We’re currently evaluating Syncthing with a local discovery server, I have a valid CA-signed certificate/key pair and I got a bunch of tls handshake errors AND discovery doesn’t work:
./stdiscosrv -cert -key -listen 10.102.2.168:8443 -debug stdiscosrv v0.14.48 (go1.10.3 linux-amd64) teamcity@build.syncthing.net 2018-05-14 06:53:06 UTC Server device ID is MS6UVEX-VTJHDHQ-HYQS7FJ-T4PPX2I-KTMY7V4-DVGI3L3-ANXOIQ6-A7V3MAP http: TLS handshake error from 10.99.125.33:62611: remote error: tls: bad certificate http: TLS handshake error from 10.99.125.33:62617: remote error: tls: bad certificate http: TLS handshake error from 10.99.125.33:62700: remote error: tls: bad certificate http: TLS handshake error from 10.102.2.138:55006: remote error: tls: bad certificate http: TLS handshake error from 10.102.2.138:55014: remote error: tls: bad certificate http: TLS handshake error from 10.99.125.33:62795: remote error: tls: bad certificate http: TLS handshake error from 10.102.2.138:55304: remote error: tls: bad certificate http: TLS handshake error from 10.99.125.33:62886: remote error: tls: bad certificate http: TLS handshake error from 10.99.125.33:62905: remote error: tls: bad certificate http: TLS handshake error from 10.102.2.138:55346: remote error: tls: bad certificate http: TLS handshake error from 10.99.125.33:62946: remote error: tls: bad certificate http: TLS handshake error from 10.99.125.33:62954: remote error: tls: bad certificate http: TLS handshake error from 10.99.125.33:62986: remote error: tls: bad certificate
Tried stdiscosrv v0.14.44 and v0.14.48.
If I add ?id=… to the discovery server URL, it works. I would like to avoid to put this id for convenience, and the documentation says the ?id needs only to be provided when a self-signed cert is used… any thoughts? Thanks!