Get help with all aspects of SABnzbd
Forum rules
Help us help you:
Are you using the latest stable version of SABnzbd? Downloads page .
Tell us what system you run SABnzbd on.
Adhere to the forum rules .
Do you experience problems during downloading? Status and Interface settings window. Test Server in Config > Servers . basic settings .Do you experience problems during repair or unpacking? +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
sander
Release Testers
Posts: 8583 Joined: January 22nd, 2008, 2:22 pm
Post
by sander March 9th, 2017, 1:52 am
Interesting, useful analysis!
fatgeek wrote:
Technicaly I can think of one thing, which I find very unlikely: unRAID blocking SSL-traffic to news.altopia.com. That's easy to check
from within the linuxserver/sabnzbd docker container:
Code: Select all
openssl s_client -connect news.altopia.com:563
You should get
Code: Select all
200 Check out http://www.altopia.com/ for info about NNTP access (posting ok).
and then you can type HELP, and then QUIT
EDIT:
As Altopia also offers older SSL on port 666, you can try too:
Code: Select all
openssl s_client -connect news.altopia.com:666
And try port 666 too from SABnzbd.
fatgeek
Newbie
Posts: 23 Joined: December 9th, 2015, 6:15 pm
Post
by fatgeek March 9th, 2017, 2:01 am
I was screwing with s_client earlier. When I try to connect from the unRAID server itself, I get:
Code: Select all
root@tower:~# openssl s_client -connect news.altopia.com:563
CONNECTED(00000003)
And nothing else. HELP doesn't work, and either does QUIT. I have to Ctrl+C out of it.
When I do it from within the docker container:
Code: Select all
root@tower:~# docker exec -it sabnzbd /bin/bash
root@1fd8893aef7f:/# openssl s_client -connect news.altopia.com:563
CONNECTED(00000003)
Same behavior. No idea what is going on here.
EDIT:
666 does the same thing:
Code: Select all
root@1fd8893aef7f:/# openssl s_client -connect news.altopia.com:666
CONNECTED(00000003)
Doesn't work in Sab either.
sander
Release Testers
Posts: 8583 Joined: January 22nd, 2008, 2:22 pm
Post
by sander March 9th, 2017, 2:11 am
So the problem is not in SABnzbd nor python.
It's in the host OS, or in the network
Below is the normal sequence
Code: Select all
sander@Streamer13:~$ openssl s_client -connect news.altopia.com:563
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.altopia.com
verify return:1
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.altopia.com
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGTzCCBTegAwIBAgIRAMngzmmClSeUI+u6AdKa4q0wDQYJKoZIhvcNAQELBQAw
gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
Q0EwHhcNMTYwNzI3MDAwMDAwWhcNMTkwNzI3MjM1OTU5WjBaMSEwHwYDVQQLExhE
b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxHTAbBgNVBAsTFFBvc2l0aXZlU1NMIFdp
bGRjYXJkMRYwFAYDVQQDDA0qLmFsdG9waWEuY29tMIICIjANBgkqhkiG9w0BAQEF
AAOCAg8AMIICCgKCAgEAv5nurlonAgISy7KO8hD7cpYanviNFpTbBXwUa087HEGY
zF7Aptcck+tgGOt22KOgTMPAV3FZNgCnJsYEC2v70SL5VB+ZglB0dOJRIJZ0Hm46
6tSFLZ1kGEYUGRI7T7ZnR9PEzpzOJqFYD6dxOVTTgvvjHD7IpP6F9QWFEI89s5js
17Iy4xo34JEba3QTe3WwGuai/l4gEay0aV0T63Vq3wYkAWIMlozRj+ZvjgSpDf57
YvEwT4v2SRI6c/7cAuyq/65pTXETHrJCDOHJS1idErx6TtFbz43onkOHT706KnTJ
Dt1qtNUPD6wDTL2DWNcE+oxG7D4Q5//g1v02l24EhUpf3MkFxvkLpDuadI3rLbBC
8Ey54SKqTNclr0SQ4e5IQlqWfmhAuAFWurmVRuxr1oN9PCSMRwoD/IlOHXMV/ppw
mU3H2L/clmhU2TAOk7v8JLk5v5Tp8HVvKyHpo8ivWExHKNOKT9KzBAp2Rd6zLF5v
xgydqRCcr+l8dSWCk3tvyh4gWvkhn5drLTuHpm9MKt2PM0GTwDB5IRQjSSdciB0R
7QuPVHI+m5jy/znd5WKhwCT5L2KmfC/COIAPkDavXQwKuyjtgP5fwhkEiSEMbH5j
BNssWwLZC0CYuavItQ2Nho35rnHlh2raBVfoX7sLKCCz39djigMbMO06azpCLcsC
AwEAAaOCAdcwggHTMB8GA1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0G
A1UdDgQWBBTBkxalasYXlKsM6biWtOe04GWfzjAOBgNVHQ8BAf8EBAMCBaAwDAYD
VR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTwYDVR0g
BEgwRjA6BgsrBgEEAbIxAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3Vy
ZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0
cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNl
Y3VyZVNlcnZlckNBLmNybDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNo
dHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9u
U2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21v
ZG9jYS5jb20wJQYDVR0RBB4wHIINKi5hbHRvcGlhLmNvbYILYWx0b3BpYS5jb20w
DQYJKoZIhvcNAQELBQADggEBABkIQC2+eW/0A+ThEHNsK6f7AXclCYyspC9FKgD/
EDFjRiSECi1j7qb6tD2EyV1qNN2zkAk+Uc+qfOUfbOWY2fHw4eCllfItksJz+Ye0
K50jGJ/I71r6iBisntPtq3d54etAc+9VIPjcfWdwJG3r3lSYTFQPdPMkVn17HsiO
hNLOt1Ns505YYX89a/P+DOXM25P6V5JtnJu2yhS4BHHAJDPCCIMbGrK3tph9NSNO
BzqiPv1tOyicvUvwalm6fO6OUwhsU1BSJ4Q08kwg02XxH357kRb/jN63OblDeibo
tmE0GsEF134PCF7hJ2eMrW5e6ugvwLXM60RSD03x8Rb9WgU=
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.altopia.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 6573 bytes and written 431 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 51EC74BA4965201307B48767575325BB6ACF49A43D3DDE1E90DEF16D46906E14
Session-ID-ctx:
Master-Key: A3DB31025299BED280B17C93FBE65150C073010904796847D98B0A4B34F6EA17BB68E50F2ABE28779414BC1579259C1B
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 2a a6 6c 0e 9f 1b e9 84-97 27 80 3f df 06 fc b6 *.l......'.?....
0010 - 4a a5 74 9a 76 1e 05 59-f3 25 2b 58 49 3d 12 59 J.t.v..Y.%+XI=.Y
0020 - 5f a7 e5 d8 39 99 6f 4c-44 12 2c d4 ad 3b b7 e1 _...9.oLD.,..;..
0030 - 98 c4 70 0d bb 62 d3 d1-d4 f1 b3 d0 28 66 85 0d ..p..b......(f..
0040 - 61 c9 47 6c 0b a2 9d e9-85 01 3e 44 35 b6 ba 14 a.Gl......>D5...
0050 - b4 93 ae 85 f1 3f 48 7d-44 f3 a9 db 9a 3b 32 a9 .....?H}D....;2.
0060 - 7f 25 8a 35 e5 23 81 45-34 f4 f0 41 a4 c1 24 12 .%.5.#.E4..A..$.
0070 - ad 3c 32 0a 80 8d 90 df-13 4c 3f f0 af c9 8c e3 .<2......L?.....
0080 - 48 ba 25 8d e0 23 7a ca-6a e3 e4 39 a4 4d ea 3f H.%..#z.j..9.M.?
0090 - cb 7e 14 e1 00 53 99 43-4f 72 14 cd fa 5c a9 23 .~...S.COr...\.#
Start Time: 1489043262
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
200 Check out http://www.altopia.com/ for info about NNTP access (posting ok).
HELP
100 Legal commands
authinfo user Name|pass Password
starttls
article [MessageID|Number]
body [MessageID|Number]
date
group newsgroup
head [MessageID|Number]
help
ihave MessageID
last
list [active|active.times|extensions|newsgroups|distributions|distrib.pats|overview.fmt|subscriptions|motd]
listgroup newsgroup
mode reader
newgroups [YY]yymmdd hhmmss ["GMT"]
newnews newsgroups [YY]yymmdd hhmmss ["GMT"]
next
post
slave
stat [MessageID|Number]
xgtitle [group_pattern]
xhdr header [range|MessageID]
xover [range]
xpat header range|MessageID pat [morepat...]
xpath MessageID
Report problems to <[email protected] >
Altopia Usenet access info at: http://www.altopia.com/
.
QUIT
DONE
sander@Streamer13:~$
fatgeek
Newbie
Posts: 23 Joined: December 9th, 2015, 6:15 pm
Post
by fatgeek March 9th, 2017, 2:38 am
Correct, it does not appear to be SABnzbd or Python related. I do appreciate your efforts though.
sander
Release Testers
Posts: 8583 Joined: January 22nd, 2008, 2:22 pm
Post
by sander March 9th, 2017, 3:11 am
Another long shot: could it be Altopia is blocking your SSL requests?
fatgeek
Newbie
Posts: 23 Joined: December 9th, 2015, 6:15 pm
Post
by fatgeek March 9th, 2017, 3:44 am
A resolution for the curious (and because I hate stumbling across threads for weird issues like this with no resolution)
safihre
Administrator
Posts: 5108 Joined: April 30th, 2015, 7:35 am
Contact:
Post
by safihre March 9th, 2017, 3:53 am
Thanks for letting us know!
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate
sander
Release Testers
Posts: 8583 Joined: January 22nd, 2008, 2:22 pm
Post
by sander March 9th, 2017, 3:55 am
Jumboframes and MTU ... coooll! I didn't know those problems still occured.
