Project

General

Profile

Bug #204

Automatically rejecting certificate / Peer cert not accepted

Added by DieterK 3 months ago. Updated 3 months ago.

Status:
Closed
Priority:
High
Category:
AqBanking
Start date:
03/25/2020
Due date:
Betriebssystem:
Linux
AqBanking-Version:
6.1.4
Anwendung:
aqbanking-cli
Version der Anwendung:

Description

AqBanking suddenly stopped working today.

I now only see the following error messages:

#aqhbci-tool4 getbankinfo -u 1
5:2020/03/25 10-22-47:aqbanking(14748):siotlsext.c: 229: Found matching certificate "2B:44:72:60:51:3F:02:E5:59:3B:D2:FC:C9:B7:41:6D" with same status
5:2020/03/25 10-22-47:aqbanking(14748):siotlsext.c: 255: Automatically rejecting certificate [2B:44:72:60:51:3F:02:E5:59:3B:D2:FC:C9:B7:41:6D] (-108)
3:2020/03/25 10-22-47:gwen(14748):syncio_tls.c: 1391: Peer cert not accepted (-108), aborting
Es konnte keine Verbindung zum Server aufgebaut werden.
3:2020/03/25 10-22-47:aqhbci(14748):dialog.c: 299: Error sending message for dialog (-108)
Unable to send (network error)
3:2020/03/25 10-22-47:aqhbci(14748):provider_online.c: 133: Job has errors
3:2020/03/25 10-22-47:aqhbci-tool(14748):getbankinfo.c: 116: Error -1 [Generic error]
3:2020/03/25 10-22-47:aqhbci-tool(14748):aqhbci-tool.c: 275: Error calling control function (3)

What could be the reason for that? This happens with very different banks.

Not sure if this is a problem with the version of aqbanking?
I already tried to compile the newest version of aqbanking (5.2.0), but i'm stuck here:

(make)
  1. /usr/local/bin/xmlmerge -v --compact -o accountjobs.xml ./jobgetbalance.xml ./jobgettransactions.xml ./jobgettrans_camt.xml ./jobforeignxferwh.xml ./jobloadcellphone.xml ./jobsepadebitdatedsinglecreate.xml ./jobsepadebitdatedmulticreate.xml ./jobsepacor1datedmulticreate.xml ./jobsepaxfermulti.xml ./jobsepaxfersingle.xml ./jobsepadebitsingle.xml ./jobsepacor1datedsinglecreate.xml ./jobsepastandingordercreate.xml ./jobsepastandingorderget.xml ./jobsepastandingordermodify.xml ./jobsepastandingorderdelete.xml ./jobgetestatements.xml
    /usr/local/bin/xmlmerge: error while loading shared libraries: libgwenhywfar.so.79: cannot open shared object file: No such file or directory

But /usr/local/lib/libgwenhywfar.so.79 exists...

Thank you very much.

Dieter

History

#1 Updated by DieterK 3 months ago

  • AqBanking-Version changed from 5.99.44 to 6.1.4

Same problem with aqbanking 6.1.4 :-(

#2 Updated by ipwizard 3 months ago

It may exist but is not found by the loader. Die you run ldconfig after upgrading? If not do it as root.

#3 Updated by DieterK 3 months ago

ipwizard schrieb:

It may exist but is not found by the loader. Die you run ldconfig after upgrading? If not do it as root.

Thanks, i found this problem and the new version is working. But i still can‘t access my bank accounts :-(

#4 Updated by DieterK 3 months ago

Example with 6.1.4:

  1. aqbanking-cli -P /home/banking/data/pinfile request --aid=2 --ctxfile=/home/banking/balance/result_02.ctx --balance
    3:2020/03/26 10-35-47:aqbanking-cli(8973):provider_sendcmd.c: 115: Handling user "aapp"
    5:2020/03/26 10-35-47:aqbanking(8973):siotlsext.c: 229: Found matching certificate "2B:44:72:60:51:3F:02:E5:59:3B:D2:FC:C9:B7:41:6D" with same status
    5:2020/03/26 10-35-47:aqbanking(8973):siotlsext.c: 255: Automatically rejecting certificate [2B:44:72:60:51:3F:02:E5:59:3B:D2:FC:C9:B7:41:6D] (-108)
    3:2020/03/26 10-35-47:gwen(8973):syncio_tls.c: 1391: Peer cert not accepted (-108), aborting
    Es konnte keine Verbindung zum Server aufgebaut werden.
    3:2020/03/26 10-35-47:aqhbci(8973):dialog.c: 299: Error sending message for dialog (-108)
    Unable to send (network error)
    3:2020/03/26 10-35-47:aqhbci(8973):outbox.c: 908: Error performing queue (-108)
    3:2020/03/26 10-35-47:aqhbci(8973):job_virtual.c: 277: No segment results

There must be some problems with the certs, but not sure how i can reset this problem.

#5 Updated by DieterK 3 months ago

  1. aqbanking-cli versions
    Versions:
    AqBanking-CLI: 6.1.4
    Gwenhywfar : 5.2.0.0
    AqBanking : 6.1.4.0

#6 Updated by ipwizard 3 months ago

I think I have seen this before (ran into the same scenario). The cause was that I was presented a (new) certificate and pressed 'no' to the question if I want to accept it at the time, because I wanted to check it before I accept it, but did not have the time to do it right away. The assumption, that I will be asked again in a future run was wrong.

I kind of remember that I deleted some information from a file in the ~/.aqbanking directory structure, but I can't remember which one it was. Could be, that it was one of these

./shared/certs
./settings/shared/certs.conf
./settings6/shared/certs.conf

but I am not sure and might be mistaken. Somewhere, aqbanking/gwenhywfar keeps information about the acceptance of the certificate and you have to get rid of it in order to continue. Maybe Martin can provide more details about the location.

#7 Updated by martin 3 months ago

  • Status changed from New to Feedback

Good idea... Maybew we should not save rejected certificates but only info about accepted certs, that way you would always be asked again for not-accepted certs to accept...

Anyway, regarding the situation at hand: Current versions of aqbanking store the info about rejected certs in the user settings ($HOME/.aqbanking/settings6/users/*.conf). Look for the cert there and change "int userResponse=x" to "int userResponse=0".

If the cert cannot be found there then it might still be in $HOME/.aqbanking/settings/shared/certs.conf", just delete that file (you might then be asked again for all the certs in the file to accept them).

#8 Updated by martin 3 months ago

  • Status changed from Feedback to Closed

Should be fixed in current versions of AqBanking/Gwen.

Also available in: Atom PDF