[vz-users] Debugging von SSL Problemen
Claas H. Köhler
claashk at web.de
Sat Jun 22 14:59:21 CEST 2019
curl -v über die Kommandozeile:
}powermeter:/etc # curl -v https://our.home/monitor/api/channel/<uid>.json
* Trying 192.168.x.x...
* TCP_NODELAY set
* Connected to our.home (192.168.x.x) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* start date: Jun 5 18:21:23 2019 GMT
* expire date: Jun 4 18:21:23 2021 GMT
* subjectAltName: host "our.home" matched cert's "our.home"
* SSL certificate verify ok.
> Host: our.home
> User-Agent: curl/7.60.0
> Accept: */*
Das scheint also über TLSv1.2 zu funktionieren. vzlogger scheitert aber
aus irgendeinem Grund mit TLSv1.2.
Viele Grüße
Claas
On 6/22/19 2:47 PM, Andreas Götz wrote:
> Kommst Du denn mit curl auf der Kommandozeile dahin? Was gibt curl mit -v aus?
>
> Ich kann nur vermuten, dass mit dem Zertifikat irgendwas nicht stimmt- Fehler in libcurl erscheint mir sehr unwahrscheinlich?
>
> Viele Grüße,
> Andreas
>
>> Am 22.06.2019 um 14:32 schrieb Claas H. Köhler <claashk at web.de>:
>>
>> Hallo,
>>
>> heute hatte ich wieder etwas Zeit, mich dem Problem zu widmen. Dazu habe
>> ich auf Vorschlag von Matthias die Zeilen
>>
>> curl_easy_setopt(_api.curl, CURLOPT_SSL_VERIFYPEER, 0L);
>> curl_easy_setopt(_api.curl, CURLOPT_SSL_VERIFYHOST, 0L);
>>
>> in /src/api/Volkszaehler.cpp eingefügt und im höchsten debug level getestet. Das Resultat ist die gleiche Fehlermeldung wie bei Joerg:
>>
>> [Jun 22 12:23:51][chn1] CURL: Connected to our.home (192.168.178.5) port
>> 443 (#0)
>> [Jun 22 12:23:51][chn0] CURL: Sent '^A' bytes
>> [Jun 22 12:23:51][chn1] CURL: ALPN, offering http/1.1
>> [Jun 22 12:23:51][chn1] CURL: Sent 5 bytes..
>> [Jun 22 12:23:51][chn1] CURL: Sent '^V^C^A' bytes
>> [Jun 22 12:23:51][chn1] CURL: TLSv1.2 (OUT), TLS handshake, Client hello
>> (1):
>> [Jun 22 12:23:51][chn1] CURL: Sent 203 bytes..
>> [Jun 22 12:23:51][chn1] CURL: Sent '^A' bytes
>> [Jun 22 12:23:51][chn0] CURL: Received 5 bytes
>> [Jun 22 12:23:51][chn0] CURL: Received '^U^C^C' bytes
>> [Jun 22 12:23:51][chn0] CURL: TLSv1.2 (IN), TLS alert, Server hello (2):
>> [Jun 22 12:23:51][chn0] CURL: Received 2 bytes
>> [Jun 22 12:23:51][chn0] CURL: Received '^B
>> ' bytes
>> [Jun 22 12:23:51][chn0] CURL: error:140943F2:SSL
>> routines:ssl3_read_bytes:sslv3 alert unexpected message
>> [Jun 22 12:23:51][chn0] CURL: stopped the pause stream!
>>
>> Gibt es dafür schon einen Bug report ?
>>
>> Viele Grüße
>> Claas
>>
>>
>>> On 6/12/19 9:43 PM, Joerg Krohn wrote:
>>> Hi,
>>>
>>> ich habe das gleiche Problem schon seit langem, deswegen hab ich wieder
>>> auf http umgestellt.
>>>
>>> Anbei jedoch die Meldungen, die bei mir mit https auftreten.
>>>
>>>> Kannst du mal ein log File schicken? (vzlogger.log) Prinzipiell
>>>> sollte das gehen (aber es gibt viele Fallstricke).
>>> debug level 15
>>> [Jun 12 21:27:45][chn0] CURL: Trying 87.230.93.240...
>>> [Jun 12 21:27:45][chn0] CURL: TCP_NODELAY set
>>> [Jun 12 21:27:45][chn0] CURL: Connected to vs02.gh26.net (87.230.93.240) port 440 (#0)
>>> [Jun 12 21:27:45][chn0] CURL: ALPN, offering http/1.1
>>> [Jun 12 21:27:45][chn0] CURL: Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
>>> [Jun 12 21:27:48][chn0] CURL: successfully set certificate verify locations:
>>> [Jun 12 21:27:48][chn0] CURL: CAfile: /etc/ssl/certs/ca-certificates.crt
>>> [Jun 12 21:27:48][chn0] CURL: TLSv1.2 (OUT), TLS header, Certificate Status (22):
>>> [Jun 12 21:27:48][chn0] CURL: Sent 5 bytes..
>>> [Jun 12 21:27:48][chn0] CURL: Sent '^V^C^A^B' bytes
>>> [Jun 12 21:27:48][chn0] CURL: TLSv1.2 (OUT), TLS handshake, Hello request (0):
>>> [Jun 12 21:27:48][chn0] CURL: Sent 512 bytes..
>>> [Jun 12 21:27:48][chn0] CURL: Sent '' bytes
>>> [Jun 12 21:27:48][chn0] CURL: Received 5 bytes
>>> [Jun 12 21:27:48][chn0] CURL: Received '^V^C^C' bytes
>>> [Jun 12 21:27:48][chn0] CURL: TLSv1.2 (IN), TLS handshake, Server hello (2):
>>> [Jun 12 21:27:48][chn0] CURL: Received 108 bytes
>>> [Jun 12 21:27:48][chn0] CURL: Received '^B' bytes
>>> [Jun 12 21:27:48][chn0] CURL: Received 5 bytes
>>> [Jun 12 21:27:48][chn0] CURL: TLSv1.2 (IN), TLS handshake, Certificate (11):
>>> [Jun 12 21:27:48][chn0] CURL: Received 2554 bytes
>>> [Jun 12 21:27:48][chn0] CURL: Received '^K' bytes
>>> [Jun 12 21:27:48][chn0] CURL: Received 5 bytes
>>> [Jun 12 21:27:49][chn0] CURL: Received '^V^C^C^AM' bytes
>>> [Jun 12 21:27:49][chn0] CURL: TLSv1.2 (IN), TLS handshake, Server key exchange (12):
>>> [Jun 12 21:27:49][chn0] CURL: Received 333 bytes
>>> [Jun 12 21:27:49][chn0] CURL: Received '^L' bytes
>>> [Jun 12 21:27:49][chn0] CURL: Received 5 bytes
>>> [Jun 12 21:27:49][chn0] CURL: Received '^V^C^C' bytes
>>> [Jun 12 21:27:49][chn0] CURL: TLSv1.2 (IN), TLS handshake, Server finished (14):
>>> [Jun 12 21:27:49][chn0] CURL: Received 4 bytes
>>> [Jun 12 21:27:49][chn0] CURL: Received '^N' bytes
>>> [Jun 12 21:27:49][chn0] CURL: Sent 5 bytes..
>>> [Jun 12 21:27:50][chn0] CURL: Sent '^V^C^C' bytes
>>> [Jun 12 21:27:50][chn0] CURL: TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
>>> [Jun 12 21:27:50][chn0] CURL: Sent 70 bytes..
>>> [Jun 12 21:27:50][chn0] CURL: Sent '^P' bytes
>>> [Jun 12 21:27:50][chn0] CURL: Sent 5 bytes..
>>> [Jun 12 21:27:50][chn0] CURL: Sent '^T^C^C' bytes
>>> [Jun 12 21:27:50][chn0] CURL: TLSv1.2 (OUT), TLS change cipher, Client hello (1):
>>> [Jun 12 21:27:50][chn0] CURL: Sent 1 bytes..
>>> [Jun 12 21:27:50][chn0] CURL: Sent '^A' bytes
>>> [Jun 12 21:27:50][chn0] CURL: Sent 5 bytes..
>>> [Jun 12 21:27:50][chn0] CURL: Sent '^V^C^C' bytes
>>> [Jun 12 21:27:50][chn0] CURL: TLSv1.2 (OUT), TLS handshake, Finished (20):
>>> [Jun 12 21:27:50][chn0] CURL: Sent 16 bytes..
>>> [Jun 12 21:27:50][chn0] CURL: Sent '^T' bytes
>>> CURL: Received 5 bytes
>>> [Jun 12 21:27:50][chn0] CURL: Received '^U^C^C' bytes
>>> [Jun 12 21:27:50][chn0] CURL: TLSv1.2 (IN), TLS alert, Server hello (2):
>>> [Jun 12 21:27:50][chn0] CURL: Received 2 bytes
>>> [Jun 12 21:27:50][chn0] CURL: Received '^B
>>> [Jun 12 21:27:50][chn0] CURL: error:140943F2:SSL routines:ssl3_read_bytes:sslv3 alert unexpected message
>>> [Jun 12 21:27:50][chn0] CURL: Curl_http_done: called premature == 1
>>> [Jun 12 21:27:50][chn0] CURL: stopped the pause stream!
>>> [Jun 12 21:27:50][chn0] CURL: Closing connection 0
>>> [Jun 12 21:27:51][chn0] CURL: SSL connect error
>>>
>>>
>>>> Schick bitte auch mal von dem curl Aufruf der funktioniert eine „curl
>>>> -V“ Ausgabe. Und der manuelle curl Aufruf klappt auch von dem Rechner
>>>> (rpi?) aus, auf dem vzlogger läuft, oder?
>>> curl vom RPI geht, hier die Ausgabe:
>>> curl https://vs02.gh26.net:440/middleware.php/channel/a5ca4660-d345-11e1-8224-b7f4802b7543.json
>>> {
>>> "version": "0.3",
>>> "entity": {
>>> "uuid": "a5ca4660-d345-11e1-8224-b7f4802b7543",
>>> "type": "electric meter",
>>> "cost": 0.00019766,
>>> "description": "RWE WP",
>>> "public": true,
>>> "resolution": 1,
>>> "title": "Strom Zaehler WP"
>>> },
>>> [..]
>>>
>>> curl -V
>>> curl 7.52.1 (arm-unknown-linux-gnueabihf) libcurl/7.52.1 OpenSSL/1.0.2q zlib/1.2.8 libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 librtmp/2.3
>>> Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
>>> Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM
>>> NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
>>>
>>> Viele Grüße
>>> Jörg
>>
More information about the volkszaehler-users
mailing list