Cross-signing verification of a remote user is incomplete #13824
Comments
|
Thank you for all your work. I like very much matrix and can't wait to be able to use it very smoothly with all my relatives. It's everyday better and better. This cross-signing is really great! |
|
Today I updated my RiotX (v0.20) on my android and something funny is occurring in there (on v0.19, it was all black) Still
but if I click on him
His shield is green in here..... |
|
Thanks for the report @Thatoo. Could you please try upgrading your synapse to 1.13.0, and verifying again? To see if you're hitting matrix-org/synapse#7177 ... |
|
Ok, I'll do that as soon as https://github.com/YunoHost-Apps/synapse_ynh merge in Master and I can do the update. I'll keep you informed. |
|
I have exactly the same problem. I verified a remote user. He sees me as completely green but I only get a green icon for his "Desktop" device, not for the other 3. I'm already on Synapse 1.13.0 (Arch Linux). Will update to 1.14.0 when it is available in the repo. Can I provide any diagnostics that could be helpful for you? |
|
This is still occurring with un-federated Matrix Synapse v1.14.0 on a self-hosted riot web client v1.6.2. Let me know if I can provide any info. The other person has one mobile session, which I verified from my web client. Their shield is still black and still gives the option to verify, but clicking the "1 session" under their user sidebar expands to show the session is already verified. Still, I can click the verify button. Rooms they are in also show the black shield. Not sure if it is relevant, but when they tried to start a DM with me before verifying, it opened two DM rooms for them, and when I tried to leave the one I hadn't talked in by clicking it on the sidebar and choosing "Leave" I actually left the other one instead. Also they set a profile picture, but it doesn't show up at all unless I click their default colored letter profile image, which brings up the full size version of the uploaded image. I should note that they are the only user on my server so far using the mobile client, except for me. (And we haven't attempted any verifications with mine.) The other users are using web or desktop client, and not showing this issue on my end when I verify them from the web client. I do not know the exact version of the other user's mobile app, but it was installed some time in the last two weeks. Edit: I got the same thing on riot-web a second time manually/text verifying another mobile user who joined. Not the multiple rooms, or the profile image issue (yet), but the shield being black despite me verifying from my end. (This one was offline when I verified them, if that matters. And, the verification for this user, and possibly the last user are from my end only so far.) Also, currently I have a riot-web session and a mobile session, and I have only verified these two users from my riot-web session. But, other users I verified only from my riot-web session who are not on mobile sessions have green shields. |
|
my server is federated though. I mean the problem occur between me (on self-hosted synapse) and one user on matrix.org. I didn't update yet to v1.13.0 but will do asap when it releases on yunohost. |
Well, that probably just rules out federation vs non-federation as a factor in the issue. |
|
Submitted my debug logs, cross-signing verifications also fail between my matrix.org account and my other account hosted on modular.im. |
|
I have updated synapse to v 1.14 and Riot-desktop to v 1.6.5 and RiotX to v 0.22, the problem is remaining. We are federated. We can talk, exchange files, call each other, explore rooms in other server without problem. Only verification isn't working fully properly... |
|
I had a quick at the rageshakes posted here earlier, and it looks like a missing/outdated master signing key... So there could potentially still be an issue with synapse device syncing. Could you rageshake your recent attempt again please @Thatoo after having updated synapse? |
|
I was just having this issue and this fixed it. I had verified all of the users sessions, but they still had a black shield.
When they did, the green shield appeared and is present throughout all rooms that user is in. |
I've just done it, after updating our both Riot-desktop to v 1.6.6. |
Done!
Done!
Done! Well, I have to initiate the verification. He can't initiate the verification anymore as my shield is green for him and he doesn't have the option to verify me anymore.
My shield for him is green and all room where me and other users of my self-hosted synapse that he verified are green but on screen of users of my self hosted synapse server, even after all verification possible his shield (his account is on matrix.org) remain black and all our room are black. One solution would be that he migrates to our self hosted server or that we migrate to matrix.org but I guess that's not very satisfying.... |
Unfortunately, there's no way currently to unverify a single person. The only "undo-style" option at the moment is to reset your entire cross-signing identity in Settings, which clears all verifications you've done. |
|
@Thatoo Your recent debug log suggests you updated to Synpase 1.14, but the latest version is 1.15.1, which contains some device list fixes which might be relevant for this problem. Can you try updating to that? |
|
I will, as soon as 1.15.1 is available on yunohost. I'll keep you updated. |
|
I found a solution: The problem for me was that the device list was stale it seems. The linked issue resolves this: Connect to your PostgreSQL server (not tested with SqLite) and run: Replace Restart the Riot.im client. The line will dissapear in the database. Try verifying again. It should work now :) |
|
Maybe this step could be transferred to some kind of recurring maintenance routine inside synapse. |
|
matrix-org/matrix-spec-proposals#2638 would create a way for the client to notify the server that things are out of date and to resync. |
|
I have experimented an other kind of issue, similar but slightly different this time. Me and a matrix.org account, we could verify each other but this time, his shield doesn't become neither green neither black but RED. Indeed, in his devices list, on my account, an old device of him remain listed whereas he had removed it and it doesn't appear on his device list on his account. It is like I didn't get the update of his devices list. |
|
I'm not sure if this is the same thing or not, but I have a user who I have verified out-of-band ages ago, before cross-signing, so I wanted to verify them. Both of us are on Since I had already verified, them, I opted to manually verify them. Now their entry looks like this:
And when I click on
Why do the shields disagree? Is this an example of this bug? Restarting Element doesn't fix the shield. |
|
Do you think this bug is linked to this issue matrix-org/synapse#2526 ? |
Description
After cross-signing verification attempt, my shield become green on my friend's devices but his shield keep being black on my devices (both Riot-desktop and RiotX). I have all his devices verified though (legacy way)... but I can still start a cross-signing verification with him from Riot-desktop (he can't) that won't lead to a better situation. It will say that it succeeded but his shield will remain black.
Steps to reproduce
Describe how what happens differs from what you expected.
After a successful cross-signing verification
it seems that it didn't work as the shield remain black.
Version information
For the desktop app:
version de olm : 3.1.3
version of my own synapse server : 1.12.4
The text was updated successfully, but these errors were encountered: