muse-sounds-manager invalid SSL certificate

• Dec 28, 2023 - 20:41

I have downloaded the beta muse-sounds-manager to my linux opensuse tumbleweed system. MSM loads fine, but when I click to download a sounds file (harp) I get a message to say something went wrong. From running MSM in a terminal I see:

2023-12-28 15:35:37.2331|INFO|Muse.Client.Linux.Services.LinuxMuseBackgroundService|Parsing message Muse.Common.Messages.Actions.RegisterHiddenDownloadAction (ItemId=musesampler;ItemType=Application;P2PInfoFile=https://muse-webservice.azurewebsites.net/musedownload/application-buil…) ...
2023-12-28 15:35:37.2348|INFO|Muse.Common.Interop.ServiceCore|Registering Hidden Item (Type: Application, Id: musesampler, Name: MuseSampler)...
curl_easy_perform() failed: Problem with the SSL CA cert (path? access rights?)
2023-12-28 15:35:37.2896|INFO|Muse.Common.Interop.ServiceCore|Error getting .musedownload file
2023-12-28 15:35:37.2896|ERROR|Muse.Common.Interop.ServiceCore|Error registering hidden download: musesampler: MuseSampler
2023-12-28 15:35:37.4478|INFO|Muse.Client.Linux.Services.LinuxMuseBackgroundService|Parsing message Muse.Common.Messages.Actions.ForceItemStateAction (Type=Application;Id=hub;Name=Muse Hub;Version=1.1.0.587;State=Installed) ...
2023-12-28 15:35:37.4478|INFO|Muse.Common.Interop.ServiceCore|Forcing Item State (Type: Application, Id: hub, Name: Muse Hub, Version: 1.1.0.587, State: Installed)...
2023-12-28 15:35:45.0416|INFO|Muse.Client.Linux.Services.LinuxMuseBackgroundService|Parsing message Muse.Common.Messages.Actions.StartDownloadAction (ItemId=cba44cea-47bc-4c61-bf57-abcb4e998bc9;ItemType=Instrument;P2PInfoFile=https://muse-webservice.azurewebsites.net/musedownload/library-packages… Harp) ...
2023-12-28 15:35:45.0457|INFO|Muse.Common.Interop.ServiceCore|Downloading Item (Type: Instrument, id: cba44cea-47bc-4c61-bf57-abcb4e998bc9, Name: Muse Harp)...
curl_easy_perform() failed: Problem with the SSL CA cert (path? access rights?)
2023-12-28 15:35:45.0909|INFO|Muse.Common.Interop.ServiceCore|Error getting .musedownload file
2023-12-28 15:35:45.0911|ERROR|Muse.Common.Interop.ServiceCore|Error adding download: cba44cea-47bc-4c61-bf57-abcb4e998bc9: Muse Harp

which seems to imply there is something wrong on the curl call.

Can anyone help me to identify and fix the problem?

Comments

MK140221

• Jan 3, 2024 - 09:33

IDK but looks like an internet connection issue, maybe the firewall or internet problems? Try installing it again.

haslamorama

• Jan 3, 2024 - 15:27

I tried removing all instances of musescore musehub and muse-sounds then istalled musescore and muse-sounds-manager. I even cleared cache from my user. It is no different. When I click to download sounds the same problem occurrs.

I tried a web test on the azure domain which told me that the domain is valid and certificates good. I have no problems accessing musescore.com or org.

Is there any way to get more diagnostics from muse-sounds-manager or devising some kind of test against what the msm curl call issues?

graffesmusic

• Jan 3, 2024 - 17:23

The problem seems to be
curl_easy_perform() failed: Problem with the SSL CA cert (path? access rights?)
When i start MSM, one on the first things log entries is:
024-01-03 13:56:14.2280|INFO|Muse.Client.Linux.App|Setting SSL_CERT_DIR to /usr/lib/ssl/certs
2024-01-03 13:56:14.2280|INFO|Muse.Client.Linux.App|Setting SSL_CERT_FILE to /usr/lib/ssl/certs/ca-certificates.crt
On my system (ubuntu 22.04), this is a symlink
lrwxrwxrwx 1 root root 14 dec 15 2022 /usr/lib/ssl/certs -> /etc/ssl/certs
Perhaps there is a problem with this?
The CA used here is Microsoft RSA Root Certificate Authority 2017.
It cannot hurt to check if the Microsoft CA is on your system.
I have these on the system:
lrwxrwxrwx 1 root root 49 dec 15 2022 8d89cda1.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root 49 dec 15 2022 bf53fb88.0 -> Microsoft_RSA_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root 84 dec 15 2022 Microsoft_ECC_Root_Certificate_Authority_2017.pem -> /usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root root 84 dec 15 2022 Microsoft_RSA_Root_Certificate_Authority_2017.pem -> /usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt

Does this command work?
curl https://muse-webservice.azurewebsites.net/

Common ca-certificates can be installed with (edit: on ubuntu that is, i am sure there is a similar package on opensuse)
sudo apt install ca-certificates
if needed.

haslamorama

• Jan 3, 2024 - 20:38

I have the following Microsoft certificates:-

/etc/ssl/certs/Microsoft_ECC_Root_Certificate_Authority_2017.pem
/etc/ssl/certs/Microsoft_RSA_Root_Certificate_Authority_2017.pem

