[Wine] Re: µTorrent + SSL tracker connections = HTTP Reply 0

Tue Jul 22 18:10:27 CDT 2008

Thanks to jamesholden for the suggestion that nudged me in the right direction to resolve this issue.

The "HTTP Reply 0" error results from the server certificate chain not being recognized as valid by OpenSSL.  This may be due to the cert being self-signed, a server name/URL mis-match, or any number of other issues.  

Certs are expensive and some server owners can't afford the a commercially signed cert.  This doesn't invalidate the cert, it just means that it's not accepted by OpenSSL for the purposes of authentication, because the identity of the certificate holder is not verified.  Cryptographically such a cert is still secure, you just might want to think twice before handing over credit card info or similar to a server with such a certificate.

On to the fix.

First you need to get a copy of the SSL cert for the tracker you're having the problem with. You can do this by using the 'openssl' command at the CLI on your box: 

Code:
openssl s_client -connect servername:443 > server_cert.crt

Type 'quit' followed by <enter> to exit the openssl program. 

'server_cert.crt' will have more than just the cert, since the whole web page is downloaded. The part you want looks like this: 

-----BEGIN CERTIFICATE----- 
bunch of cryto code... 
-----END CERTIFICATE----- 

Go to where your distro stores cert files. Here are common locations: 

Code:
AIX, OpenSSL 0.9.6 (from OpenSSH support packages) /var/ssl/ 
Centos 3 / 4, OpenSSL 0.9.7 /usr/share/ssl/ 
Cygwin, OpenSSL 0.9.6 /usr/ssl/ 
Debian Woody, OpenSSL 0.9.6 /etc/ssl/ 
Debian Sarge, OpenSSL 0.9.7 /etc/ssl/ 
Debian Etch, OpenSSL 0.9.8 /etc/ssl/ 
FreeBSD, OpenSSL 0.9.x /usr/local/openssl/ 
Gentoo, OpenSSL 0.9.6 /usr/lib/ssl/ 
Gentoo, OpenSSL 0.9.7 /etc/ssl/ 
Mac OS X 10.1.2, OpenSSL 0.9.6b /System/Library/OpenSSL/ 
Mandrake 7.1 -> 8.2, OpenSSL 0.9.6 /usr/lib/ssl/ 
NetBSD, OpenSSL 0.9.x /etc/openssl/ 
Normal OpenSSL Tarball Build, OpenSSL 0.9.6 /usr/local/ssl/ 
OpenBSD, OpenSSL 0.9.x /etc/ssl/ 
Redhat 6.2 / 7.x / 8.0 / 9, OpenSSL 0.9.6 /usr/share/ssl/ 
Redhat Enterprise 3 / 4, OpenSSL 0.9.7 /usr/share/ssl/ 
Redhat Fedora Core 2 / 3, OpenSSL 0.9.7 /usr/share/ssl/ 
Redhat Fedora Core 4, OpenSSL 0.9.7 /etc/pki/tls/ 
Redhat Fedora Core 5 / 6, OpenSSL 0.9.8 /etc/pki/tls/ 
Slackware, OpenSSL 0.9.6 /etc/ssl/ 
SuSE 7.3 / 8.0, OpenSSL 0.9.6 /usr/share/ssl/ 
SuSE 8.1 / 8.2, OpenSSL 0.9.6 /etc/ssl/ 
Ubuntu Hardy, OpenSSL 0.9.8g /etc/ssl

Back up your existing ca-certificates.crt file: 

Code:
sudo cp ca-certificates.crt orig.ca-certificates.crt

Now, edit ca-certificates.crt (use sudo) and add the cert you downloaded to the bottom of the file. Paste in the whole certificate, which includes the "BEGIN" and "END" lines. 

Restart wine and utorrent. You should now see "working" rather than "HTTP Reply 0". 

=RT=

p.s. Not sure how applicable this is to Mac OS X, I'll look into that as well and report back, since my workstation is a Mac.