Gameforge Client bug

  • Hi


    I just find strange technical problem, can you help me to resolve it?


    Server - Vidar.

    About 12:00 CET i was login and play about an hour, everything was ok.


    Now, when I try to launch Gameforge Client, I have this error:



    kj651bR



    Well, the phrases "the SSL sertificat is invalid", and "possible reason - someone is attacking your connection to the server" are disturbind at least.



    I did not change anything during this 5 hours from the last login,

    I did not install\change\modigied - nothing.



    Please help to fix this problem.




    Why I am sure that it's Gameforge Client problem and not my??


    Because I have another account, and wheb connected directly to the game "nocheckversion?" - everything is OK, i can play.



    The screenshot with problem is attached.

  • I had the same.


    I klicked "No" and logged out from the Client, 5-10 min. later i tried again, and the normal way.... Logg in and i can push play....


    Thanks, but that doesn't work for me, because i'm not log in yet..



    I'm already tried to press "No", and have the same error menu.


    When choosing "No" about 6-10 times, the menu appeared, with option to enter my email and so.



    But I think give to the Gameforge Client email\login\password - while error is still present - not a very good idea(((

  • Hello everyone, I'm a player of another gameforge game, this error is present on all the games currently bootable from the GF launcher, the tls / ssl certificate used by the launcher to establish encrypted connections has expired as you can see in the sixth line of the error message where is reported 2000-05-30 - 2020-05-30, this error will be addressed as soon as it is loaded the new certificate, probably today. Good day.

    Edited once, last by WhiteHat ().

  • Check the date/time on your PC. If it is not correct the SSL cert cannot verify. I have seen this error before.

    Wiki.png?version=4b4e55609c0a0a40661789aa561decddBludwyng [The RoM Wiki-Ferret]

    Mithrandyr (Wd/D/S), Elbehreth (M/D/S), Giblet (Wk/P/M), Bludwyng (W/M), Grymjack (K/W), Donaldubh (R/S/P), & Reuxpierre (Ch/M/W) on Aeterna

    Malcontent 49/34/36 M/R/W) & Bludwyng (20/14 W/R) on Phoenix


    Admin of The RoM Wiki at https://runesofmagic.gamepedia.com

    Steam profile: Bludwyng

  • I had similar experience as is described in the first message yesterday. I've closed game after siege war (around 17 CET), and everything was ok then, but when I tried to enter game couple of hours later, same problem window appeared - about expiration of certificates on 30-05-20.

    Then I pressed "No" (3 times, each time window showed new Fingerpind ID). Though in my case I've already been logged in client, so after third "No" I saw Gameforge starting window, but ROM has only option "Install" now. That's strange..
    Logging out of client as Velm mentioned doesn't help.
    Restarting pc too ;)

    Hope tomorrow mainteance will help somehow (at least by renewing certificates).. And hope that admins will notice at least this message)

  • Sad, but the problem still there, even after today's server mainteance


    I can't play Runes of Magic(((

    Check the date/time on your PC. If it is not correct the SSL cert cannot verify. I have seen this error before.

    The date-time is ok)





    Maybe forum administrator can read this post and help me?


    Because tech support did not answer for now...

  • seems like some users are getting hit by the issue coming up since last weekend


    https://www.google.com/search?…st+external+ca+root+issue


    german IT news outlet golem.de: https://www.golem.de/news/sect…r-aerger-2006-148840.html



    a closer look on the first post plus the general IT news from all over the internet point to this exact issue.


    It says "Addtrust" right there.



    After 20 years(!), this root certifcate expired naturally and it is currently causing issues all over the internet because some clients rely on it.

    This includes the Gameforge Client.


    Colors added to the relevant parts of the error message.


    Yellow = the name of the certificate in question, so you can see its the one the google link at the top of the post is talking about.

    Red: The culprit for the error itself. May 30 2020 was ... last Saturday. ;)




    As for a solution ... I'm not 100% sure yet.



    Things worth trying:


    a) deleting or deactivating the certificate in question on your machine. (It expired on May 30th anyway, so even if it does not fix the issue, it cant make it worse)


    Run > certmgr.msc

    see Trusted Root Certification Authorities > Certificates


    find the "AddTrust External CA Root" and delete it. You can export it first via rightclick > all tasks > export , just in case.


    This is probably not advisable it this section reads like Chinese to you ;)



    ---


    b) https://www.ssl.com/blogs/addt…root-expired-may-30-2020/ (See the part about replacement certificates)


    ---


    c) rather simple: pressing "Yes" when the question pops up again, because this is not an attack or anything but it's simply an expired root certificate - this is just a workaround.


    As for a permanent solution that does not require manual fiddling by users:


    I suspect the libeay32.dll from the Gameforge Client needs to be replaced with a newer version. We'd need a client version update.

    I've reported the problem and its likely issue as I'm typing this so someone who works on the Client can look into it.


    (OpenSSL 1.0.2.X is affected, and the file has either 1.0.2.15 or 1.0.2o )



    d) (only semi-serious) .... switch back your system time to before May 30th? XD



    [This user speaks English on a near native level.]

    [This user speaks German on a native level.]

    [This user can curse in a variety of languages.]


    In the beginning the Universe was created.

    This has made a lot of people very angry and been widely regarded as a bad move.



    Trust me, I'm an engineer.....with epic skill and epic gear


  • Thanks for the answer - none of this method didn't work((



    a) deleting the expired certificate + b) replacing and installing new sertificates -


    in the end I have similar error, but now with another name and another date





    And as far as i understand, this new "Sectigo" error sertificate will expired in 2030-

    i thought 10 years is more than enough for the playing...