/var/lib/ca-certificates/pem/Microsoft_ECC_Root_Certificate_Authority_2017.pem
/var/lib/ca-certificates/pem/Microsoft_RSA_Root_Certificate_Authority_2017.pem
/var/lib/ca-certificates/openssl/Microsoft_ECC_Root_Certificate_Authority_2017.pem
/var/lib/ca-certificates/openssl/Microsoft_RSA_Root_Certificate_Authority_2017.pem

also in /var/lib/ca-certificates/openssl there is:

lrwxrwxrwx 1 root root 49 Dec 25 13:19 01419da9.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root 49 Dec 25 13:19 8d89cda1.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root 49 Dec 25 13:19 9591a472.0 -> Microsoft_RSA_Root_Certificate_Authority_2017.pem
-r--r--r-- 1 root root 972 Dec 25 13:19 Microsoft_ECC_Root_Certificate_Authority_2017.pem
-r--r--r-- 1 root root 2122 Dec 25 13:19 Microsoft_RSA_Root_Certificate_Authority_2017.pem

The start of MSM picks different directories than yours but is for this OpenSuse Tumbleweed system:

2024-01-03 15:33:13.4612|INFO|Muse.Common.Interop.ServiceCore|[MuseDownloaderInitialStateCallbackHandler] ID: hub, Name: Muse Hub, Item Type: Application, State: Installed, Version: 1.1.0.587
2024-01-03 15:33:13.4716|INFO|Muse.Common.Interop.ServiceCore|No resume data file for Muse Hub (hub.resume)

curl_easy_perform() failed: Problem with the SSL CA cert (path? access rights?)
curl_easy_perform() failed: Problem with the SSL CA cert (path? access rights?)

But it still fails..... :-(

haslamorama

• Jan 3, 2024 - 20:41

Here is the result of the curl request:

/home/turtle$ curl https://muse-webservice.azurewebsites.net/

<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>

MK140221

• Jan 3, 2024 - 21:58

I get the same result from my browser when I access that link

graffesmusic

• Jan 3, 2024 - 23:19

Strange.
Nevertheless, this is a CA-cert problem, obviously.
It seems that curl and libcurl (can) use other cacert paths.
You could test with
https://raw.githubusercontent.com/curl/curl/master/docs/examples/simple…
adapt url to
curl_easy_setopt(curl, CURLOPT_URL, "https://muse-webservice.azurewebsites.net/");
and compile with
gcc simple.c -lcurl -o testlibcurl
The resulting program 'testlibcurl' should run without error if ca is OK

haslamorama

• Jan 4, 2024 - 16:10

I got the test 'C' code, replaced the URL as you said, compiled and ran it.

Here is what I got:-

/home/turtle/code/curltest$ ./curltest

<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>

/home/turtle/code/curltest$

So the fact we got something and there was no failure message from the curl call, does this mean it is not a certificate problem but rather something that the MSM code is finding wrong and reporting or maybe giving an incorrect curl call?

I don't quite understand other than different system file/directory structure why it works on Ubuntu and not Opensuse. Does anyone have access to the MSM code?

graffesmusic

• Jan 4, 2024 - 16:28

We don't have access to the code, this is not open source.
Best ask over there: https://musehub.zendesk.com/hc/en-gb
This is strange. Perhaps a difference in libcurl version. Anyway, we cannot know how this has been compiled. Surely, it has not been tested with Opensuse.
Since the curltest works fine, this cannot be a missing ca-cert.
If this does not exist yet, why not try with a symlink
/usr/lib/ssl/certs -> /etc/ssl/certs
One never knows ...
(to be sure:
ldd /opt/muse-sounds-manager/Muse.Client.Linux
is OK?)
Is teh output of
openssl version -d
give you /etc/ssl ?
On my system that is:
OPENSSLDIR: "/usr/lib/ssl"

haslamorama

• Jan 4, 2024 - 17:00

I get:-

/home/turtle$ openssl version -d
OPENSSLDIR: "/etc/ssl"

/home/turtle$ ldd /opt/muse-sounds-manager/Muse.Client.Linux
linux-vdso.so.1 (0x00007fffe4159000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f3718637000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f3718632000)
libz.so.1 => /lib64/libz.so.1 (0x00007f3718618000)
librt.so.1 => /lib64/librt.so.1 (0x00007f3718611000)
libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f37185ec000)
libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007f3717600000)
libm.so.6 => /lib64/libm.so.6 (0x00007f3718505000)
libc.so.6 => /lib64/libc.so.6 (0x00007f3717200000)
/lib64/ld-linux-x86-64.so.2 (0x00007f3718662000)
/home/turtle$

which would seem to be correct. I also tried to force the certificates file through environment variables which MSM picked up but it made no difference to the result.

MSM is not available yet through Opensuse - got the .rpm file from the Muse download website. Looks as though I will have to wait......unless someone has a solution to this. (sigh!)

graffesmusic

• Jan 4, 2024 - 17:23

Best to ask musehub support i think.
https://musehub.zendesk.com/hc/en-gb