[vz-users] Debugging von SSL Problemen

[Claas H. Köhler]

Hallo,

heute hatte ich wieder etwas Zeit, mich dem Problem zu widmen. Dazu habe
ich auf Vorschlag von Matthias die Zeilen

curl_easy_setopt(_api.curl, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(_api.curl, CURLOPT_SSL_VERIFYHOST, 0L);

in /src/api/Volkszaehler.cpp eingefügt und im höchsten debug level getestet. Das Resultat ist die gleiche Fehlermeldung wie bei Joerg:

[Jun 22 12:23:51][chn1] CURL: Connected to our.home (192.168.178.5) port
443 (#0)
[Jun 22 12:23:51][chn0] CURL: Sent '^A' bytes
[Jun 22 12:23:51][chn1] CURL: ALPN, offering http/1.1
[Jun 22 12:23:51][chn1] CURL: Sent 5 bytes..
[Jun 22 12:23:51][chn1] CURL: Sent '^V^C^A' bytes
[Jun 22 12:23:51][chn1] CURL: TLSv1.2 (OUT), TLS handshake, Client hello
(1):
[Jun 22 12:23:51][chn1] CURL: Sent 203 bytes..
[Jun 22 12:23:51][chn1] CURL: Sent '^A' bytes
[Jun 22 12:23:51][chn0] CURL: Received 5 bytes
[Jun 22 12:23:51][chn0] CURL: Received '^U^C^C' bytes
[Jun 22 12:23:51][chn0] CURL: TLSv1.2 (IN), TLS alert, Server hello (2):
[Jun 22 12:23:51][chn0] CURL: Received 2 bytes
[Jun 22 12:23:51][chn0] CURL: Received '^B
' bytes
[Jun 22 12:23:51][chn0] CURL: error:140943F2:SSL
routines:ssl3_read_bytes:sslv3 alert unexpected message
[Jun 22 12:23:51][chn0] CURL: stopped the pause stream!

Gibt es dafür schon einen Bug report ?