    And I played all this time without "Sectigo" errors, obviously...




    c) "pressing "Yes" when the question pops up again" -


    after that I'm able to log in to the Gameforge client - thats good


    But... there is no option to "play" at all ((


    The one and only option a have there - is to install the game once more...

    what? seriously ?????




    P.S. Gameforge client was updating twice, all I wrote i have with last version of the client


    P.P.S. Restarting computer and gameforge client many times didn't work



    So i don't know what to do next - One week without game has started(((

    Edited 2 times, last by Seeker ().

  • Korin

    Set the Label from General to GameForge Launcher/Steam
  • I have the Golem article, but never thought it could affect Runes of Magic. An even better description can be found in:

    https://www.agwa.name/blog/pos…_addtrust_root_expiration

    and in

    https://support.sectigo.com/ar…Root-Expiring-May-30-2020



    The issue is, that the root certificate "Addtrust" was replaced with "USERTrust". But "USERTrust" was too new, and many clients did not accept it as root certificate, therefore they signed the new "USERTrust" with the old "Addtrust". Because of this, such a certificate chain is used:


    "Addtrust" --[signs]--> "USERTrust" --[signs]--> Sectigo whatever --[signs]--> a certificate for Gameforge


    This chain is probably sent by the gameforge servers. Before 2020-05-30 this chain was completely valid. After that, the chain should be valid only from the end back to "USERTrust". A correct TLS implementation which verifies the chain, should start at the end, and follow the chain until it finds a trusted root certificate, which should be "USERTrust". However, many incorrect implementations are also trying to verify the chain further back to "Addtrust" and fail because it has expired. However, that last step is not necessary, because "USERTrust" should already be a trusted root certificate, and therefore the chain would be valid, no matter whether "Addtrust" has expired or not.



    This picture (source: https://support.sectigo.com/ar…Root-Expiring-May-30-2020 ) describes it very well:


    rtaImage?eid=ka03l000000Y6d5&feoid=00N1N00000Oytzq&refid=0EM3l000002YZ1C




    Of course, we can't replace the wrong implementation, as this has to be done by Gameforge.


    A client side workaround for some of the wrong implementations is to delete a "Addtrust" certificate from the local certificate store. Without this, those implementations will build up the correct chain, based on "USERTrust".


    A server side workaround is to change the gameforge server and delete the outdated "Addtrust" certificate there, so the server would only send the following chain:

    "USERTrust" --[signs]--> whatever --[signs]--> a certificate for RoM

    This would also stop the implementations from trying to verify the outdated "Addtrust".



    But the proper way to fix it is to replace the wrong TLS implementation, because only this the wrong part about it. If that implementation is from Gameforge (or Runewaker), then Gameforge has to do it. If it is from the operating system, then the affected users need to find out, why they have a different (=bad) TLS implementation.



    The main questions for me are however:

    Why does it happens only to some people?

    Is RoM using an internal TLS implementation or a mechanism from the operating system (Windows)?

    If it is the later, could that TLS implementation be too old, probably because some Windows updates are missing?

    Or is is possible that some crazy virus scanners were hijacking that process, to be able to scan into https connections?

  • meisjustme :


    Gameforge Client ships with an 1.0.2.x openssl dll, IMHO this is the most likely culprit as OpenSSL 1.1.x and newer is required to handle this properly according to the golem article.


    "OpenSSL führt die Prüfung erst in Version 1.1 korrekt durch, viele Systeme nutzen aber ältere OpenSSL-Versionen."


    C:\Program Files (x86)\GameforgeClient\ssleay32.dll

    C:\Program Files (x86)\GameforgeClient\libeay32.dll


    The part I do not understand though: Would not every user of the Gameforge Client be affected by this?


    I for one have a lot of tools that use those dlls and ALL of them are outdated, affected versions but I dont get the error at all.


    even the one in Windows/system32 on my machine is just 1.0.2.12 / 1.02l


    Speculation: s3-static.geo.gfsrv.net points to CDN and different users are getting different certificates with different chains?



    For what it's worth, it was already reported but I do not know when an update will be shipped.



    [This user speaks English on a near native level.]

    [This user speaks German on a native level.]

    [This user can curse in a variety of languages.]


    In the beginning the Universe was created.

    This has made a lot of people very angry and been widely regarded as a bad move.



    Trust me, I'm an engineer.....with epic skill and epic gear

  • Yes, different certificate chains at the various servers of a CDN (content delivery network) was also one explanation I thought of.



    Also it is possible that the Gameforge Client is a mixture of various tools, for example a web browser to display news, the update download mechanism, and whatever. And each of those parts could in theory use bring their own implementation or use something from the operating system. But actually I don't believe that.


    Also virus scanners hijacking/manipulating https connections, and also with a bad implementation could be an explanation. But this also doesn't sound very plausible to me.

  • Hi again


    The problem is still remains, all the same...


    1.5 month - I still can't play(



    I thought somebody will replace this sertificate, but unfortunatelly no...



    So...as nothing changes - I must say "goodbye" to the game, or this problem will be resolved?

  • Something I don't see suggested- Right-click windows start, go to Apps at the top of the list. Delete GF Live and GF Client. download it over again (do it at bedtime so it can load overnight) and see what happens.

  • Something I don't see suggested- Right-click windows start, go to Apps at the top of the list. Delete GF Live and GF Client. download it over again (do it at bedtime so it can load overnight) and see what happens.

    i think i saw it suggested earlier maybe discord but afaik didnt work, but cant hurt to try

    SoVvjsU.png