[vz-users] Debugging von SSL Problemen

Andreas Götz cpuidle at gmail.com
Sat Jun 22 14:47:54 CEST 2019 

Kommst Du denn mit curl auf der Kommandozeile dahin? Was gibt curl mit -v aus? 

Ich kann nur vermuten, dass mit dem Zertifikat irgendwas nicht stimmt- Fehler in libcurl erscheint mir sehr unwahrscheinlich?

Viele Grüße,
Andreas

> Am 22.06.2019 um 14:32 schrieb Claas H. Köhler <claashk at web.de>:
> 
> Hallo,
> 
> heute hatte ich wieder etwas Zeit, mich dem Problem zu widmen. Dazu habe
> ich auf Vorschlag von Matthias die Zeilen
> 
> curl_easy_setopt(_api.curl, CURLOPT_SSL_VERIFYPEER, 0L);
> curl_easy_setopt(_api.curl, CURLOPT_SSL_VERIFYHOST, 0L);
> 
> in /src/api/Volkszaehler.cpp eingefügt und im höchsten debug level getestet. Das Resultat ist die gleiche Fehlermeldung wie bei Joerg:
> 
> [Jun 22 12:23:51][chn1] CURL: Connected to our.home (192.168.178.5) port
> 443 (#0)
> [Jun 22 12:23:51][chn0] CURL: Sent '^A' bytes
> [Jun 22 12:23:51][chn1] CURL: ALPN, offering http/1.1
> [Jun 22 12:23:51][chn1] CURL: Sent 5 bytes..
> [Jun 22 12:23:51][chn1] CURL: Sent '^V^C^A' bytes
> [Jun 22 12:23:51][chn1] CURL: TLSv1.2 (OUT), TLS handshake, Client hello
> (1):
> [Jun 22 12:23:51][chn1] CURL: Sent 203 bytes..
> [Jun 22 12:23:51][chn1] CURL: Sent '^A' bytes
> [Jun 22 12:23:51][chn0] CURL: Received 5 bytes
> [Jun 22 12:23:51][chn0] CURL: Received '^U^C^C' bytes
> [Jun 22 12:23:51][chn0] CURL: TLSv1.2 (IN), TLS alert, Server hello (2):
> [Jun 22 12:23:51][chn0] CURL: Received 2 bytes
> [Jun 22 12:23:51][chn0] CURL: Received '^B
> ' bytes
> [Jun 22 12:23:51][chn0] CURL: error:140943F2:SSL
> routines:ssl3_read_bytes:sslv3 alert unexpected message
> [Jun 22 12:23:51][chn0] CURL: stopped the pause stream!
> 
> Gibt es dafür schon einen Bug report ?
> 
> Viele Grüße
> Claas
> 
> 
>> On 6/12/19 9:43 PM, Joerg Krohn wrote:
>> Hi,
>> 
>> ich habe das gleiche Problem schon seit langem, deswegen hab ich wieder
>> auf http umgestellt.
>> 
>> Anbei jedoch die Meldungen, die bei mir mit https auftreten.
>> 
>>> Kannst du mal ein log File schicken? (vzlogger.log) Prinzipiell
>>> sollte das gehen (aber es gibt viele Fallstricke).
>> debug level 15
>> [Jun 12 21:27:45][chn0] CURL:   Trying 87.230.93.240...
>> [Jun 12 21:27:45][chn0] CURL: TCP_NODELAY set
>> [Jun 12 21:27:45][chn0] CURL: Connected to vs02.gh26.net (87.230.93.240) port 440 (#0)
>> [Jun 12 21:27:45][chn0] CURL: ALPN, offering http/1.1
>> [Jun 12 21:27:45][chn0] CURL: Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
>> [Jun 12 21:27:48][chn0] CURL: successfully set certificate verify locations:
>> [Jun 12 21:27:48][chn0] CURL:   CAfile: /etc/ssl/certs/ca-certificates.crt
>> [Jun 12 21:27:48][chn0] CURL: TLSv1.2 (OUT), TLS header, Certificate Status (22):
>> [Jun 12 21:27:48][chn0] CURL: Sent 5 bytes..
>> [Jun 12 21:27:48][chn0] CURL: Sent '^V^C^A^B' bytes
>> [Jun 12 21:27:48][chn0] CURL: TLSv1.2 (OUT), TLS handshake, Hello request (0):
>> [Jun 12 21:27:48][chn0] CURL: Sent 512 bytes..
>> [Jun 12 21:27:48][chn0] CURL: Sent '' bytes
>> [Jun 12 21:27:48][chn0] CURL: Received 5 bytes
>> [Jun 12 21:27:48][chn0] CURL: Received '^V^C^C' bytes
>> [Jun 12 21:27:48][chn0] CURL: TLSv1.2 (IN), TLS handshake, Server hello (2):
>> [Jun 12 21:27:48][chn0] CURL: Received 108 bytes
>> [Jun 12 21:27:48][chn0] CURL: Received '^B' bytes
>> [Jun 12 21:27:48][chn0] CURL: Received 5 bytes
