EasyCwmp

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000304easycwmp[All Projects] Questionpublic2017-11-17 01:392017-11-24 14:53
Reportercarlberg 
Assigned To 
PrioritynormalSeverityminorReproducibilityalways
StatusnewResolutionopen 
PlatformopenwrtOSchaos calmerOS Version15.05
Summary0000304: acs url using https gives error
DescriptionUsing easycwmp 1.4.1 on openwrt 15.05 setting the acs url to use https instead of http gives error.
http url works flawless.

Using packages:
easycwmp_1.4.1_ar71xx.ipk
libcurl_7.40.0-3.2_ar71xx.ipk
libmicroxml_2015-03-18-caa8d3e6887f5c70e54df555dd78e4e45cfa74cc_ar71xx.ipk
ca-certificates_20150426_ar71xx.ipk

root@OpenWrt:~# curl -v https://www.google.com [^]
Gives successful response, no errors.

Log:
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: daemon started
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: external: execute inform device_id
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: external script exit
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: add event '2 PERIODIC'
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: http server initialized
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: entering main loop
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: start session
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: configured acs url https://server:port/acs/ [^]
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: external script init
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: external: execute inform parameter
Fri Nov 17 00:25:38 2017 daemon.notice easycwmpd: send Inform
Fri Nov 17 00:25:38 2017 daemon.notice easycwmpd: LibCurl Error: ssl_handshake returned - PolarSSL: (-0x7200) SSL - An invalid SSL record was
received
Fri Nov 17 00:25:38 2017 daemon.notice easycwmpd: sending http message failed
Fri Nov 17 00:25:38 2017 daemon.notice easycwmpd: sending Inform failed
Fri Nov 17 00:25:38 2017 daemon.notice easycwmpd: external: execute apply service
Fri Nov 17 00:25:38 2017 daemon.notice easycwmpd: external script exit
Fri Nov 17 00:25:39 2017 daemon.notice easycwmpd: end session failed


Have also tested with libcurl compiled to use OpenSSL, but that gives other error when using https.

Steps To ReproduceChange from http to https and restart easycwmpd and use logread -f
Additional Informationconfig acs
        option periodic_enable '1'
        option periodic_interval '100'
        option periodic_time '0001-01-01T00:00:00Z'
        option username 'acs'
        option password 'acs'
        option url 'https://server:port/acs/' [^]


root@OpenWrt:/# curl -V
curl 7.40.0 (mips-openwrt-linux-gnu) libcurl/7.40.0 PolarSSL/1.3.14
Protocols: file ftp ftps http https
Features: IPv6 Largefile SSL
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0000823)
mohamed.kallel (manager)
2017-11-17 10:39

Reproduced with the last version of easycwmp 1.6.0 ?
(0000824)
carlberg (reporter)
2017-11-18 19:22

yes, exact same error with 1.6.0.

easycwmp_1.6.0_ar71xx.ipk
libcurl_7.40.0-3.2_ar71xx.ipk
libmicroxml_2015-03-18-caa8d3e6887f5c70e54df555dd78e4e45cfa74cc_ar71xx.ipk

What version of libcurl are you using?
(0000825)
carlberg (reporter)
2017-11-18 22:56

This works:
curl https://www.google.com [^] or some other https site works.
(0000826)
hmh (reporter)
2017-11-22 12:00
edited on: 2017-11-22 12:00

Works here using openwrt 15.05.1+git, easycwmp 1.6.0, and *openssl* (not mbedtls/polarssl).

For libcurl+mbedtls, the "ca bundle in single file" version of ca-certificates is required. libcurl+openssl can use either version of ca-certificates, if configured properly. In either case, you must configure things properly so that the certificates are found by libcurl, or easycwmp will reject the connection (which is good).

That said, it wouldn't explain the strange SSL error you got. I suggest you use Qualys' SSLlabs to test that ACS, it might be spewing weird crap or using an uncommon algo that limited mbedtls doesn't support...

https://www.ssllabs.com/ssltest/ [^]

(0000828)
carlberg (reporter)
2017-11-23 17:30
edited on: 2017-11-23 17:32

Please send (name and) versions of libcurl, libmicro and openssl packages used.

(0000829)
hmh (reporter)
2017-11-24 14:53

Same versions as in message 824.

We do patch easycwmp, but nothing related to this issue (and all patches we use have already been reported to this bug tracker).

- Issue History
Date Modified Username Field Change
2017-11-17 01:39 carlberg New Issue
2017-11-17 10:39 mohamed.kallel Note Added: 0000823
2017-11-18 19:22 carlberg Note Added: 0000824
2017-11-18 22:56 carlberg Note Added: 0000825
2017-11-22 12:00 hmh Note Added: 0000826
2017-11-22 12:00 hmh Note Edited: 0000826 View Revisions
2017-11-23 17:30 carlberg Note Added: 0000828
2017-11-23 17:30 carlberg Note Edited: 0000828 View Revisions
2017-11-23 17:32 carlberg Note Edited: 0000828 View Revisions
2017-11-24 14:53 hmh Note Added: 0000829


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker