set to true.
[lumina.tls]
# Specify the server's certificate. 
# Clients connecting to the server must match this certificate.
# If the certificate is password protected, the password can be specified in the `PKCSPASSWD` environment variable.
# <<<<<<<<<<<<<<<<<
server_cert = "/root/lumen5/lumen/lumen.p12"


[database]
# Specifies a postgresql connection string. All variables can be found here: https://docs.rs/tokio-postgres/0.6.0/tokio_postgres/config/struct.Config.html
connection_info = "host=127.0.0.1 user=test111 password=test111"
# Sets if the database connection should be made using TLS.
use_tls = false
# If the database requires a secure connection, paths to server-ca and client-id certificates can be set here:
server_ca = "db_ca.pem"
client_id = "db_id.p12"

# comment out this section to disable api server
# api server allows to query the database for comments by file or function hash.
[api_server]
bind_addr = "0.0.0.0:8082"
  • I checked the certificate time is normal
root@user123:~/lumen5/lumen# cat lumen_crt.pem | openssl x509 -noout -enddate
notAfter=Feb  4 15:27:45 2022 GMT
root@user123:~/lumen5/lumen# openssl pkcs12 -in lumen.p12 -clcerts -nodes | openssl x509 -noout -enddate
Enter Import Password:
notAfter=Feb  4 15:27:45 2022 GMT
naim94a commented

Unfortunately, I cannot reproduce this. Specifying the IDA version + OS might be helpful.
Is there any chance that the client's clock is not set properly?

romanholidaypancakes commented
  • version
windows ida 7.5 sp3
  • server config
[lumina]
bind_addr = "0.0.0.0:1234"
use_tls = true
server_name = "lumen"

[lumina.tls]
server_cert = "/root/lumen5/lumen/lumen.p12"
  • client config
LUMINA_HOST = "server_ip";
LUMINA_PORT = 1234
// LUMINA_TLS = NO

I haven't changed the system clock, I use your certificate and server is normal