mirror of
https://github.com/debauchee/barrier.git
synced 2026-05-15 14:16:02 -06:00
[GH-ISSUE #231] Fresh Barrier Install Shows is:openERROR: ssl certificate doesn't exist: /home/thomas/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Barrier.pem #188
Labels
No labels
HiDPI
bounty
bsd/freebsd
bsd/openbsd
bug
bug
build-infra
cantfix
critical
doc
duplicate
enhancement
fix-available
from git
from release
good first issue
help wanted
installer/package
invalid
linux
macOS
meta
needs testing
pull-request
query
question
regression
regression
v2.4.0
windows
wontfix
work-in-progress
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/barrier#188
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @TafThorne on GitHub (Jan 18, 2019).
Original GitHub issue: https://github.com/debauchee/barrier/issues/231
Operating Systems
Server: Ubuntu 18.04
Client: Microsfot Windows 10 Version 1803 (OS Build 17134.523)
Barrier Version
Server: 2.2.0-snapshot-53ebc47a
Client: 2.1.0-RELEASE-0b2dfd80
Steps to reproduce bug
flatpak run com.github.debauchee.barrierOther info
@TafThorne commented on GitHub (Jan 18, 2019):
I can confirm that the file does not exist:
@TafThorne commented on GitHub (Jan 18, 2019):
I thought this could be similar to #142 but allowing barrier.exe and barriers.exe through the firewall did not change the message in the logs.
#'171 also looked related but I cannot work out where the Barrier.pem shown there comes from. Following the supplied link did not really change anything.
I can at least confirm this is related to having the SSL config enabled. With that disabled I am able to get the client and server to work together.
@AdrianKoshka commented on GitHub (Jan 18, 2019):
That's interesting, I'm a daily user of the flatpak and barrier managed to generate an SSL certificate for me just fine.
@Ch4ni commented on GitHub (Jan 21, 2019):
As a workaround, I used the synergy instructions from this page: https://wiki.archlinux.org/index.php/synergy#Set_up_encryption_on_server
TL;DR:
Then enable encryption from the settings on both the client and server, restart both, and accept the new server certificate from your client ... should be good to go from there.
Edit:
change keylength from
1024to4096change
-sha1to-sha2@AdrianKoshka commented on GitHub (Jan 21, 2019):
I'll leave this issue open just in case someone else also has this issue. Also you might want to bump that key-length from
1024to4096, and usesha2instead ofsha1.@Ch4ni commented on GitHub (Jan 21, 2019):
fair point. I usually use the 4K keys ... I just got lazy this time around and copy/pasted. Comment updated with @AdrianKoshka 's suggestions.
Edit: punctuation.
@TafThorne commented on GitHub (Jan 22, 2019):
When I run the
openssl reqcommand I get an error message:It looks like you have lost a couple of spaces from the command. The following works:
The
openssl x509command then also fails.I believe that the workaround advice should be updated to:
At least in my case.
@TafThorne commented on GitHub (Jan 22, 2019):
Now does the absence of sha2 support explain the cause of my issue? If whatever is expected to automatically generate the keys is trying to use sha2 and silently failing.
I have version 1.1.0g of OpenSSL.
What version is expected to have the sha2 support? It seems that I can use either
-sha256or-sha512in the command line without getting an error.@TafThorne commented on GitHub (Jan 22, 2019):
I am pleased to report that with the workaround in place (using sha512 in this case) I have been able to connect the Windows client to the flatpak version of barrier.
Thank you for your help in getting me up and running. Please let me know if there is anything more I can do to help find the cause of the issue and possible solution.
@julius59 commented on GitHub (Feb 12, 2019):
Same setup and same behaviour as in the bug description here.
@nedart commented on GitHub (Mar 29, 2019):
I had this same issue. Both client and server were version 2.2.0-snapshot-53ebc47a. Using the commands in the post by @TafThorne did the trick.
@tassosblackg commented on GitHub (May 30, 2019):
I had the same issue, it worked for me too!
@hatzkel commented on GitHub (Jun 14, 2019):
This just crept up on me out of the blue after this past update. Had to follow the instructions above as well.
@obasilakis commented on GitHub (Jun 15, 2019):
Hey, I tried @TafThorne 's commands and I'm getting this:
[2019-06-15T17:20:12] INFO: OpenSSL 1.1.1b 26 Feb 2019[2019-06-15T17:20:12] ERROR: could not use ssl certificate[2019-06-15T17:20:12] ERROR: error:0909006C:PEM routines:get_name:no start lineanyone knows what's the issue?
@hifi commented on GitHub (Jul 17, 2019):
Not trying to sound rude but why this hasn't been fixed in the official Flatpak build as it seems to affect all new installs, including me today and is a real barrier to entry for new users?
@AdrianKoshka commented on GitHub (Jul 24, 2019):
So, as was probably obvious, the
opensslcommand-line tools aren't shipped, which prevents the certificate from being generated, I'm working on fixing this finally. I'm sorry.@AdrianKoshka commented on GitHub (Jul 24, 2019):
Truly sorry this was an issue for so long, it really shouldn't have been. After work it can be hard to find the energy to work on OSS.
@hifi commented on GitHub (Jul 24, 2019):
Indeed, thank you for fixing the issue.
