Connection to server fails for pairing device with Chromium Signal App

[mastricker]

• I have searched open and closed issues for duplicates

---

Bug description

Cannot connect to server after transition to new phone and trying to pari device.

Steps to reproduce

• Open Signal Chrome app

Actual result: Window which should show the QR code to pair device says: Failed to connect so server
Expected result: QR code for pairing should appear

Screenshots

Platform info

Operating System: OpenSuse
Browser: Chromium 54.0.2840.100 (64-bit)

Signal version: 0.33.0

Link to debug log

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.100 Safari/537.36 Signal-Desktop/0.33.0
2017-03-17T06:05:26.287Z websocket closed 1006
2017-03-17T06:05:36.325Z opening provisioning socket https://textsecure-service-ca.whispersystems.org:8443
2017-03-17T06:05:39.759Z websocket closed 1006
2017-03-17T06:05:49.786Z opening provisioning socket https://textsecure-service-ca.whispersystems.org:80
2017-03-17T06:05:52.265Z websocket closed 1006
2017-03-17T06:06:02.324Z opening provisioning socket https://textsecure-service-ca.whispersystems.org:4433
2017-03-17T06:06:05.403Z websocket closed 1006
2017-03-17T06:06:15.443Z opening provisioning socket https://textsecure-service-ca.whispersystems.org:8443
2017-03-17T06:06:20.726Z websocket closed 1006
2017-03-17T06:06:30.753Z opening provisioning socket https://textsecure-service-ca.whispersystems.org:80

[Carles-Figuerola]

I have the same problem, there seems to be a CN mismatch as textsecure-service-ca.whispersystems.org is returning a certificate for textsecure-service.whispersystems.org. Also, chrome doesn't seem to trust the RootCA (serial number: ‎00 89 ba 2d ab 4a e4 f3 62).

[maritz]

Same issue on Windows 10, Chrome 58.0.3029.110 (64-bit) and 61.0.3114.0 (canary 64-bit).

How do I get access to the debug log when the app is in non-paired state? I don't get a menu and don't know the chrome windows directory structure at all..

Worth noting: The app was unable to connect for about half a month now, so I removed the pairing in the hope that it would work after re-applying it again.

[scottnonnenberg]

What happens when you try to navigate directly to https://textsecure-service-ca.whispersystems.org? I get this response {"code":404,"message":"HTTP 404 Not Found"} (no certificate error).

[maritz]

This server could not prove that it is textsecure-service-ca.whispersystems.org; its security certificate is from *.mediamath.com.

If I ignore the cert error (just to test) I get a 503.

[haffenloher]

@maritz what about https://textsecure-service-ca.whispersystems.org:80/ ? The "*.mediamath.com" bit sounds like something is meddling with your connection though (like a captive portal).

[maritz]

@haffenloher I'll test that when I'm at home later today.

I'm now on a different machine and network, going to https://textsecure-service-ca.whispersystems.org/ gets me a different error:

Attackers might be trying to steal your information from textsecure-service-ca.whispersystems.org (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID
This server could not prove that it is textsecure-service-ca.whispersystems.org; its security certificate is not trusted by your computer's operating system.

OS: Linux
Distribution: Linux Mint Debian Edition 2
uname -a: Linux {hostname} 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2 (2017-04-30) x86_64 GNU/Linux
Chromium: Version 57.0.2987.98 Built on 8.7, running on Debian 8.7 (64-bit)
ca-certificates version: 20141019+deb8u3

However going to https://textsecure-service-ca.whispersystems.org:80/ on this system gets me the 404 json response without cert errors.

[maritz]

On my Windows Desktop at home I get "ERR_CONNECTION_REFUSED" for https://textsecure-service-ca.whispersystems.org:80/

I'll try another machine on my home network and without my router tomorrow. If that gets the same results, it might be time to call my ISP.

[scottnonnenberg]

Note that there are absolutely some countries where signal is blocked. :0( The mobile apps have some techniques for dealing with this, but the desktop app currently does not.

[maritz]

I did a router firmware upgrade (was one version behind) and now it's working again. Weird.

[Carles-Figuerola]

Why was this closed when the original poster hasn't said that this was solved?

I'm still seeing that the certificate for textsecure-service-ca.whispersystems.has several problems:

(this is from different browser's, OS's and countries)

My error in particular matches the original poster's:

[scottnonnenberg]

This issue was closed because it's not a bug with the app. It's a bug having to do with certificates, certificate authorities, and your connection to the primary signal server. Ultimately this issue became a tech support forum for those with various difficulties connecting - a user configuration (or sometimes ISP) issue rather than a functionality problem.

Please contact Whisper Systems support if you can't connect directly to the signal server with your browser. The application can't do any better than your browser can.

[haffenloher]

@Carles-Figuerola that screen shot looks like you tried on port 443. How about https://textsecure-service-ca.whispersystems.org:4433 or https://textsecure-service-ca.whispersystems.org:80 ?