Viele Grüße
Claas


On 6/12/19 9:43 PM, Joerg Krohn wrote:
> Hi,
>
> ich habe das gleiche Problem schon seit langem, deswegen hab ich wieder
> auf http umgestellt.
>
> Anbei jedoch die Meldungen, die bei mir mit https auftreten.
>
>> Kannst du mal ein log File schicken? (vzlogger.log) Prinzipiell
>> sollte das gehen (aber es gibt viele Fallstricke).
> debug level 15
> [Jun 12 21:27:45][chn0] CURL:   Trying 87.230.93.240...
> [Jun 12 21:27:45][chn0] CURL: TCP_NODELAY set
> [Jun 12 21:27:45][chn0] CURL: Connected to vs02.gh26.net (87.230.93.240) port 440 (#0)
> [Jun 12 21:27:45][chn0] CURL: ALPN, offering http/1.1
> [Jun 12 21:27:45][chn0] CURL: Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
> [Jun 12 21:27:48][chn0] CURL: successfully set certificate verify locations:
> [Jun 12 21:27:48][chn0] CURL:   CAfile: /etc/ssl/certs/ca-certificates.crt
> [Jun 12 21:27:48][chn0] CURL: TLSv1.2 (OUT), TLS header, Certificate Status (22):
> [Jun 12 21:27:48][chn0] CURL: Sent 5 bytes..
> [Jun 12 21:27:48][chn0] CURL: Sent '^V^C^A^B' bytes
> [Jun 12 21:27:48][chn0] CURL: TLSv1.2 (OUT), TLS handshake, Hello request (0):
> [Jun 12 21:27:48][chn0] CURL: Sent 512 bytes..
> [Jun 12 21:27:48][chn0] CURL: Sent '' bytes
> [Jun 12 21:27:48][chn0] CURL: Received 5 bytes
> [Jun 12 21:27:48][chn0] CURL: Received '^V^C^C' bytes
> [Jun 12 21:27:48][chn0] CURL: TLSv1.2 (IN), TLS handshake, Server hello (2):
> [Jun 12 21:27:48][chn0] CURL: Received 108 bytes
> [Jun 12 21:27:48][chn0] CURL: Received '^B' bytes
> [Jun 12 21:27:48][chn0] CURL: Received 5 bytes
> [Jun 12 21:27:48][chn0] CURL: TLSv1.2 (IN), TLS handshake, Certificate (11):
> [Jun 12 21:27:48][chn0] CURL: Received 2554 bytes
> [Jun 12 21:27:48][chn0] CURL: Received '^K' bytes
> [Jun 12 21:27:48][chn0] CURL: Received 5 bytes
> [Jun 12 21:27:49][chn0] CURL: Received '^V^C^C^AM' bytes
> [Jun 12 21:27:49][chn0] CURL: TLSv1.2 (IN), TLS handshake, Server key exchange (12):
> [Jun 12 21:27:49][chn0] CURL: Received 333 bytes
> [Jun 12 21:27:49][chn0] CURL: Received '^L' bytes
> [Jun 12 21:27:49][chn0] CURL: Received 5 bytes
> [Jun 12 21:27:49][chn0] CURL: Received '^V^C^C' bytes
> [Jun 12 21:27:49][chn0] CURL: TLSv1.2 (IN), TLS handshake, Server finished (14):
> [Jun 12 21:27:49][chn0] CURL: Received 4 bytes
> [Jun 12 21:27:49][chn0] CURL: Received '^N' bytes
> [Jun 12 21:27:49][chn0] CURL: Sent 5 bytes..
> [Jun 12 21:27:50][chn0] CURL: Sent '^V^C^C' bytes
> [Jun 12 21:27:50][chn0] CURL: TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
> [Jun 12 21:27:50][chn0] CURL: Sent 70 bytes..
> [Jun 12 21:27:50][chn0] CURL: Sent '^P' bytes
> [Jun 12 21:27:50][chn0] CURL: Sent 5 bytes..
> [Jun 12 21:27:50][chn0] CURL: Sent '^T^C^C' bytes
> [Jun 12 21:27:50][chn0] CURL: TLSv1.2 (OUT), TLS change cipher, Client hello (1):
> [Jun 12 21:27:50][chn0] CURL: Sent 1 bytes..
> [Jun 12 21:27:50][chn0] CURL: Sent '^A' bytes
> [Jun 12 21:27:50][chn0] CURL: Sent 5 bytes..
> [Jun 12 21:27:50][chn0] CURL: Sent '^V^C^C' bytes
> [Jun 12 21:27:50][chn0] CURL: TLSv1.2 (OUT), TLS handshake, Finished (20):
> [Jun 12 21:27:50][chn0] CURL: Sent 16 bytes..
> [Jun 12 21:27:50][chn0] CURL: Sent '^T' bytes
> CURL: Received 5 bytes
> [Jun 12 21:27:50][chn0] CURL: Received '^U^C^C' bytes
> [Jun 12 21:27:50][chn0] CURL: TLSv1.2 (IN), TLS alert, Server hello (2):
> [Jun 12 21:27:50][chn0] CURL: Received 2 bytes
> [Jun 12 21:27:50][chn0] CURL: Received '^B
> [Jun 12 21:27:50][chn0] CURL: error:140943F2:SSL routines:ssl3_read_bytes:sslv3 alert unexpected message
> [Jun 12 21:27:50][chn0] CURL: Curl_http_done: called premature == 1
> [Jun 12 21:27:50][chn0] CURL: stopped the pause stream!
> [Jun 12 21:27:50][chn0] CURL: Closing connection 0
> [Jun 12 21:27:51][chn0] CURL: SSL connect error
>
>
>> Schick bitte auch mal von dem curl Aufruf der funktioniert eine „curl
>> -V“ Ausgabe. Und der manuelle curl Aufruf klappt auch von dem Rechner
>> (rpi?) aus, auf dem vzlogger läuft, oder?
> curl vom RPI geht, hier die Ausgabe:
> curl https://vs02.gh26.net:440/middleware.php/channel/a5ca4660-d345-11e1-8224-b7f4802b7543.json
> {
>          "version": "0.3",
>          "entity": {
>                  "uuid": "a5ca4660-d345-11e1-8224-b7f4802b7543",
>                  "type": "electric meter",
>                  "cost": 0.00019766,
>                  "description": "RWE WP",
>                  "public": true,
>                  "resolution": 1,
>                  "title": "Strom Zaehler WP"
>          },
> [..]
>
> curl -V
> curl 7.52.1 (arm-unknown-linux-gnueabihf) libcurl/7.52.1 OpenSSL/1.0.2q zlib/1.2.8 libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 librtmp/2.3
> Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
> Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM
> NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
>
> Viele Grüße
> Jörg