My point was that the Flatpak package is likely one of the main channels to install Barrier and since it was effectively broken for all new users it was a bit frustrating to find the issue had been open for so long.
@AdrianKoshka commented on GitHub (Jul 24, 2019):
Fixed for me on a personal machine at work, before I had no cert.
@AdrianKoshka commented on GitHub (Oct 10, 2019):
opensslis shipped with barriers flatpak, and I believe this has been fixed.@fbidu commented on GitHub (Jul 16, 2020):
Hey people, I just ran into this issue on a fresh install using
snapdon fedora!Worked for me!
@4F2E4A2E commented on GitHub (Nov 3, 2021):
This is how I've got it running on Windows:
'C:\Users\<user>\AppData\Local\Barrier\SSL\'openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem@cfarvidson commented on GitHub (Nov 6, 2021):
I had the exact same issue on macOS Monterey (12.0.1) today.
Solved it by running the openssl command described in @4F2E4A2E post.
/Users/<user>/Library/Application Support/barrier/SSLopenssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem@shymega commented on GitHub (Nov 6, 2021):
This should be opened again, as it appears to be an ongoing issue with Barrier. Reopening.
@CaptainKraft commented on GitHub (Nov 8, 2021):
I also had this problem with a fresh install on Arch Linux. Also, the workaround did not work for me due to differing paths. Here are the commands I had to use to get this to work:
@cmsxbc commented on GitHub (Nov 10, 2021):
I just choose to disable it.... i'm in private network.
barriers --disable-crypto@eaguad1337 commented on GitHub (Nov 11, 2021):
I had the same issue on fresh install, Windows Host, and I solved this way:
First, install openssl, then:
If you use WSL, I recommend you to do it from there, replacing %LOCALAPPDATA% with your Windows path.
@mchiasson-youi commented on GitHub (Nov 11, 2021):
On Ubuntu using the latest from the snap store (2.4.0), this is how I solved it
@501st-alpha1 commented on GitHub (Nov 12, 2021):
I had the same issue just now on a fresh install of Barrier 2.4.0 on Windows.
I tried running the command given by @4F2E4A2E in Git Bash, but it gave me an error about the
-subjline, and when running Barrier after got a similar error to @obasilakis. After some research determined it was some kind of escaping issue, so ran this command instead:(note the double
//)and that worked; Barrier now runs and accepts connections successfully.
@willobrien commented on GitHub (Nov 21, 2021):
Just had this issue.
Ended up using openssl under cygwin terminal to generate the key:
done.
@HewittJC commented on GitHub (Nov 24, 2021):
For MacOS:
Thanks to @4F2E4A2E for posting the openssl command that is used above 📈
@spoelstraethan commented on GitHub (Nov 26, 2021):
If this is anything like the bug in Synergy Core, you can use Debug2 log level to let barrier create the certificate(s) and prompt you for trust when a client connects.......
@junbujianwpl commented on GitHub (Nov 29, 2021):
If you use
git-bashonWindows, try this command@hovanesgasparian commented on GitHub (Dec 1, 2021):
@HewittJC do you have to do that for both macOS devices, or just the server? I tried it for just the server and it didn't work. I tried it for the client and it didn't work. I'm assuming if you generate 2 different Barrier.pem files, they are going to have 2 different fingerprints. Are you supposed to copy the generated pem file from the server MacBook to the client MacBook? I tried that, and it still didn't work... keeps giving me a timeout error...
@FlashNoob98 commented on GitHub (Dec 6, 2021):
Solved executing the same command both on client side than server side on Archlinux
@denshigomi commented on GitHub (Dec 7, 2021):
I had the same issue on a fresh Windows install. I didn't want to install anything to fix it, so I generated the certificate on my Ubuntu system and copied it over.
@d-amend commented on GitHub (Dec 8, 2021):
I had the problem with my M1 MacBook Pro. That command fixed it! Thank you so much
cd /Users/user/Library/Application Support/barrier/SSLopenssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem@omeysalvi commented on GitHub (Dec 9, 2021):
Faced this issue too on 9th December 2021. @junbujianwpl fix worked for me.
@hovanesgasparian commented on GitHub (Dec 9, 2021):
@d-amend what was your other device? Did you have to run that openssl req command on both devices?
@d-amend commented on GitHub (Dec 9, 2021):
@hovanesgasparian the other device was an Intel iMac. It works out of the box there. Also installed via homebrew.
The server was the M1, the client the iMac. I thought also about copying, but assumed, that it will check if both have the same key, so I generated a new one on the M1.
@AntDavidLima commented on GitHub (Dec 13, 2021):
I just had the same problem installing barrier on Arch Linux using pacman.
@d-amend commented on GitHub (Dec 13, 2021):
Funny. I had to manually generate it on Monterey on a Intel Mac on the weekend, because it doesn't work there out of the box as on the M1.
@wildeep commented on GitHub (Dec 15, 2021):
Installed to my Mac-mini and MacBook Pro (both M1, both on Monterey). Got the double-client-screen bug, but also wasn't able to complete a connection until I created SSL certs on each side, and approved each other's cert.
https://github.com/debauchee/barrier/issues/231#issuecomment-958800595 worked perfectly.
