Pomoc Importing trusted root certificates.... I think!

[nasuserplus]

Hi,

Firstly, sorry for the English here, I don't know Polish. :-(

I have a problem that I think is related to the lack of trusted root certificates on my QNAP.

I have been looking at the QNAP forums for some time and found several references to https and problems with root certificates, but can't get this to work!

I am wanting to connect to a torrent tracker with an https:// url. (rtorrent won't connect, it just says "Error".)

I think I have narrowed this down to this:

# wget https://trackerurl.biz
--2015-02-23 12:45:03--  https://trackerurl.biz/
Resolving trackerurl.biz... 87.98.216.81
Connecting to trackerurl.biz|87.98.216.81|:443... connected.
ERROR: cannot verify trackerurl.biz's certificate, issued by `/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2':
  Self-signed certificate encountered.
To connect to trackerurl.biz insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.

I have put the trusted root certs in /opt/share/openssl/certs, and converted to hashes, and this works:

# wget --ca-directory=/opt/share/openssl/certs https://trackerurl.biz
--2015-02-23 12:46:14--  https://trackerurl.biz/
Resolving trackerurl.biz... 87.98.216.81
Connecting to trackerurl.biz|87.98.216.81|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: `index.html'

    [ <=>                                                                 ] 9,038       --.-K/s   in 0.004s

2015-02-23 12:46:15 (2.00 MB/s) - `index.html' saved [9038]

Where should I put the certs to have them picked up automatically system-wide without having to specify a directory explicitly?

Thanks for any help you can give me.

 

[Usunięty użytkownik pigers]

Hi
AFAIK that's old issue of QNAPs - have look at QNAP NAS Community Forum • View topic - Trusted root certificates pre-installed

tried: rTorrent - ArchWiki ??
as for wget - create alias

alias wget='/path/to/wget --ca-directory=/opt/share/openssl/certs'

 

[nasuserplus]

Hi, and many thanks for the reply. In my research I did actually find both of those threads, but thanks for pointing them out again. I currently have this in my rtorrent conf:

http_capath = /opt/share/openssl/certs

The wget example works with this directory. Should this be working with rtorrent? I will check again for errors.

I was only using wget as a means of demonstrating the problem - it is actually rtorrent that I want to use with https:// trackers.

 

[Silas Mariusz]

What version of rtorrent client do you use? Is it the one from App Center/QPKG?

 

[nasuserplus]

What version of rtorrent client do you use? Is it the one from App Center/QPKG?

Hi Silas! Thanks for the interest. I've read so many of your posts I feel I know you already!

$ rtorrent -h
Rakshasa's BitTorrent client version 0.8.6.

I'm using quite old software (and firmware) as I've installed a few packages, openssl, bash, mc, etc, and written an autoload.sh and backup scripts that are all working well and I don't want to break them!

I installed rtorrent, rssdler and dtach a long time ago, and to be quite honest, can't remember where it came from. :-( It's started by a small batch file named 'rtor', which is not one of mine, if that helps.

 

[Silas Mariusz]

Maybe it's time for an upgrade? There is already released rtorrent-QNAP 0.9.2 available as QPKG package for X86 Intel based NAS and it works with SSL trackers.
» View Screenshot Gallery

 

[nasuserplus]

Hi again. Yes, I was also thinking that. I just wasn't sure it was rtorrent at fault or something else. I guess if I bite the bullet and install the latest QPKG I will also be able to use rutorrent?

Thanks again for all your help.

 

[Silas Mariusz]

Yeap.
It's a bundle package.

rtorrent-QNAP is an high performance and extra featured bittorrent client combined with simple and elegant user interface. rtorrent differentiates itself from other implementations by transferring data directly between file pages mapped to memory by the mmap() function and the network stack. On high-bandwidth connections, it claims to be able to seed at 3 times the speed of the official client.
Default login and password: rtorrent/admin

 

[nasuserplus]

Thanks again.
Sorry for the continued questions, but I'm wary of opening up a can of worms by installing this package. Obviously a huge amount of work has gone into providing this, thank you for all your efforts.

I am currently using rtorrent in a dtach window, i.e. only ncurses in a remote ssh terminal. Will I still be able to do that, or will the new version limit me to using rutorrent only?

I'm not very familiar with the QPKG system, so please excuse me if I get this wrong, but, it looks like everything will be installed in /opt/bin/rtorrent and directories below that, with the settings etc in the /share/Download directory (and subdirectories). Does this mean I will be able to safely run the current, old, executable, which is located elsewhere, with separate settings while I check out the upgrade?

What is the function of the blocklist that is downloaded?

And, lastly, I am currently running with old firmware (3.5.0 Build 0815T). I haven't upgraded because this does everything I need (not very much) and it's all working fine. I gather that the latest firmware is 4.1.2 Build0126T. Do I need to update this before anything else?

Thanks again for your time. It is much appreciated.

 

[Silas Mariusz]

We do not provide support for such old software and 3rd party programs.
When you'll be ready to update the system and install rtorrent-QNAP from .qpkg we will also be ready and able to answer your questions.

 

[nasuserplus]

Hi Silas,

You misunderstand. I'm not asking for support for anything, just questions about your package and what it's capable of. It looks as though it might be a sledgehammer to crack a nut in my case though.

Not to worry.