Hi everyone,
I started to develop a javascript module. In a few words, the idea is to monitor a set of data in OVMS module and to send sometimes data to a public website which offers an API.
This API can be reached through a https post.
So I tried with a few lines of code, and unfortunately, here's what I got:
E (13094212) mongoose: mg_ssl_if_mbed_err 0x3f84693c SSL error: -29312
E (13094222) script: DuktapeHTTPRequest: failed error='SSL error' url='https://api.pushover.net/1/messages.json'
I (13094222) script: error="SSL error"
So reading the documentation, I saw the following note:
SSL requests (https) can take up to 12 seconds on an idle module. SSL errors also may not reflect the actual error, for example an empty server response with code 400 may be reported as a general “SSL error”. If you get “SSL error” on a valid request, you may need to install a custom root CA certificate; see SSL/TLS.
Makes sense, but then I jumped to the other chapter "SSL/TLS", and discovered this command:
OVMS# tls trust list
and here I am stuck. Tried this command through the OVMS shell console: doesn't work. Then in a SSH session: doesn't work.
Please help !!!
Kindly regards
David
I also tried to put a pen file in /store/trustedca/, but no change.
Any idea ?
If the "tls" command doesn't work for you, my first idea would be to check the firmware version. As you can see from the changes.txt file, TLS support has only been released to edge yet.
Also, as Pushover support is a standard component, I already verified that accessing their API with the predefined CA set is possible. IOW you don't need a custom cert.
But my tests also revealed that the pushover API server is often overloaded, in which case you will get an error result and need to retry the send.
Regards,
Michael
Thank you Michael, I add a look to the source code in git, I was thinking that I probably didn't have the right version.
Kindly regards
David
Hi,
I installed the latest version I could find on dexter-web repo.
After running my own script, I have this
I (120924) webserver: HTTP POST /api/execute
I (120934) webcommand: HttpCommandStream[0x3f8527bc]: 3913964 bytes free, executing: script run /store/scripts/test_pushover.js
E (131174) mongoose: mg_ssl_mbed_log 0x3f84d7a8 mbedtls_ssl_fetch_input() returned -29312 (-0x7280)
E (131174) mongoose: mg_ssl_mbed_log 0x3f84d7a8 ssl_get_next_record() returned -29312 (-0x7280)
E (131174) mongoose: mg_ssl_mbed_log 0x3f84d7a8 mbedtls_ssl_read_record() returned -29312 (-0x7280)
E (131174) mongoose: mg_ssl_if_mbed_err 0x3f84d7a8 SSL error: -29312
I (131264) script: [/store/scripts/test_pushover.js:66:OnRequestFail] error="SSL error"
So I tried with the official pushover function, I got this:
(179404) pushover: Sending message test with priority 0
E (191474) mongoose: mg_ssl_mbed_log 0x3f8551ac mbedtls_ssl_fetch_input() returned -29312 (-0x7280)
E (191474) mongoose: mg_ssl_mbed_log 0x3f8551ac ssl_get_next_record() returned -29312 (-0x7280)
E (191474) mongoose: mg_ssl_mbed_log 0x3f8551ac mbedtls_ssl_read_record() returned -29312 (-0x7280)
E (191474) mongoose: mg_ssl_if_mbed_err 0x3f8551ac SSL error: -29312
I (191474) pushover: PushoverMongooseCallback(MG_EV_CONNECT=-3:)
E (191474) pushover: Connection failed
=> same issue !
Any idea on this?
Kindly regards
David
David,
I can confirm that it's now nearly impossible to connect to api.pushover.net. I've had one successful request in about 30 attempts.
After doing some debug traces I'm pretty sure this is caused by the pushover server, most probably because of a very short SSL handshake timeout. The initial SSL handshake of mbedtls takes anywhere from 3 to 10 seconds depending on the current load on the module. Which is arguably much longer than normal (milliseconds on a standard platform), and it's also a potential DoS vector for an API server to allow long SSL handshakes.
But no other https server I've tried has issues with this. So I suggest not depending on pushover, or if you absolutely need to, set up some proxy service to do the API communication.
Regards,
Michael
Thank you for your answer, Michael.
As usual, very clear.
Thanks to have taken time to test it, it is much appreciated.
Kindly regards
David
For what it is worth, I agree with Michael:
$time telnet api.pushover.net 443
Trying 199.115.115.85...
Connected to api.pushover.net.
Escape character is '^]'.
Connection closed by foreign host.
real 0m5.452s
user 0m0.001s
sys 0m0.003s
thank you markwj
it seems pushbullet is an alternative to pushover ?
Pushbullet is twice as good, but still pretty crappy:
$ time telnet api.pushbullet.com 443
Trying 216.58.197.115...
Connected to api.pushbullet.com.
Escape character is '^]'.
Connection closed by foreign host.
real 0m10.124s
user 0m0.001s
sys 0m0.002s
Hi again,
I tried with another API. This time error message is different, maybe not the same issue.
I (14365644) webcommand: HttpCommandStream[0x3f84abec]: 3935288 bytes free, executing: script run /store/scripts/test_niceapi.js
E (14370704) mongoose: mg_ssl_mbed_log 0x3f858ae0 mbedtls_ssl_fetch_input() returned -1 (-0x0001)
E (14370704) mongoose: mg_ssl_mbed_log 0x3f858ae0 ssl_get_next_record() returned -1 (-0x0001)
E (14370704) mongoose: mg_ssl_mbed_log 0x3f858ae0 mbedtls_ssl_read_record() returned -1 (-0x0001)
E (14370704) mongoose: mg_ssl_if_mbed_err 0x3f858ae0 SSL error: -1
I (14370764) script: [/store/scripts/test_niceapi.js:47:OnRequestFail] error="SSL error"
I ran also the time telnet command, but I am not sure to understand results
Your thoughts ?
time telnet niceapi.net 443
Trying 198.38.83.113...
Connected to niceapi.net.
Escape character is '^]'.
Connection closed by foreign host.
real 2m5.625s
user 0m0.019s
sys 0m0.011s
/David
David,
this one was a real bug. The niceapi.net server requires SNI (server name indication), which should have been working but actually wasn't up to now.
The fixed version is on dexters-web in the edge release directory (3.2.010-391-gad039ce0).
Regards,
Michael
PS: …and no, that doesn't affect api.pushover.net.
Thanks a lot, dear Michael !!!
Now the pushover working for me, with 3.2.012-6-g7cf76cde fw.