Now Barrier is working properly. Big success. :-)
@sgon00 commented on GitHub (Dec 21, 2021):
I am just having this problem in Windows 11. This is a hot/showstopper bug since 2019. Why has no one fixed it?
Edited:
What I do in Windows 11 powershell (NOT CMD):
Restart Barrier and works.
@empusas commented on GitHub (Jan 2, 2022):
Same problem on Mac:
from log:
2022-01-02T12:00:00] ERROR: ssl certificate doesn't exist: /Users/sascha/Library/Application Support/barrier/SSL/Barrier.pem
[2022-01-02T12:00:00] ERROR: could not load client certificates
[2022-01-02T12:00:00] ERROR: process exited with error code: 9
I have tried with Barrier-2.4.0-release.dmg on my MacBook Air M1 and my Hackintosh. Both have the same Problem.
@albertony commented on GitHub (Jan 2, 2022):
A bug in version 2.4 that lead to certificate not being generated was fixed on master back in november (with pull request https://github.com/debauchee/barrier/pull/1425, related to issue https://github.com/debauchee/barrier/issues/1377), it just has not been released yet - which is very unfortunate. Not sure how this relates to the original problem here, though, which was with version 2.1/2.2, but if we're lucky then it is gone as well. 🤞
@iamutkarshtiwari commented on GitHub (Jan 7, 2022):
@cfarvidson's comment solved my issue on MacOS monterey 12.1. Thank you!
@empusas commented on GitHub (Jan 7, 2022):
Just for those who stumble across this issue. This is a problem for all platforms, Mac, Windows and Linux with the packages you can download right now and will persist until new packages have been released.
@sidusnare commented on GitHub (Feb 9, 2022):
Any idea when this will be resolved? It's a lot easier for the package to correct this than figure out where and how I'm supposed to run an openssl command on a dozen separate machines and hope it likes what I generate
@qvqn commented on GitHub (Feb 10, 2022):
you can install 2.3.2 and it will generate the keys then upgrade to 2.4 without having to mess with openssl
worked on mac and windows
@machlovi commented on GitHub (Feb 14, 2022):
Your part best works for client's side. If someone is dealing with a host issue then the @HewittJC part is recommended.
@jeromeza commented on GitHub (Feb 23, 2022):
1.) The cert generation is still an issue - macOS 11.5.2 - Barrier 2.4.0
2.) Even with generating the new cert as per @HewittJC - I can't connect from client (macOS) --> server (Fedora 35) (and yes netcat confirms the port is open and connectivity is working).
jerome@jeromembp SSL % pwd
/Users/jerome/Library/ApplicationSupport/barrier/SSL
jerome@jeromembp SSL % openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem
Generating a 4096 bit RSA private key
........................................................................................................................................................................................................
writing new private key to 'Barrier.pem'
[2022-02-23T13:55:03] INFO: SSL fingerprint generated.
[2022-02-23T13:55:09] INFO: starting client
[2022-02-23T13:55:09] INFO: config file: /private/var/folders/xq/xw1m7b_j53xg6bmztgs5m37c0000gn/T/Barrier.HaVCdr
[2022-02-23T13:55:09] INFO: log level: INFO
[2022-02-23T13:55:09] INFO: drag and drop enabled
[2022-02-23T13:55:09] NOTE: started client
[2022-02-23T13:55:09] NOTE: connecting to '192.168.2.115': 192.168.2.115:24800
[2022-02-23T13:55:09] INFO: OpenSSL 3.0.0 7 sep 2021
2022-02-23 13:55:09.452 barrierc[78597:11850755] starting cocoa loop
[2022-02-23T13:55:09] ERROR: ssl error occurred (system call failure)
[2022-02-23T13:55:09] ERROR: failed to connect secure socket
[2022-02-23T13:55:24] WARNING: failed to connect to server: Timed out
jerome@jeromembp SSL % nc -vz 192.168.2.115 24800
Connection to 192.168.2.115 port 24800 [tcp/*] succeeded!
@lgo33 commented on GitHub (Feb 28, 2022):
I had the same issue under Windows, you might have to use two leading slashes for the subject when creating the certificate:
openssl req -x509 -nodes -days 365 -subj //CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pemworked for me to solve that issue (see here: https://stackoverflow.com/questions/31506158/running-openssl-from-a-bash-script-on-windows-subject-does-not-start-with)
@rpatterson commented on GitHub (Mar 9, 2022):
If it helps anyone else, I'm on Ubuntu 21.10 impish and the version in the default apt sources is out of date, the Flatpak is out of date, and both of the barrier snaps have this issue. I ended up using a PPA and the distro package from there doesn't have this issue and Just Works (tm) for me.
@surajsharma commented on GitHub (Mar 10, 2022):
alright so the cert issue persists on MacOS 12.2.1, wherein after generating correct cert as mentioned in this thread I get the following in the client log:
@GlenHertz commented on GitHub (Mar 11, 2022):
I also manually created a cert on MacOS 12.2.1, like so:
Then restarted Barrier 2.4.0 and then I get the error:
I'm on fresh install, trying to get Barrier running for the first time.
The server is on MacOS while the client is on Linux (Manjaro).
