[Matthew Dudley]

Hi, Im trying to run the alpha appimage I downloaded yesterday. Im able to run the appimage as an executable and I get the prompt for a license, I signed up, put in my activation key but am stuck with a message that TLS initialization failed. Im using an arch variant of linux. I’ll keep looking on my end. Any help is appreciated.

[Frederik]

My immediate guess is that you’re missing some CA-certificates package or that the one you have is outdated.

Which output does the following command in a terminal give?
$ openssl s_client -connect licenses.animationpaper.com:443 -showcerts < /dev/null

• This reply was modified 1 month, 2 weeks ago by Frederik.

[Matthew Dudley]

thanks for this, I’ll paste the output minus certificates below

Connecting to 89.239.201.204
CONNECTED(00000003)
depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1
verify return:1
depth=1 C=US, O=Let’s Encrypt, CN=E6
verify return:1
depth=0 CN=licenses.animationpaper.com
verify return:1
—
Certificate chain
0 s:CN=licenses.animationpaper.com
i:C=US, O=Let’s Encrypt, CN=E6
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA384
v:NotBefore: Sep 23 10:11:47 2024 GMT; NotAfter: Dec 22 10:11:46 2024 GMT
—–BEGIN CERTIFICATE—–
***removed
—–END CERTIFICATE—–
1 s:C=US, O=Let’s Encrypt, CN=E6
i:C=US, O=Internet Security Research Group, CN=ISRG Root X1
a:PKEY: id-ecPublicKey, 384 (bit); sigalg: RSA-SHA256
v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT
—–BEGIN CERTIFICATE—–
***removed
—–END CERTIFICATE—–
—
Server certificate
subject=CN=licenses.animationpaper.com
issuer=C=US, O=Let’s Encrypt, CN=E6
—
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
—
SSL handshake has read 2398 bytes and written 399 bytes
Verification: OK
—
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 256 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
—
—
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_128_GCM_SHA256
Session-ID: 82C10F9DB75900C47FAEDAEC832DF4BB9883C1EF244AED3B73D3A41D5024E4B6
Session-ID-ctx:
Resumption PSK: B3D750026526B11F4DBCDA788DD7C21F6860EB63658A4DFCB57623C3A001FA3A
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 604800 (seconds)
TLS session ticket:
0000 – 39 15 80 1e 48 37 26 4a-23 0a 2d 00 5f 33 d5 68 9…H7&J#.-._3.h
0010 – 9e 5f 59 22 f4 b7 30 a8-98 99 dd 71 73 1e 6e 82 ._Y”..0….qs.n.
0020 – bb 2c ce 3b 20 9d 72 a5-92 8e 25 7b c0 bc e3 7a .,.; .r…%{…z
0030 – 41 97 04 81 7f 9c f6 87-c7 4d 2e 66 d1 bc 41 11 A……..M.f..A.
0040 – 3c 8c 76 ed b0 22 05 b7-49 73 82 9f 13 5f 91 f7 <.v..”..Is…_..
0050 – 53 29 7d a5 59 e9 e3 1b-2f 3f 81 cc 9b e7 71 27 S)}.Y…/?….q’
0060 – cb a8 53 8d a5 de b2 b9-7b ..S…..{

Start Time: 1728313028
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
—
read R BLOCK
DONE

[Frederik]

Thanks, that does look correct.
I wonder if AnimationPaper is loading the openssl libraries at all.
If you have strace installed, could you try the following:

$ strace ./Animation_Paper-x86_64.AppImage 2>&1 | grep -E ‘^open(at)?\(.*\crypto.so’

[Matthew Dudley]

Ive installed strace, I tried what you suggested above and I get a syntax error. Ive renamed the file name to match what is in my download folder where I am running this. Strace seems to be working if I run it on the appimage, I get a fire hose of text.

here is the result Im getting with the syntax error:
strace ./AnimationPaper.AppImage 2>&1 | grep -E ‘^open(at)?\(.*\crypto.so’
bash: syntax error near unexpected token `(‘

thanks for the help and ideas.

[Frederik]

I think the forum has messed with the quotation marks. Let’s hope it works better this time.

$ strace ./Animation_Paper-x86_64.AppImage 2>&1 | grep -E ‘^open(at)?\(.*\crypto.so’

Edit: Nope, still the same problem. They should both be a simple single quotation mark.
Edit2: It seems the one needed is called the typewriter apostrophe (https://en.wikipedia.org/wiki/Apostrophe#ASCII_encoding)

• This reply was modified 1 month, 2 weeks ago by Frederik.
• This reply was modified 1 month, 2 weeks ago by Frederik.

[kale yes]

Hi, i am having the same problem as described above, and although i was not able to get the strace command to show any results, i did get these messages showing when i ran the appimage through the terminal and typed in my activation key.

qt.tlsbackend.ossl: Incompatible version of OpenSSL (built with OpenSSL >= 3.x, runtime version is < 3.x)
qt.network.ssl: The backend “cert-only” does not support QSslKey
qt.network.ssl: Active TLS backend does not support key creation
qt.network.ssl: The backend “cert-only” does not support QSslKey
qt.network.ssl: Active TLS backend does not support key creation
qt.network.ssl: The backend “cert-only” does not support QSslKey
qt.network.ssl: Active TLS backend does not support key creation
qt.network.ssl: The backend “cert-only” does not support QSslKey
qt.network.ssl: Active TLS backend does not support key creation
qt.network.ssl: The backend “cert-only” does not support QSslKey
qt.network.ssl: Active TLS backend does not support key creation
qt.network.ssl: The backend “cert-only” does not support QSslKey
qt.network.ssl: Active TLS backend does not support key creation
qt.network.ssl: The backend “cert-only” does not support QSslSocket
qt.network.ssl: The backend named “cert-only” does not support TLS
qt.network.ssl: QSslSocket::connectToHostEncrypted: TLS initialization failed
“TLS initialization failed” QNetworkReply::UnknownNetworkError
“”

I hope this helps!

[Niels]

Very helpful Kale! Thanks! I will show this to Frederik.

Best,
Niels

[kale yes]

Glad i could help 🙂

[Frederik]

Thanks.
I believe this has led me to the cause of this problem, and I hope to have a fix for it in the next release.