Bug #204
geschlossen
Automatically rejecting certificate / Peer cert not accepted
Von DieterK vor mehr als 5 Jahren hinzugefügt.
Vor mehr als 5 Jahren aktualisiert.
Beschreibung
AqBanking suddenly stopped working today.
I now only see the following error messages:
#aqhbci-tool4 getbankinfo -u 1
5:2020/03/25 10-22-47:aqbanking(14748):siotlsext.c: 229: Found matching certificate "2B:44:72:60:51:3F:02:E5:59:3B:D2:FC:C9:B7:41:6D" with same status
5:2020/03/25 10-22-47:aqbanking(14748):siotlsext.c: 255: Automatically rejecting certificate [2B:44:72:60:51:3F:02:E5:59:3B:D2:FC:C9:B7:41:6D] (-108)
3:2020/03/25 10-22-47:gwen(14748):syncio_tls.c: 1391: Peer cert not accepted (-108), aborting
Es konnte keine Verbindung zum Server aufgebaut werden.
3:2020/03/25 10-22-47:aqhbci(14748):dialog.c: 299: Error sending message for dialog (-108)
Unable to send (network error)
3:2020/03/25 10-22-47:aqhbci(14748):provider_online.c: 133: Job has errors
3:2020/03/25 10-22-47:aqhbci-tool(14748):getbankinfo.c: 116: Error -1 [Generic error]
3:2020/03/25 10-22-47:aqhbci-tool(14748):aqhbci-tool.c: 275: Error calling control function (3)
What could be the reason for that? This happens with very different banks.
Not sure if this is a problem with the version of aqbanking?
I already tried to compile the newest version of aqbanking (5.2.0), but i'm stuck here:
(make)
- /usr/local/bin/xmlmerge -v --compact -o accountjobs.xml ./jobgetbalance.xml ./jobgettransactions.xml ./jobgettrans_camt.xml ./jobforeignxferwh.xml ./jobloadcellphone.xml ./jobsepadebitdatedsinglecreate.xml ./jobsepadebitdatedmulticreate.xml ./jobsepacor1datedmulticreate.xml ./jobsepaxfermulti.xml ./jobsepaxfersingle.xml ./jobsepadebitsingle.xml ./jobsepacor1datedsinglecreate.xml ./jobsepastandingordercreate.xml ./jobsepastandingorderget.xml ./jobsepastandingordermodify.xml ./jobsepastandingorderdelete.xml ./jobgetestatements.xml
/usr/local/bin/xmlmerge: error while loading shared libraries: libgwenhywfar.so.79: cannot open shared object file: No such file or directory
But /usr/local/lib/libgwenhywfar.so.79 exists...
Thank you very much.
Dieter
- AqBanking-Version wurde von 5.99.44 zu 6.1.4 geändert
Same problem with aqbanking 6.1.4 :-(
It may exist but is not found by the loader. Die you run ldconfig after upgrading? If not do it as root.
ipwizard schrieb:
It may exist but is not found by the loader. Die you run ldconfig after upgrading? If not do it as root.
Thanks, i found this problem and the new version is working. But i still can‘t access my bank accounts :-(
Example with 6.1.4:
- aqbanking-cli -P /home/banking/data/pinfile request --aid=2 --ctxfile=/home/banking/balance/result_02.ctx --balance
3:2020/03/26 10-35-47:aqbanking-cli(8973):provider_sendcmd.c: 115: Handling user "aapp"
5:2020/03/26 10-35-47:aqbanking(8973):siotlsext.c: 229: Found matching certificate "2B:44:72:60:51:3F:02:E5:59:3B:D2:FC:C9:B7:41:6D" with same status
5:2020/03/26 10-35-47:aqbanking(8973):siotlsext.c: 255: Automatically rejecting certificate [2B:44:72:60:51:3F:02:E5:59:3B:D2:FC:C9:B7:41:6D] (-108)
3:2020/03/26 10-35-47:gwen(8973):syncio_tls.c: 1391: Peer cert not accepted (-108), aborting
Es konnte keine Verbindung zum Server aufgebaut werden.
3:2020/03/26 10-35-47:aqhbci(8973):dialog.c: 299: Error sending message for dialog (-108)
Unable to send (network error)
3:2020/03/26 10-35-47:aqhbci(8973):outbox.c: 908: Error performing queue (-108)
3:2020/03/26 10-35-47:aqhbci(8973):job_virtual.c: 277: No segment results
There must be some problems with the certs, but not sure how i can reset this problem.
- aqbanking-cli versions
Versions:
AqBanking-CLI: 6.1.4
Gwenhywfar : 5.2.0.0
AqBanking : 6.1.4.0
I think I have seen this before (ran into the same scenario). The cause was that I was presented a (new) certificate and pressed 'no' to the question if I want to accept it at the time, because I wanted to check it before I accept it, but did not have the time to do it right away. The assumption, that I will be asked again in a future run was wrong.
I kind of remember that I deleted some information from a file in the ~/.aqbanking directory structure, but I can't remember which one it was. Could be, that it was one of these
./shared/certs
./settings/shared/certs.conf
./settings6/shared/certs.conf
but I am not sure and might be mistaken. Somewhere, aqbanking/gwenhywfar keeps information about the acceptance of the certificate and you have to get rid of it in order to continue. Maybe Martin can provide more details about the location.
- Status wurde von New zu Feedback geändert
Good idea... Maybew we should not save rejected certificates but only info about accepted certs, that way you would always be asked again for not-accepted certs to accept...
Anyway, regarding the situation at hand: Current versions of aqbanking store the info about rejected certs in the user settings ($HOME/.aqbanking/settings6/users/*.conf). Look for the cert there and change "int userResponse=x" to "int userResponse=0".
If the cert cannot be found there then it might still be in $HOME/.aqbanking/settings/shared/certs.conf", just delete that file (you might then be asked again for all the certs in the file to accept them).
- Status wurde von Feedback zu Closed geändert
Should be fixed in current versions of AqBanking/Gwen.
Auch abrufbar als: Atom
PDF