I tried downgrading to 2.3.4 on MacOS and 2.3.3 on Linux and got a similar error:
This time the MacOS server has an SSL fingerprint displayed in the GUI while on Linux it does not. So I'll try to create the cert on the Linux client too and restart but the Linux GUI has no SSL fingerprint. For logs on MacOS I get:
Now the MacOS server shows:
Which has the same error. On the Linux client it says the connection was refused. Both versions are using OpenSSL 3.0.0.
I the issue the Linux client has no fingerprint?
@richstokes commented on GitHub (Mar 15, 2022):
I had to run the Mac pem generation command
openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pemon both the client and the server, then everything started working. The install should really do this by default/at first startup.@phord commented on GitHub (Mar 23, 2022):
KDE Neon's "Discover" package installer finds both a FlatPack and a Snap installation for Barrier. For me, the Snap install has this bug. The FlatPack install did not. ymmv
@Dannymx commented on GitHub (Mar 23, 2022):
How is this software able to work (in a friendly way) out of the box if the .pem file is not created automatically? I had to create it manually on macOS and Windows 10.
@stabai commented on GitHub (Mar 31, 2022):
I decided to try Barrier given the promise of a simpler and more streamlined tool vs Synergy, but since I immediately encountered this situation that (silently) prevents a secure configuration from working, I'm wondering why I did. 😓
@albertony commented on GitHub (Mar 31, 2022):
You have my sympathy.
As I mentioned before:
In my opinion it is a rather serious issue, even with a fix implemented months ago, to leave without a patch/release in sight... 😞 🤔
@sidusnare, if your question earlier was for me:
I totally agree, but I can't answer you. I'm not a member of this project, have no influence whatsover, other than submitting occasional pull requsts.
@rfcomp commented on GitHub (Apr 12, 2022):
I can confirm I did the same thing but the installer needs to install Open SSL or have a button to generate a certificate.
@richstokes commented on GitHub (Apr 12, 2022):
Why doesn't the installer just run the openssl/generate fresh pem files if they dont exist? Seeing as the product doesn't work without it I'm not sure what the reasoning would be for not doing this?
@rfcomp commented on GitHub (Apr 12, 2022):
I did the same but Set-Alias openssl "{Path to my:}\PortableApps\PortableGit\usr\bin\openssl.exe" since i have GitPortable installed
@stabai commented on GitHub (Apr 12, 2022):
I think it does work if you disable HTTPS (which might be the default?), but that's probably a bad idea that people shouldn't be choosing as a workaround.
@EpiicPenguin commented on GitHub (Apr 13, 2022):
I used this method today (windows 10),
quick guide for any noob's out there like me, download "git for windows" just click through the git installer using default options. the only options i changed were having it not associate file types. use default install locations for barrier and git, and you only need to install git on the server pc.
on the server pc open windows powershell, copy paste these 3 commands from @[sgon00]
restart barrier, and check and uncheck the server and client boxes so they relink and configure themselves,
and for the future has anyone found a fork or release that fixes this problem yet?
@albertony commented on GitHub (Apr 13, 2022):
Since the fix has been in master since 12 Nov 2021, you can use a "beta" from the project's build server:
https://dev.azure.com/debauchee/Barrier/_build?definitionId=1&_a=summary
(click on a run, e.g. latest, then "Windows Build Release with Release Installer", then "2 artifacts", then "Windows Release Installer" , click the 3 dot "More actions" button to the right that appears when you hover, and "Download artifacts").
@ghost commented on GitHub (Apr 15, 2022):
Hey Guys,
i'm on MacOS and the key creation worked, however now Barrier throws me
ERROR: error:10080002:BIO routines::system lib
and
ERROR: error:8000000D:system library::Permission denied
I've already chmod 777 the file but still Barrier can't access it, probably because of the protected Nature of the Library/Application Support Path. Anyone know how to "unprotect" it or make barrier retrieve its pem from another path?
@jhgorse commented on GitHub (May 4, 2022):
For macOS,
This is still an ongoing issue for latest macOS, fresh install from
homebrewon both m1 and x86.@nathanshearer commented on GitHub (May 10, 2022):
I just updated some packages on Gentoo and now barrier will not work. Is there a way to disable SSL so I can get this working again?
@jhgorse commented on GitHub (May 10, 2022):
@nathanshearer
Yes. Or you can try (untested):
@nathanshearer commented on GitHub (May 10, 2022):
@maarten99
My windows client is running Barrier 2.3.3-release-3395cca9 and with the update my Gentoo server is running Barrier 2.4.0
The windows client previously had "Enable SSL" unchecked and would not connect to my Barrier server with default command line arguments. I had to add --disable-crypto to restore functionality.
The error in the system log is a bit confusing and the documentation doesn't really explain why it was not working or how to fix the problem, so this bug still exists for me while I have this workaround in place.
@stefanhendriks commented on GitHub (May 12, 2022):
Had this issue as well (MacOS 12.3.1), resolved it by following this
@ale-hm commented on GitHub (May 22, 2022):
This works well for me. I have a MBP (2019) to drive a Mac M1 Mini (2020). I used Synergy (I paid for it a few years back) but the mouse was too jittery. Barrier seems to work much better and the cursor feels almost native.
