CCU2 - CUxD cURL+OpenSSL neue Version

Anbindung von FS20-Komponenten, ELV-Wetterstationen, EnOcean und DMX an HomeMatic

Moderator: Co-Administratoren

Antworten
Benutzeravatar
Christian61
Beiträge: 3
Registriert: 16.04.2014, 21:33

CCU2 - CUxD cURL+OpenSSL neue Version

Beitrag von Christian61 » 16.03.2019, 09:56

Hallo,
hat jemand eine Version von cURL mit OpenSSL 1.0.1 oder höher für die CCU2 ?

Die cURL/OpenSSL Version in CUxD 2.2 kann leider noch kein TLS1.2
(..TLS 1.2 support is from OpenSSL version 1.0.1.)

CCU cURL version:

Code: Alles auswählen

# /usr/local/addons/cuxd/extra/curl -V
curl 7.46.0 (arm-unknown-linux-gnu) libcurl/7.46.0 OpenSSL/1.0.0j zlib/1.2.7
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: IPv6 Largefile NTLM NTLM_WB SSL libz UnixSockets


Einige Server lassen https calls nur noch mit TLS 1.2 zu, wie hier zu sehen -
mit OpenSSL 1.0.0. geht es nicht mehr...

Code: Alles auswählen

# /usr/local/addons/cuxd/extra/curl https://api.coindesk.com/v1/bpi/currentprice.json --verbose
*   Trying 52.85.246.20...
* Connected to api.coindesk.com (52.85.246.20) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* TLSv1.0 (OUT), TLS handshake, Client hello (1):
* TLSv1.0 (IN), TLS alert, Server hello (2):
* error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

mit cURL+OpenSSL 1.0.1 gehts...
siehe: SSL connection using TLSv1.2

Code: Alles auswählen

curl https://api.coindesk.com/v1/bpi/currentprice.json -verbose
*   Trying 143.204.192.41...
* TCP_NODELAY set
* Connected to api.coindesk.com (143.204.192.41) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=api.coindesk.com
*  start date: Nov  5 00:00:00 2018 GMT
*  expire date: Dec  5 12:00:00 2019 GMT
*  subjectAltName: host "api.coindesk.com" matched cert's "api.coindesk.com"
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fc6b1806600)
> GET /v1/bpi/currentprice.json HTTP/2
> Host: api.coindesk.com
> User-Agent: curl/7.54.0
> Accept: */*
> Referer: rbose
> 
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200 
< content-type: application/javascript
< content-length: 673
< access-control-allow-origin: *
< cache-control: max-age=15
< date: Sat, 16 Mar 2019 08:51:55 GMT
< expires: Sat, 16 Mar 2019 08:52:07 UTC
< server: nginx/1.14.1
< x-powered-by: Fat-Free Framework
< x-cache: Miss from cloudfront
< via: 1.1 5eade7e5ebbbd665bf0f8d23a84cc713.cloudfront.net (CloudFront)
< x-amz-cf-id: Q9qjKaFflNC5FY8c4v7a6MP6tdNvX_Q1zhlFI0418lmlZS3MMC-FEQ==
< 
* Connection #0 to host api.coindesk.com left intact
{"time":{"updated":"Mar 16, 2019 08:51:00 UTC","updatedISO":"2019-03-16T08:51:00+00:00","updateduk":"Mar 16, 2019 at 08:51 GMT"},"disclaimer":"This data was produced from the CoinDesk Bitcoin Price Index (USD). Non-USD currency data converted using hourly conversion rate from openexchangerates.org","chartName":"Bitcoin","bpi":{"USD":{"code":"USD","symbol":"&#36;","rate":"4,027.4183","description":"United States Dollar","rate_float":4027.4183},"GBP":{"code":"GBP","symbol":"&pound;","rate":"3,026.2021","description":"British Pound Sterling","rate_float":3026.2021},"EUR":{"code":"EUR","symbol":"&euro;","rate":"3,553.3912","description":"Euro","rate_float":3553.3912}}}

Gruss,
Christian
Nach oben
mademyday
Beiträge: 272
Registriert: 03.10.2014, 12:46
System: CCU
Wohnort: Enzkreis
Hat sich bedankt: 3 Mal
Danksagung erhalten: 43 Mal

Re: CCU2 - CUxD cURL+OpenSSL neue Version

Beitrag von mademyday » 01.12.2019, 09:03

Hallo!

Gibt es dazu Neuigkeiten?

Wäre es möglich eine aktualisierte Version von curl/openssl für die CCU2 zu bekommen?
Wer kann sowas "erstellen"/bereitstellen?

cu
Nach oben
mademyday
Beiträge: 272
Registriert: 03.10.2014, 12:46
System: CCU
Wohnort: Enzkreis
Hat sich bedankt: 3 Mal
Danksagung erhalten: 43 Mal

Re: CCU2 - CUxD cURL+OpenSSL neue Version

Beitrag von mademyday » 14.12.2019, 16:40

nach Update der CCU2-Firmware auf v2.49.18 hat die CCU2 jetzt eine aktualisierte curl-Version:

Code: Alles auswählen

# which curl
/usr/bin/curl
#
# curl -V
curl 7.65.0 (arm-buildroot-linux-gnueabi) libcurl/7.65.0 OpenSSL/1.1.1c zlib/1.2.11
Release-Date: 2019-05-22
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS HTTPS-proxy IPv6 Largefile libz NTLM SSL TLS-SRP UnixSockets
Nach oben
Antworten

Zurück zu „CUxD“