View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000304 | easycwmp | Question | public | 2017-11-17 01:39 | 2018-05-10 15:09 |
Reporter | carlberg | Assigned To | mohamed.kallel | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | resolved | Resolution | no change required | ||
Platform | openwrt | OS | chaos calmer | OS Version | 15.05 |
Summary | 0000304: acs url using https gives error | ||||
Description | Using easycwmp 1.4.1 on openwrt 15.05 setting the acs url to use https instead of http gives error. http url works flawless. Using packages: easycwmp_1.4.1_ar71xx.ipk libcurl_7.40.0-3.2_ar71xx.ipk libmicroxml_2015-03-18-caa8d3e6887f5c70e54df555dd78e4e45cfa74cc_ar71xx.ipk ca-certificates_20150426_ar71xx.ipk root@OpenWrt:~# curl -v https://www.google.com Gives successful response, no errors. Log: Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: daemon started Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: external: execute inform device_id Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: external script exit Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: add event '2 PERIODIC' Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: http server initialized Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: entering main loop Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: start session Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: configured acs url https://server:port/acs/ Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: external script init Fri Nov 17 00:25:36 2017 daemon.notice easycwmpd: external: execute inform parameter Fri Nov 17 00:25:38 2017 daemon.notice easycwmpd: send Inform Fri Nov 17 00:25:38 2017 daemon.notice easycwmpd: LibCurl Error: ssl_handshake returned - PolarSSL: (-0x7200) SSL - An invalid SSL record was received Fri Nov 17 00:25:38 2017 daemon.notice easycwmpd: sending http message failed Fri Nov 17 00:25:38 2017 daemon.notice easycwmpd: sending Inform failed Fri Nov 17 00:25:38 2017 daemon.notice easycwmpd: external: execute apply service Fri Nov 17 00:25:38 2017 daemon.notice easycwmpd: external script exit Fri Nov 17 00:25:39 2017 daemon.notice easycwmpd: end session failed Have also tested with libcurl compiled to use OpenSSL, but that gives other error when using https. | ||||
Steps To Reproduce | Change from http to https and restart easycwmpd and use logread -f | ||||
Additional Information | config acs option periodic_enable '1' option periodic_interval '100' option periodic_time '0001-01-01T00:00:00Z' option username 'acs' option password 'acs' option url 'https://server:port/acs/' root@OpenWrt:/# curl -V curl 7.40.0 (mips-openwrt-linux-gnu) libcurl/7.40.0 PolarSSL/1.3.14 Protocols: file ftp ftps http https Features: IPv6 Largefile SSL | ||||
Tags | No tags attached. | ||||
e-mail notification | |||||
|
Reproduced with the last version of easycwmp 1.6.0 ? |
|
yes, exact same error with 1.6.0. easycwmp_1.6.0_ar71xx.ipk libcurl_7.40.0-3.2_ar71xx.ipk libmicroxml_2015-03-18-caa8d3e6887f5c70e54df555dd78e4e45cfa74cc_ar71xx.ipk What version of libcurl are you using? |
|
This works: curl https://www.google.com or some other https site works. |
|
Works here using openwrt 15.05.1+git, easycwmp 1.6.0, and *openssl* (not mbedtls/polarssl). For libcurl+mbedtls, the "ca bundle in single file" version of ca-certificates is required. libcurl+openssl can use either version of ca-certificates, if configured properly. In either case, you must configure things properly so that the certificates are found by libcurl, or easycwmp will reject the connection (which is good). That said, it wouldn't explain the strange SSL error you got. I suggest you use Qualys' SSLlabs to test that ACS, it might be spewing weird crap or using an uncommon algo that limited mbedtls doesn't support... https://www.ssllabs.com/ssltest/ |
|
Please send (name and) versions of libcurl, libmicro and openssl packages used. |
|
Same versions as in message 824. We do patch easycwmp, but nothing related to this issue (and all patches we use have already been reported to this bug tracker). |
|
Suddley this is issue is no more, but have been something with the libs or something. please close issue. |
Date Modified | Username | Field | Change |
---|---|---|---|
2017-11-17 01:39 | carlberg | New Issue | |
2017-11-17 10:39 | mohamed.kallel | Note Added: 0000823 | |
2017-11-18 19:22 | carlberg | Note Added: 0000824 | |
2017-11-18 22:56 | carlberg | Note Added: 0000825 | |
2017-11-22 12:00 | hmh | Note Added: 0000826 | |
2017-11-22 12:00 | hmh | Note Edited: 0000826 | |
2017-11-23 17:30 | carlberg | Note Added: 0000828 | |
2017-11-23 17:30 | carlberg | Note Edited: 0000828 | |
2017-11-23 17:32 | carlberg | Note Edited: 0000828 | |
2017-11-24 14:53 | hmh | Note Added: 0000829 | |
2018-05-10 13:14 | carlberg | Note Added: 0000863 | |
2018-05-10 13:14 | carlberg | Note Edited: 0000863 | |
2018-05-10 15:09 | mohamed.kallel | Status | new => resolved |
2018-05-10 15:09 | mohamed.kallel | Resolution | open => no change required |
2018-05-10 15:09 | mohamed.kallel | Assigned To | => mohamed.kallel |