The above command to generate the pem works great and I was able to start the server and have the Mac M1 mini connected to my main laptop.
@UniqueName992 commented on GitHub (May 29, 2022):
Over on Ubuntu 22, the commands just needed different paths for the apt repo version:
Paths from the log (F2)
@waqleh commented on GitHub (Jun 1, 2022):
this also works for ubuntu 22.04, the only difference is the directory to which the certificate needs to be created, I was able to identify the correct directory from the logs provided by barrier, in my case it was:
cd ~/snap/barrier/682/.local/share/barrier/SSLI had to do it for the server and all clients since my clients are all also using ubuntu
@jhgorse commented on GitHub (Jun 1, 2022):
Editorial note:
If you have decided to respond and to quote text, quote the best and most concise version. For those who come to this thread, they are interested in the solution for their system. If you can copy-paste from a code section, all the better.
Cheers
@jhgorse commented on GitHub (Jun 1, 2022):
Summary of Resolutions
Note: Windows requires https://gitforwindows.org/
Windows
Linux, macOS, and unix style
Pick your
BARRIER_SSL_PATHpath.Use the unix version with the correct path for your system. Find the path in the Barrier log.
2023-02-26: Git for Windows dependency added
2023-11-20: cd to improve openssl's ability to handle spaces in directory names
Cheers
@Andrew-Max commented on GitHub (Jun 3, 2022):
Note, from snap this won't work, the path is wrong. You are better to just cd to the directory and run
$ openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pemwithout any relative path@jhgorse commented on GitHub (Jun 3, 2022):
I fixed the snap paths and removed a redundant Gentoo path.
currentwill symlink the latest number.It would be useful to know if that path can be retrieved via
snapor otherwise.http://manpages.ubuntu.com/manpages/bionic/man1/snap.1.html
What do either of these
snapcommands output?@paulsybrandy commented on GitHub (Jun 7, 2022):
...
@paulsybrandy commented on GitHub (Jun 7, 2022):
This sounded hopeful but after executing the openssl command I got the following error. Not sure how to fix it either from the error as I am unsure what I did wrong.... especially since I copied and pasted directly from what you noted and yes double checked it. I am at a loss.
@albertony commented on GitHub (Jun 7, 2022):
Try quoting the argument
"/CN=Barrier", i.e.:@jhgorse commented on GitHub (Jun 7, 2022):
@paulsybrandy did the quotes resolve the issue?
I also had a typo for the CMD script and added the full path above.
From
cd %USERNAME%\AppData\Local\Barrier\SSL\to
cd C:\Users\%USERNAME%\AppData\Local\Barrier\SSL\@paulsybrandy commented on GitHub (Jun 7, 2022):
@jhgorse and @albertony, thanks for the suggestion but after trying it not once, not twice, but three times (as I wanted to make sure it was correct)... it gave the exact same output as before without the quotes. Any other ideas?
@jhgorse commented on GitHub (Jun 7, 2022):
The definition of insanity is trying the same thing and expecting different results. =)
Consider this: https://github.com/openssl/openssl/issues/8795
Please report back what works so we can add an entry for MINGW64.
@soundsbeard commented on GitHub (Jun 25, 2022):
i have the same issue
(server) PC: manjaro plasma
(client) laptop: manjaro plasma
i've installed barrier on both PCs, everything was fine, i've connected with SSL enabled.
then i've reinstalled os on server (same local ip) bc i've bought new ssd.
installed barrier on server once again, and now have this error 'ssl certificate doesn't exist: /home/....'
i've tried this with no success:
https://github.com/debauchee/barrier/issues/231#issuecomment-456130097
@sendhil commented on GitHub (Aug 25, 2022):
For anyone bumping into the issue with
name is expected to be in the format /type0=value0/type1=value1/type2=... where characters may be escaped by \. This name is not in that format: 'C:/Program Files/Git/CN=Barrier' problems making Certificate Request- I was able to get around this by using the openssl inside of the Ubuntu WSL instance instead of the one bundled with Git for Windows.@raph commented on GitHub (Aug 31, 2022):
I just installed Barrier for the first time and stumbled on this issue on windows. Easily fixed by manually by running openssl manually. How can such a big issue stay open for that long? 3 years! It gives a bad rep to the project @walker0643 are you listening? openssl should run on app startup if the certificate is missing and the program is being launched for the first time
@dalian-spacekey commented on GitHub (Aug 31, 2022):
Remove -subj option and enter
Common NametoBarrier.@jacklawry commented on GitHub (Oct 3, 2022):
This fixed it for me too on macOS Monterey (12.6) Thanks!
@jhgorse commented on GitHub (Oct 3, 2022):
What would be a good design for a fix? If pem file does not exist, take OS-dependent action. Do this on install or during regular runtime as a check before "starting" the service with ssl enabled.
@alexrsagen commented on GitHub (Oct 9, 2022):
Can reproduce on macOS 10.15.7 Catalina and Windows 11 build 22000.978. Generating the certificate manually works as a workaround.
@jhgorse commented on GitHub (Oct 10, 2022):
It appears this was fixed by @AdrianKoshka in Flatpak for Linux app distribution, but none of the others listed here: https://github.com/debauchee/barrier#distro-specific-packages
Fixing the rest of the distributions to patch this bug is possible, though a lot of effort. I would not envy the testers for that path.
Maybe there is another way.
Barrier.pem is referenced in two files.
fc045fc793/src/gui/src/SslCertificate.cpp (L34)fc045fc793/src/lib/net/SecureListenSocket.cpp (L29)(1) contains a guard which will
generateCertificate()the cert if it does not exist. So that is probably not it or it is not getting called when it should be, duringvoid MainWindow::updateSSLFingerprint(), which is the MainWindow constructor andvoid MainWindow::on_m_pActionSettings_triggered()whatever those are.(2) called by
SecureListenSocket::accept(), called by one of two::handleClientConnecting()methods.Which is a long way to get to the error message, "ssl certificate doesn't exist":
https://github.com/debauchee/barrier/blob/master/src/lib/net/SecureSocket.cpp#L343
Proposal
In a calling function of
SecureSocket::load_certificates(const barrier::fs::path& path)if file does not exist at
path, callgenerateCertificate()Path Bug Hypothesis
This may be a bug in the separate constructions of the path for generation of the cert. Consider using one shared equivalent method or function to generate the path rather than two separate sets of code.
Path Bug Test
Ensure that the path result of SslCertificate.cpp:183
is equivalent to SecureListenSocket.cpp:58
Or just run
generateCertificate()on the other path when the file is not detected. What could go wrong. We could have two .pem files. =)@albertony commented on GitHub (Oct 10, 2022):
Is the issue not already fixed on master as mentioned in https://github.com/debauchee/barrier/issues/231#issuecomment-1003730311, and the challenge is "just" a missing release? It's soon been 1 year since this serious bug was fixed (merged Nov 12, 2021), so abandoned project is the real challenge, I would say...
@jhgorse commented on GitHub (Oct 10, 2022):
@albertony okay. That might be our bug. Next step is to build master and test.
Project-wise, how do releases work here?
@albertony commented on GitHub (Oct 10, 2022):
Great. There are several reported issues and discussions which seem to revolve around the same thing, so I think that tiny little fix mentioned should fix most of them, but there may be some variations to it...
Its all down to the project owner, who is rarely heard from. Most or all other maintainers who created the last few releases seem to have fled and started working on their own fork.
@BananaAcid commented on GitHub (Oct 18, 2022):
Maybe to note:
I installed using windows-chocolatey like
choco install opensslwhich gave me an incompatible pem-file (old certificate version error in barrier logs).Using CMD then
cd %userprofile%\AppData\Local\Barrier\SSLand"C:\Program Files\Git\usr\bin\openssl.exe" req -x509 -nodes -days 3365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem -sha256worked for me.@zacharyy04 commented on GitHub (Oct 22, 2022):
I worked for me when I disabled ssl certificate in both devices
I also used custom server configuration and the client as my client pc name
@ph818 commented on GitHub (Oct 23, 2022):
Reporting in, I installed Openssl for Win64 (https://slproweb.com/products/Win32OpenSSL.html) and used it to create the .pem keys. This resolved the SSL error in the log, and let me connect.
@mroxso commented on GitHub (Oct 27, 2022):
this also works on mac os 13
@bagundes commented on GitHub (Oct 27, 2022):
I disabled the "enabled ssl" option in settings and it's working fine.
@kpatdev commented on GitHub (Oct 27, 2022):
Quoting didn't work for me for some reason but just adding another slash in front of
/CNto make it//CNworked. Go figure.@rleyvasal commented on GitHub (Nov 1, 2022):
Found same issue on Kubuntu 22.10 . App interface said "Barrier is running" but nothing was happening.
Setup:
Kubuntu 22.10 Server
Windows 10 client
I went to the menu Barrier > Show Log and found the the error mentioned in title of this post.
Note: Barrier was Installed from Kubuntu store .
The following from https://github.com/debauchee/barrier/issues/231#issuecomment-1143791895 fixed it and is working great!
@raspberrypieman commented on GitHub (Dec 26, 2022):
jhgorse - Thank-you for your "Summary of Resolutions".
I have a Windows/10 system running barrier as server and to the left a Raspberry Pi400 running Debian Linux with barrier as client and to the right an Acer desktop running Linux Mint Cinnamon with barrier as client.
The Raspberry Pi400 worked a treat, but I could not get the Acer Mint to work. When I found no "Barrier.pem" file, I found this issue on github.
I set my BARRIER_SSL_PATH as follows:
BARRIER_SSL_PATH=~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/
and ran the openssl command, restarted barrier on both server and client and it all worked fine.
Thanks again for solving this irritating issue.
@ITESaurabh commented on GitHub (Jan 14, 2023):
on windows mingw/git bash,
/CN=Barrierwas giving me trouble.so here's my quick solution without much tinkering.
MSYS_NO_PATHCONV=1 openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem@flamecopper commented on GitHub (Jan 16, 2023):
Thanks, this is working for me.
I just have to restart barrier for it to work as expected.
@tonymynd commented on GitHub (Jan 21, 2023):
It worked for me, controlling Acer One KAV60 with Debian i386 11 from Samsung laptop with Windows 10 TLS
@Cimbali commented on GitHub (Jan 23, 2023):
Same issue with v2.4.0 (and working solution) on both linux (opensuse) and windows.
@dvolosnykh commented on GitHub (Jan 30, 2023):
Same issue with
v2.4.0-release-3e0d758bon macOS Ventura 13.1 (22C65).The client's environment:
The initial issues was resolved with commands from @jhgorse's comment by running them on the server side, yet the value of
BARRIER_SSL_PATHenvironment variable was fixed and quoted:In case, you face the below error on the server side, check if the client has Enable SSL option turned on:
This is what the client says during this attempt to connect:
The server port was verified to be open by the following command on the client side:
@mutech commented on GitHub (Feb 6, 2023):
So since 4 years, every new user has to walk this walk and the original purpose of forking synergy was to make it easier for users to have kvm?
In the logs, I see:
I installed the snap, because barrier didn't work using the apt packages. On one installation (both Ubuntu 22.04), I got an error or warning message that didn't fail the installation. So I first ignored it and then deinstalled the package, because these two Ubuntus are new and virtually identical and I really don't trust a package that doesn't work and throws random error messages that are ignored.
Seeing this error message, am I supposed as a good user to manually create a certificate and copy it into a snap directory? I find the whole concept of isolated environments with side effects and dependency free packages with dependencies rather suspect. Having an app not use
~/.local' and then store data that is not considered ephemeral in a snap directory in.local` that probably gets thrown away is just as bipolar disordered.The apt package does not work, the snap does not work, the homebrew installation on mac does not work.
I assume that if 3 out of 3 installation methods don´t work, the others I didn't try won't work either. I wonder why one would spend a lot of time writing software, packaging it up, create new versions and then not fix a bug that keeps users from ever seeing the thing in action, unless they are really determined.
The year is still young, but still, this is my top contender in 2023 for software I tried and will never touch again.
@Cimbali commented on GitHub (Feb 7, 2023):
snaps just don’t make a lot of sense overall.
Fixing bugs isn’t easy and takes time. Also it seems active maintainers of this project have left to create and maintain a different fork, input-leap, so it’s unlikely the fix will ever land in barrier.
@mutech commented on GitHub (Feb 7, 2023):
Thanks for the pointer! I will try that. Funny that one of the comments in alternative-to was ¨it's maintained¨. The connotation of input leap is certainly better than that of barrier anyway... ;-)
@stefan-muc commented on GitHub (Mar 23, 2023):
For Windows the
opensslcommand line has to be this:Otherwise the underlying libraries (coming from mingw) are trying to be smart and convert arguments that look like paths (as the
/in argument) to actual paths.See https://github.com/git-for-windows/git/issues/577#issuecomment-166118846 for details
@resuna commented on GitHub (Apr 28, 2023):
Would it be possible to cut a new release with this fix? 2.4.0 is from 2021, and there are no releases yet for input-leap.
(Both Mac and Windows, no Flatpaks or Snaps or other file system shenanigans involved)
@Jan02 commented on GitHub (Jun 11, 2023):
same issue on windows, the certificates were never generated.
Version: 2.4.0-release-3e0d758b
Build Date: Monday, 1, 2021
@jhgorse commented on GitHub (Jun 11, 2023):
It seems like there are at least a few commits on master past 2.4.0: https://github.com/debauchee/barrier/commits/master
These might be fixed there. Try the July 6 2022 build available on Azure pipelines:
https://dev.azure.com/debauchee/Barrier/_build/results?buildId=782&view=results
Does it reproduce or fix the problem?
@renaner123 commented on GitHub (Jun 28, 2023):
Also worked for me, thanks
Server: Windows 10 (19045.3086)
Client: Ubuntu 22.04 LTS
Barrier: 2.4.0
@zippydan commented on GitHub (Sep 16, 2023):
This doesn't seem like the best place to put a tutorial, but since everyone else is offering up what worked for them, I figured I might as well document what worked for me somewhere, especially since I assume many people googling their problems and errors will eventually end up here, as I did.
Objective: Trying to connect macOS (Big Sur) client to Windows 10 Pro (22H2) server; both are brand new installs.
Symptoms:
doesn't existat specific path.doesn't existat specific path.(You can easily view the log via the Barrier app's menu.)
Step 1: Fix macOS client.
I followed instructions here: https://stackoverflow.com/questions/67343804/error-ssl-certificate-doesnt-exist-home-rsvay-snap-barrier-kvm-2-local-shar
However, I had to slightly edit the last line, which was formatted for Linux, as opposed to macOS which is BSD-based. Also, the directory shown below that you change to should match the specific path referenced above and showing in Barrier's log for the location of the missing SSL certificate.
After this, you must completely close and restart the Barrier app so that it will find and load the SSL Fingerprint correctly.
Following this, Barrier still showed as "starting" only, and the log still showed several errors:
SSL error occurred (generic failure)unexpected eof while readingfailed to connect to secure socketPerhaps I should have fixed the server first, to avoid these errors. Either way, the client is ready now, so on to the server.
Step 2: Fix the Windows server.
