ayyad1231 Posted April 15 Share Posted April 15 Hello, I am having an issue connecting to the 0 A.D. multiplayer lobby. I always get the error “The stream has been closed by the server.” I am using Windows 10, and my friends with the same game version can connect normally, even sometimes on the same network, but it does not work for me. I tested the connection and confirmed that the server is reachable (ping works), I already tried disabling and resetting the firewall, resetting the network (winsock, IP, DNS), and reinstalling the game, but nothing fixed the problem. I don’t understand why it only affects my computer. Any help would be appreciated. Link to comment Share on other sites More sharing options...
Stan` Posted April 15 Share Posted April 15 Have you enabled tls in the game options? Link to comment Share on other sites More sharing options...
Dunedan Posted April 15 Share Posted April 15 Link to comment Share on other sites More sharing options...
ayyad1231 Posted April 15 Author Share Posted April 15 The default configuration already has TLS enabled, but it isn’t working properly. The issue seems to be related to other problem I think. Link to comment Share on other sites More sharing options...
Dunedan Posted April 16 Share Posted April 16 Ok, this is a different problem then. Link to comment Share on other sites More sharing options...
ayyad1231 Posted April 17 Author Share Posted April 17 Please did you have any proposition about solving this problem, I think that the server rejects me but I don't know why, I tried to disable firewall, I used Wireshark to see the network packets, and I see that the connection established then closed. Link to comment Share on other sites More sharing options...
Dunedan Posted April 18 Share Posted April 18 The account "tata12" is not registered. So if you tried to log in with that user account, that's probably the reason why it's not working, even though you should get a different error message in that case. Link to comment Share on other sites More sharing options...
ayyad1231 Posted April 18 Author Share Posted April 18 But in this step I try to create this account. but the registration does not work. Link to comment Share on other sites More sharing options...
Shad_ Posted 3 hours ago Share Posted 3 hours ago I had this problem recently, it might be your issue. I have many security certificates installed by various programs in my Windows 10 Personal Store. When 0AD tries to connect, it uses wrong info from the first 'valid' certificate it finds, whereas having none at all connects fine. Reinstalling Windows, Creating a new Windows user or removing the certificates in the Windows 10 Personal Store does the same thing to fix that issue. To check, just hit Win+R and type certmgr.msc and look at the Personal/Certificates folder. If you have certs in there, it may be the issue. I was able to back them up and remove them to test it out. How to back up security certificates May be an issue with how mTLS interacts with Windows 1 Link to comment Share on other sites More sharing options...
Dunedan Posted 1 hour ago Share Posted 1 hour ago That's quite helpful. Here is my current theory what's happening: While we don't use mTLS, there is support for that in ejabberd (the XMPP server we're using for the multiplayer lobby). Part of that is instructing the client (0ad) to optionally send a client certificate if it has one available (SSL_VERIFY_PEER option for SSL_CTX_set_verify of OpenSSL). For most Windows users that's not the case, as they never used client certificates. However, for users which have client certificates installed, SChannel (the TLS-library used by 0ad under Windows) picks an invalid certificate and sends it to the server under certain circumstances. As it's invalid the connection gets terminated, resulting in errors when trying to connect to the lobby. As sending a client certificate to the server is optional and not used by us, that should be an avoidable problem. @Shad_: Could you do me a favor and figure out what's considered a valid client certificate by SChannel in this case? Is it just any client certificate or does it have to have certain properties (like being issued by Let's Encrypt for example). That would help us to find a way to work around the issue in 0ad or the lobby server so users don't have to manually take action. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now