>> [Jun 12 21:27:48][chn0] CURL: TLSv1.2 (IN), TLS handshake, Certificate (11):
>> [Jun 12 21:27:48][chn0] CURL: Received 2554 bytes
>> [Jun 12 21:27:48][chn0] CURL: Received '^K' bytes
>> [Jun 12 21:27:48][chn0] CURL: Received 5 bytes
>> [Jun 12 21:27:49][chn0] CURL: Received '^V^C^C^AM' bytes
>> [Jun 12 21:27:49][chn0] CURL: TLSv1.2 (IN), TLS handshake, Server key exchange (12):
>> [Jun 12 21:27:49][chn0] CURL: Received 333 bytes
>> [Jun 12 21:27:49][chn0] CURL: Received '^L' bytes
>> [Jun 12 21:27:49][chn0] CURL: Received 5 bytes
>> [Jun 12 21:27:49][chn0] CURL: Received '^V^C^C' bytes
>> [Jun 12 21:27:49][chn0] CURL: TLSv1.2 (IN), TLS handshake, Server finished (14):
>> [Jun 12 21:27:49][chn0] CURL: Received 4 bytes
>> [Jun 12 21:27:49][chn0] CURL: Received '^N' bytes
>> [Jun 12 21:27:49][chn0] CURL: Sent 5 bytes..
>> [Jun 12 21:27:50][chn0] CURL: Sent '^V^C^C' bytes
>> [Jun 12 21:27:50][chn0] CURL: TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
>> [Jun 12 21:27:50][chn0] CURL: Sent 70 bytes..
>> [Jun 12 21:27:50][chn0] CURL: Sent '^P' bytes
>> [Jun 12 21:27:50][chn0] CURL: Sent 5 bytes..
>> [Jun 12 21:27:50][chn0] CURL: Sent '^T^C^C' bytes
>> [Jun 12 21:27:50][chn0] CURL: TLSv1.2 (OUT), TLS change cipher, Client hello (1):
>> [Jun 12 21:27:50][chn0] CURL: Sent 1 bytes..
>> [Jun 12 21:27:50][chn0] CURL: Sent '^A' bytes
>> [Jun 12 21:27:50][chn0] CURL: Sent 5 bytes..
>> [Jun 12 21:27:50][chn0] CURL: Sent '^V^C^C' bytes
>> [Jun 12 21:27:50][chn0] CURL: TLSv1.2 (OUT), TLS handshake, Finished (20):
>> [Jun 12 21:27:50][chn0] CURL: Sent 16 bytes..
>> [Jun 12 21:27:50][chn0] CURL: Sent '^T' bytes
>> CURL: Received 5 bytes
>> [Jun 12 21:27:50][chn0] CURL: Received '^U^C^C' bytes
>> [Jun 12 21:27:50][chn0] CURL: TLSv1.2 (IN), TLS alert, Server hello (2):
>> [Jun 12 21:27:50][chn0] CURL: Received 2 bytes
>> [Jun 12 21:27:50][chn0] CURL: Received '^B
>> [Jun 12 21:27:50][chn0] CURL: error:140943F2:SSL routines:ssl3_read_bytes:sslv3 alert unexpected message
>> [Jun 12 21:27:50][chn0] CURL: Curl_http_done: called premature == 1
>> [Jun 12 21:27:50][chn0] CURL: stopped the pause stream!
>> [Jun 12 21:27:50][chn0] CURL: Closing connection 0
>> [Jun 12 21:27:51][chn0] CURL: SSL connect error
>> 
>> 
>>> Schick bitte auch mal von dem curl Aufruf der funktioniert eine „curl
>>> -V“ Ausgabe. Und der manuelle curl Aufruf klappt auch von dem Rechner
>>> (rpi?) aus, auf dem vzlogger läuft, oder?
>> curl vom RPI geht, hier die Ausgabe:
>> curl https://vs02.gh26.net:440/middleware.php/channel/a5ca4660-d345-11e1-8224-b7f4802b7543.json
>> {
>>         "version": "0.3",
>>         "entity": {
>>                 "uuid": "a5ca4660-d345-11e1-8224-b7f4802b7543",
>>                 "type": "electric meter",
>>                 "cost": 0.00019766,
>>                 "description": "RWE WP",
>>                 "public": true,
>>                 "resolution": 1,
>>                 "title": "Strom Zaehler WP"
>>         },
>> [..]
>> 
>> curl -V
>> curl 7.52.1 (arm-unknown-linux-gnueabihf) libcurl/7.52.1 OpenSSL/1.0.2q zlib/1.2.8 libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 librtmp/2.3
>> Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
>> Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM
>> NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
>> 
>> Viele Grüße
>> Jörg
> 
>

More information about the volkszaehler-users mailing list