Following @4F2E4A2E instructions, I used chocolatey to install git (
choco install git), then launchedgit-cmd.exefromC:\Program Files\Git\Then I issued the following commands:
Alternatively, this should also work:
Alternatvely, you could just create the Barrier.pem file anywhere using the
opensslcommand above and then manually copy it into the%USERPROFILE%\AppData\Local\Barrier\SSLdirectory.With the required SSL certificate created, you must then completely close Barrier (double-check the system tray) and restart it again. Now the required SSL Fingerprint should show up in the application!
Step 3: Connect the client and server.
If the app is now "running" on both devices, you should see a window pop up on the macOS client asking you to accept the SSL fingerprint from the server. (If you don't see this then maybe check your network and firewall?)
But after accepting the server's SSL certificate on the client, I still wasn't connected and was still getting errors in the macOS client log, namely:
failed to connect to server: server refused client with our nameTo fix this final obstacle, on the Windows server side you need to click on the
Configure Serverbutton, then drag a "blank" blue computer monitor onto the grid (and release), and finally double-click on the new monitor you should see newly-created named "Unnamed".In the new window, change the
Screen nameto match the macOS client computer name exactly. Then click OK twice, then click theReloadbutton, and now DOUBLE and TRIPLE FINALLY (assuming the app is still "running" on both computers) the two computers should successfully connect!This is why people pay for software instead of using open-source stuff. It seems to be working great now, though.
Thanks for your help and your time!
@jhgorse commented on GitHub (Sep 19, 2023):
The last pipline build resolved the issue for me on macOS 13.5.1 using the macOS 11 released dmg:
https://dev.azure.com/debauchee/169cf39a-492c-408a-aacd-827752119933/_apis/build/builds/782/artifacts?artifactName=Mac%20Release%20Disk%20Image%20and%20App%20macOS-11&api-version=7.1&%24format=zip
Auto connection with Windows Server "just worked." No fussing. macOS was fresh without having used barrier before.
If the direct download link above does not work, use this link, click the ... on the right, download artifacts.
https://dev.azure.com/debauchee/Barrier/_build/results?buildId=782&view=artifacts&pathAsName=false&type=publishedArtifacts
Cheers,
Joe
@shahidkhaliq commented on GitHub (Sep 19, 2023):
This fixed it for me. Server running on Ubuntu, ran the commands above. Client running on Mac OS, accepted the fingerprint. It's working perfectly now!
@jhgorse commented on GitHub (Nov 20, 2023):
Updated Summary of Resolutions for space in path issue: https://github.com/debauchee/barrier/issues/231#issuecomment-1143791895
@ww12th commented on GitHub (Jan 29, 2024):
Thank you so much ! This helped. I had to sign up Github to thank you. Thank you! I hope this is the right place to comment. lol :)
@bimalgautam1 commented on GitHub (Mar 16, 2024):
Both server and client is running but on client computer mouse pointer is not showing even though log says it is connected and clip board is updated as well
[2024-03-16T13:26:45] INFO: entering screen
[2024-03-16T13:26:45] INFO: leaving screen
(This is from the log of client computer)
Ubuntu 22.04.4 LTS is my client.
And windows 10 is my server.
SSL is disable in both computer.
@ZacBlanco commented on GitHub (Sep 3, 2024):
I have found this seems to be a bug with the default settings of the barrier app. On a fresh install of barrier where I would have expected SSL to be disabled, I ran into the same issue. I fixed this by properly disabling SSL.
@rbukholt commented on GitHub (Sep 8, 2024):
I am afraid you have cutted the Gordian Knot.
If you run without SSL it will be quite easy to overtake your PCs with Barrier. Of course it requires access to your network. If you consider this secure enough - fine.
@Oussa-Err commented on GitHub (Feb 5, 2025):
Setup:
Ubuntu 22.04 Server and a Windows 10 Client
Solution:
For Ubuntu (Server)
cd ~/.local/share/barrier/SSLopenssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pemon the Windows client, a popup should appear to accept the certificate. Click Accept.
Hint:
If Windows is the server, search for and use the equivalent OpenSSL commands on Windows to generate the certificate.
Note:
Keep in mind that Barrier is no longer actively maintained and doesn't receive updates or security fixes. The primary developers have moved to the InputLeap project. You may consider switching to InputLeap for continued development and support: InputLeap GitHub.
This solution resolved the issue for me.
@nbolton commented on GitHub (Feb 5, 2025):
Please try Deskflow or Input Leap as Barrier is no longer in development.
https://github.com/deskflow/deskflow
https://github.com/input-leap/input-leap
Both are compatible with Barrier client/server so you can try on one of your computers.
If this is still an issue in those projects, we would appreciate a cross-post of this issue.
@yllekz commented on GitHub (Feb 10, 2025):
Question - Is Input Leap stable? I've been periodically checking on that project but it doesn't appear to be nearly as finished or as polished as Barrier, and there are few to no user-friendly installation options at this time. I wouldn't personally consider it a replacement until it is at parity with Barrier in terms of ways/places it can be installed without telling one to compile it.
@nbolton commented on GitHub (Feb 12, 2025):
What is your opinion on Deskflow?
@Oussa-Err commented on GitHub (Feb 14, 2025):
I uninstalled Barrier from the client computer to switch to Input Leap. After installing Input Leap, it seems to work fine while the server is still running Barrier. So, Barrier as a server appears to be compatible with Input Leap as a client and vice versa