Flatpak - TLS/SSL issues

Since the beginning of last week I’ve started having enormous problems with Flatpak on OpenSUSE. On both Leap 15 and 15.1 I can’t download nvidia runtime from Flathub (which basically makes most of the apps fail). I get something along those lines:

Installing: org.freedesktop.Platform.GL.nvidia-430-14/x86_64/1.4 from flathub
#=                  ] Downloading files: 1/1 569 bytes         
error: While downloading https://us.download.nvidia.com/XFree86/Linux-x86_64/430.14/NVIDIA-Linux-x86_64-430.14-no-compat32.run: Error writing data to TLS socket: The specified session has been invalidated for some reason.

Also some apps (Discord for example) fail to install with similar output.
On Leap 15 I’ve been able to pull the runtime by downgrading gnutls and libgnutls packages - something I can’t do on 15.1 . Sadly that does not mean the end of the issues - now Discord and Slack report connection issues. Steam is another wicked beast - now it shows “SSL certificate error”, so I can’t browse the store. Also chat can’t connect. Updates to my library download though (some games report connection issues). Lastly RSS Feed reader - it is able to pull only limited selection of feeds (BBC for example), while reporting connection problems on most.
Any ideas what can I try to make Flatpaks work again?
Tried it on Solus - and it seems to work correctly. On Fedora got similar problems.

Same issue on my end too.
But only with the nvidia flatpak packages. Also found a github issue about this topic.
Every other app I installed through flatpak just installs and updates fine. Such as GIMP and OpenMW but without the NV packages at least openmw will not run.

Also I don’t believe it’s a Leap 15.1 issue, I’m running it too, because as I described any other app just works fine.

You have options for downgrading those packages as well, for example here is the software search page for gnutls, see the packages available for 15.1



on my end downgrade solved the problem with the Nvidia runtime (but note - it was not the only “app” that had issues, basically huge chunk of the flatpaks that pull something from other sites didn’t work - Discord for example), but introduced other - as mentioned above. Discord and Slack couldn’t connect, while other reported various connection / SSL issues.
When I downgraded Bubblewrap and Flatpak on Leap 15 as well the issues went away.

I don’t see the option to fall back that far on 15.1 - the oldest packages I see there are like the latest available for 15.
Will try removing Bubblewrap and Flatpak on 15.1 and building it from sources available on git. Hope I’ll be able to pull it successfully. If I do I’ll report whether it makes a difference.

As of now Flatpak support on OpenSUSE seems broken.

At least in the gnutls link I provided, there are a number of versions older than default, just don’t know if they’re old enough to address your problem.
Additionally, I would think that since 15.1 is “only a minor upgrade version” from 15.0, I would think that you could install 15.0 packages if needed… Just make sure that you’re on BTRFS with snapshots enabled so that you can roll back if the experiment is unsuccessful.

Needless to say, if you install a 15.0 package, don’t remain subscribed to the 15.0 repository the package comes from.