View Issue Details

IDProjectCategoryView StatusLast Update
0000304easycwmpQuestionpublic2018-05-10 15:09
Reportercarlberg Assigned Tomohamed.kallel  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionno change required 
PlatformopenwrtOSchaos calmerOS Version15.05
Summary0000304: acs url using https gives error
DescriptionUsing easycwmp 1.4.1 on openwrt 15.05 setting the acs url to use https instead of http gives error.
http url works flawless.

Using packages:
easycwmp_1.4.1_ar71xx.ipk
libcurl_7.40.0-3.2_ar71xx.ipk
libmicroxml_2015-03-18-caa8d3e6887f5c70e54df555dd78e4e45cfa74cc_ar71xx.ipk
ca-certificates_20150426_ar71xx.ipk

root@OpenWrt:~# curl -v https://www.google.com
Gives successful response, no errors.

Log:
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: daemon started
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: external: execute inform device_id
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: external script exit
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: add event '2 PERIODIC'
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: http server initialized
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: entering main loop
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: start session
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: configured acs url https://server:port/acs/
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: external script init
Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: external: execute inform parameter
Fri Nov 17 00:25:38 2017 daemon.notice easycwmpd: send Inform
Fri Nov 17 00:25:38 2017 daemon.notice easycwmpd: LibCurl Error: ssl_handshake returned - PolarSSL: (-0x7200) SSL - An invalid SSL record was
received
Fri Nov 17 00:25:38 2017 daemon.notice easycwmpd: sending http message failed
Fri Nov 17 00:25:38 2017 daemon.notice easycwmpd: sending Inform failed
Fri Nov 17 00:25:38 2017 daemon.notice easycwmpd: external: execute apply service
Fri Nov 17 00:25:38 2017 daemon.notice easycwmpd: external script exit
Fri Nov 17 00:25:39 2017 daemon.notice easycwmpd: end session failed


Have also tested with libcurl compiled to use OpenSSL, but that gives other error when using https.

Steps To ReproduceChange from http to https and restart easycwmpd and use logread -f
Additional Informationconfig acs
        option periodic_enable '1'
        option periodic_interval '100'
        option periodic_time '0001-01-01T00:00:00Z'
        option username 'acs'
        option password 'acs'
        option url 'https://server:port/acs/'


root@OpenWrt:/# curl -V
curl 7.40.0 (mips-openwrt-linux-gnu) libcurl/7.40.0 PolarSSL/1.3.14
Protocols: file ftp ftps http https
Features: IPv6 Largefile SSL
TagsNo tags attached.
e-mail notification

Activities

mohamed.kallel

2017-11-17 10:39

administrator   ~0000823

Reproduced with the last version of easycwmp 1.6.0 ?

carlberg

2017-11-18 19:22

reporter   ~0000824

yes, exact same error with 1.6.0.

easycwmp_1.6.0_ar71xx.ipk
libcurl_7.40.0-3.2_ar71xx.ipk
libmicroxml_2015-03-18-caa8d3e6887f5c70e54df555dd78e4e45cfa74cc_ar71xx.ipk

What version of libcurl are you using?

carlberg

2017-11-18 22:56

reporter   ~0000825

This works:
curl https://www.google.com or some other https site works.

hmh

2017-11-22 12:00

reporter   ~0000826

Last edited: 2017-11-22 12:00

Works here using openwrt 15.05.1+git, easycwmp 1.6.0, and *openssl* (not mbedtls/polarssl).

For libcurl+mbedtls, the "ca bundle in single file" version of ca-certificates is required. libcurl+openssl can use either version of ca-certificates, if configured properly. In either case, you must configure things properly so that the certificates are found by libcurl, or easycwmp will reject the connection (which is good).

That said, it wouldn't explain the strange SSL error you got. I suggest you use Qualys' SSLlabs to test that ACS, it might be spewing weird crap or using an uncommon algo that limited mbedtls doesn't support...

https://www.ssllabs.com/ssltest/

carlberg

2017-11-23 17:30

reporter   ~0000828

Last edited: 2017-11-23 17:32

Please send (name and) versions of libcurl, libmicro and openssl packages used.

hmh

2017-11-24 14:53

reporter   ~0000829

Same versions as in message 824.

We do patch easycwmp, but nothing related to this issue (and all patches we use have already been reported to this bug tracker).

carlberg

2018-05-10 13:14

reporter   ~0000863

Last edited: 2018-05-10 13:14

Suddley this is issue is no more, but have been something with the libs or something.

please close issue.

Issue History

Date Modified Username Field Change
2017-11-17 01:39 carlberg New Issue
2017-11-17 10:39 mohamed.kallel Note Added: 0000823
2017-11-18 19:22 carlberg Note Added: 0000824
2017-11-18 22:56 carlberg Note Added: 0000825
2017-11-22 12:00 hmh Note Added: 0000826
2017-11-22 12:00 hmh Note Edited: 0000826
2017-11-23 17:30 carlberg Note Added: 0000828
2017-11-23 17:30 carlberg Note Edited: 0000828
2017-11-23 17:32 carlberg Note Edited: 0000828
2017-11-24 14:53 hmh Note Added: 0000829
2018-05-10 13:14 carlberg Note Added: 0000863
2018-05-10 13:14 carlberg Note Edited: 0000863
2018-05-10 15:09 mohamed.kallel Status new => resolved
2018-05-10 15:09 mohamed.kallel Resolution open => no change required
2018-05-10 15:09 mohamed.kallel Assigned To => mohamed.kallel