Bug 1686917 - rdesktop fails with "ERROR: Failed to extract public key from certificate"
Summary: rdesktop fails with "ERROR: Failed to extract public key from certificate"
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: rdesktop
Version: 30
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Jon Disnard
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-08 16:25 UTC by Anders Blomdell
Modified: 2019-12-10 03:04 UTC (History)
12 users (show)

Fixed In Version: rdesktop-1.9.0-1.fc31 rdesktop-1.9.0-1.fc30
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-12-10 02:54:57 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
Rework of commit a3dfceefc2c729243b71270e3f503fa2dd57ec8d for v1.8.4 (1.49 KB, patch)
2019-03-08 18:51 UTC, Anders Blomdell 		no flags Details | Diff
View All

Description Anders Blomdell 2019-03-08 16:25:49 UTC 
Description of problem:

When connecting to at least one server, rdesktop-1.8.4-2.fc29.x86_64
fails with "ERROR: Failed to extract public key from certificate"

Version-Release number of selected component (if applicable):

rdesktop-1.8.4-2.fc29.x86_64

How reproducible:

Always when using that server.

Steps to Reproduce:
1. rdesktop bad.server.address

Actual results:

Failed to negotiate protocol, retrying with plain RDP.
ERROR: Failed to extract public key from certificate
ERROR: recv: Connection reset by peer

Expected results:

This is what current master (a4bdfcfe76b4d39c2d6fd7c8c5be4af90dd4b82d) gives

Protocol(warning): Protocol negotiation failed with reason: SSL not allowed by server
Retrying with plain RDP.


Additional info:

rdesktop-1.8.3-3.fc24.x86_64 also works

the fix that is needed seems to be a3dfceefc2c729243b71270e3f503fa2dd57ec8d, but it does not apply cleanly to 1.8.4
Comment 1 Anders Blomdell 2019-03-08 17:06:48 UTC 
Unfortunately  a4bdfcfe76b4d39c2d6fd7c8c5be4af90dd4b82d always prompts for password, so in 
order to put it in an .desktop file, the following workaround is needed:

rdesktop -p '' bad.server.address
Comment 2 Anders Blomdell 2019-03-08 18:51:18 UTC 
Created attachment 1542204 [details]
Rework of commit a3dfceefc2c729243b71270e3f503fa2dd57ec8d for v1.8.4
Comment 3 Anders Blomdell 2019-09-10 07:58:34 UTC 
Still a problem in Fedora-30
Comment 4 James Davis 2019-09-10 14:42:16 UTC 
FWIW

On Fedora 29 rdesktop 1.8.3 works for me and the current patched 1.3.8 doesn't.

Results:

With rdesktop-1.8.3-3.fc24.x86_64

: rdesktop -b -g 2545x1333+0+27 -xl -u username -d domain w10.domain.blah.com
Autoselected keyboard map en-us
Connection established using plain RDP.

With rdesktop-1.8.6-1.fc29.x86_64

: rdesktop -b -g 2545x1333+0+27 -xl -u username -d domain w10.domain.blah.com
Autoselected keyboard map en-us
Connection established using plain RDP.
NOT IMPLEMENTED: data PDU 189
ERROR: rdp.c:128: rdp_recv(), unexpected stream overrun0000 03 00 01 e4 02 f0 80 68 00 01 03 eb 70 81 d5 08 .......h....p...
0010 00 00 00 eb 9d c5 c7 26 91 63 46 79 d3 f7 ae 53 .......&.cFy...S
0020 09 00 0b a9 ce a4 56 92 71 bd 19 13 3b a5 3e 3c ......V.q...;.><
0030 37 0e 69 3c a4 6e b1 a8 07 07 8c 6a 22 21 6b 7b 7.i<.n.....j"!k{
0040 11 4f a9 8d 3c e6 4a 8c 1d bb af 2c c0 0f 85 38 .O..<.J....,...8
0050 c2 9a ea 38 81 fc 77 eb 10 ed 10 48 cd 40 52 96 ...8..w....H.@R.
0060 dc 1a 78 23 3a 00 de c4 15 48 0f ea b6 04 ce 28 ..x#:....H.....(
0070 69 81 fe d4 15 00 92 8b 76 e2 66 83 77 af 5e 2f i.......v.f.w.^/
0080 b8 b3 13 62 e6 6d f8 d9 da ea 57 2b 99 a8 b8 48 ...b.m....W+...H


Interesting to note that repeated attempts with 1.8.3 give a slightly different "NOT IMPLEMENTED" line so I'm not able to exactly say with I think is the issue but is looks similar to the OP.
Comment 5 James Davis 2019-09-10 14:51:09 UTC 
Excuse my non-caffeinated typo above: 1.8.3 works and 1.8.6 doesn't. Forcing no encryption is futile as it crashes but this may be a 1.8.3 bug.
Comment 6 Ian Collier 2019-09-20 15:10:04 UTC 
Comment 4 looks like a separate bug to me, but I also have the issue
mentioned in that comment when connecting to a Fedora 30 xrdp server
(xrdp 0.9.11) - but it can connect fine to earlier Fedora versions.
Also, Fedora 28's rdesktop 1.8.4 can connect fine to the Fedora 30 xrdp
server, but Fedora 26's rdesktop 1.8.3 cannot ("ERROR: SSL_write: 1
(Success)")

Upstream has released rdesktop 1.9.0 beta today, and this works for me.
Comment 7 Fedora Update System 2019-12-02 21:10:54 UTC 
FEDORA-2019-488ecf14e8 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-488ecf14e8
Comment 8 Fedora Update System 2019-12-03 00:54:04 UTC 
rdesktop-1.9.0-1.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-4972fe9cd7
Comment 9 Fedora Update System 2019-12-03 01:33:53 UTC 
rdesktop-1.9.0-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-488ecf14e8
Comment 10 Fedora Update System 2019-12-10 02:54:57 UTC 
rdesktop-1.9.0-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2019-12-10 03:04:25 UTC 
rdesktop-1.9.0-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.