Toon app: Buienradar

Forum about the tweaking of the Eneco Toon.

Moderator: marcelr

Re: Toon app: Buienradar

Postby jnieuw » Wed Apr 18, 2018 11:12 am

Here is
Code: Select all
/etc/ssl/certs/


Code: Select all
lrwxrwxrwx    1 root     root            62 Apr 16 16:44 09789157.0 -> Starfield_Services_CA-G2-12-2037-dpc_qutility-hcb_bxtproxy.pem
lrwxrwxrwx    1 root     root            49 Apr 16 16:44 2c543cd1.0 -> GeoTrust_Global_CA-05-2022-Myfox_API-hdrv_hue.pem
lrwxrwxrwx    1 root     root            35 Apr 16 16:44 2e5ac55d.0 -> DST_Root_CA_X3-meethue-hdrv_hue.pem
lrwxrwxrwx    1 root     root            52 Apr 16 16:44 3513523f.0 -> DigiCert_GlobalRoot_CA-11-2031-Buienradar-qt-gui.pem
lrwxrwxrwx    1 root     root            33 Apr 16 16:44 5a4d6896.0 -> GovernmentoftheNetherlands_G3.pem
lrwxrwxrwx    1 root     root            22 Apr 16 16:44 5ad8a5d6.0 -> GlobalSign_Root_CA.pem
lrwxrwxrwx    1 root     root            19 Apr 16 16:44 6354599d.0 -> ca-certificates.crt
lrwxrwxrwx    1 root     root            55 Apr 16 16:44 8d28ae65.0 -> comodo-rsa-domain-validation-sha-2-w-root.ca-bundle.pem
lrwxrwxrwx    1 root     root            78 Apr 16 06:02 Comodo_RSA_CA-01-2038-Quby_Countly-hcb_bxtproxy.pem -> /usr/share/ca-certificates/Comodo_RSA_CA-01-2038-Quby_Countly-hcb_bxtproxy.crt
lrwxrwxrwx    1 root     root            79 Apr 16 06:02 DigiCert_GlobalRoot_CA-11-2031-Buienradar-qt-gui.pem -> /usr/share/ca-certificates/DigiCert_GlobalRoot_CA-11-2031-Buienradar-qt-gui.crt
lrwxrwxrwx    1 root     root            71 Apr 17 21:55 DigiCert_Global_Root_CA-meethue-hdrv_hue.pem -> /usr/share/ca-certificates/DigiCert_Global_Root_CA-meethue-hdrv_hue.crt
-rw-r--r--    1 root     root          1360 Jan 11 08:21 DigiCert_Global_Root_CA.pem
lrwxrwxrwx    1 root     root            76 Apr 16 06:02 GeoTrust_Global_CA-05-2022-Myfox_API-hdrv_hue.pem -> /usr/share/ca-certificates/GeoTrust_Global_CA-05-2022-Myfox_API-hdrv_hue.crt
lrwxrwxrwx    1 root     root            57 Apr 17 21:55 GlobalSign_Root_CA.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt
-rw-r--r--    1 root     root          1952 Jan 11 08:21 GovernmentoftheNetherlands_G3.pem
lrwxrwxrwx    1 root     root            89 Apr 16 06:02 Starfield_Services_CA-G2-12-2037-dpc_qutility-hcb_bxtproxy.pem -> /usr/share/ca-certificates/Starfield_Services_CA-G2-12-2037-dpc_qutility-hcb_bxtproxy.crt
lrwxrwxrwx    1 root     root            99 Apr 16 06:02 VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem -> /usr/share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
lrwxrwxrwx    1 root     root            64 Apr 16 16:44 b204d74a.0 -> VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem
-rw-r--r--    1 root     root          2342 Apr 16 06:10 ca-bundle.crt
-rw-r--r--    1 root     root         11904 Apr 17 21:55 ca-certificates.crt
-rw-r--r--    1 root     root          9181 Apr 17 06:02 ca-certificates.crt.tsc_backup
-rw-r--r--    1 root     root          5714 Jan 11 08:21 comodo-rsa-domain-validation-sha-2-w-root.ca-bundle.pem
lrwxrwxrwx    1 root     root            51 Apr 16 16:44 d6325660.0 -> Comodo_RSA_CA-01-2038-Quby_Countly-hcb_bxtproxy.pem
lrwxrwxrwx    1 root     root            13 Apr 16 16:44 e58eb220.0 -> ca-bundle.crt
lrwxrwxrwx    1 root     root            44 Apr 16 06:02 eneco.pem -> /usr/share/ca-certificates/mozilla/eneco.crt
jnieuw
Starting Member
Starting Member
 
Posts: 29
Joined: October 2017

Re: Toon app: Buienradar

Postby Toonz » Thu Apr 19, 2018 7:50 am

mine looks like this, I see more entries in your folder.

Capture.PNG
Capture.PNG (33.13 KiB) Viewed 627 times
Toonz
Advanced Member
Advanced Member
 
Posts: 575
Joined: December 2016

Re: Toon app: Buienradar

Postby jnieuw » Thu Apr 19, 2018 2:05 pm

Is it possible for you to export those? btw if I use openssl to check the api.buienradar.nl certificate it's OK. That would mean my certificates are OK(?):

Code: Select all
openssl s_client -showcerts -connect api.buienradar.nl:443
WARNING: can't open config file: /usr/lib/ssl/openssl.cnf
CONNECTED(00000003)
1074599120:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s                                                                                                                                                             23_clnt.c:794:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 307 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1524142434
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---


Last row:
Code: Select all
Verify return code: 0 (ok)


Check for gadgets.buienradar.nl
Code: Select all
openssl s_client -showcerts -connect gadgets.buienradar.nl:443
WARNING: can't open config file: /usr/lib/ssl/openssl.cnf
CONNECTED(00000003)
1074590928:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 307 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1524142643
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---


And xml.buienradar.nl
Code: Select all
openssl s_client -showcerts -connect xml.buienradar.nl:443
WARNING: can't open config file: /usr/lib/ssl/openssl.cnf
CONNECTED(00000003)
1074410704:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 307 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1524142769
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---


Is there a way to log the connection?
jnieuw
Starting Member
Starting Member
 
Posts: 29
Joined: October 2017

Re: Toon app: Buienradar

Postby Toonz » Thu Apr 19, 2018 4:41 pm

I don't think openssl is used by Toon. It is using the XMLhttprequest object within QT.
The openssl.conf file is in the folder /etc/ssl by the way
Toonz
Advanced Member
Advanced Member
 
Posts: 575
Joined: December 2016

Re: Toon app: Buienradar

Postby jnieuw » Fri Apr 20, 2018 6:50 am

Hi Toon,

Is your code open? Or could you send me the part where the https connection is done? I just want to know what and where it goes wrong.
jnieuw
Starting Member
Starting Member
 
Posts: 29
Joined: October 2017

Re: Toon app: Buienradar

Postby marcelr » Fri Apr 20, 2018 7:42 am

The apps all have plain text code, which is stored in /HCBv2/qml/apps/<app_name>/
So you can go there and have a look.
marcelr
Advanced Member
Advanced Member
 
Posts: 815
Joined: May 2012
Location: Ehv

Re: Toon app: Buienradar

Postby jnieuw » Fri Apr 20, 2018 8:05 am

marcelr wrote:The apps all have plain text code, which is stored in /HCBv2/qml/apps/<app_name>/
So you can go there and have a look.

Thank you
jnieuw
Starting Member
Starting Member
 
Posts: 29
Joined: October 2017

Re: Toon app: Buienradar

Postby jnieuw » Fri Apr 20, 2018 9:35 am

Ok, I removed (some) of the https calls and redirected them to a http server and now buienrader is working again, so something is definitely screwed up in my qt or certificates.
Could someone post his/her /etc/ca-certificates.conf file?
jnieuw
Starting Member
Starting Member
 
Posts: 29
Joined: October 2017

Re: Toon app: Buienradar

Postby jnieuw » Fri Apr 20, 2018 10:22 am

Ok, fixed it. Did some changes to the buienradar/regen urls (to make sure it does not get the 301 redirects). Removed all the files in /etc/ssl/certs, did a update-ca-certifcates, reboot and all is working fine again.
Don't now how the certifcates got scrambled in the first place.
jnieuw
Starting Member
Starting Member
 
Posts: 29
Joined: October 2017

Re: Toon app: Buienradar

Postby Toonz » Fri Apr 20, 2018 1:10 pm

jnieuw wrote:Ok, fixed it. Did some changes to the buienradar/regen urls (to make sure it does not get the 301 redirects). Removed all the files in /etc/ssl/certs, did a update-ca-certifcates, reboot and all is working fine again.
Don't now how the certifcates got scrambled in the first place.

Thanks for the feedback. Haven't seen this before, hope it is a one-off occurrence.
Toonz
Advanced Member
Advanced Member
 
Posts: 575
Joined: December 2016

Previous

Return to Eneco Toon as Domotica controller

Who is online

Users browsing this forum: madpatrick and 1 guest