Comments (15)
What's the output from this?
openssl s_client -connect piaware.flightaware.com:1200 -showcerts -CAfile /usr/lib/piaware_packages/ca/flightaware-root.cert.pem
from piaware.
Here is it (see the attachment).
output.txt
from piaware.
Hm, that seems fine.
Can you uncomment line 236 of /usr/lib/piaware_packages/fa_adept_client.tcl and see what it logs when piaware tries to connect?
# obtain information about the TLS session we negotiated
set tlsStatus [::tls::status $sock]
logger "TLS status: $tlsStatus" ;### uncomment this line
from piaware.
Here is the new line in the debug log:
2017-04-29 22:40:36Z Connecting to FlightAware adept server at piaware.flightaware.com/1200
2017-04-29 22:40:36Z Connection with adept server at piaware.flightaware.com/1200 established
2017-04-29 22:40:36Z TLS handshake with adept server at piaware.flightaware.com/1200 completed
2017-04-29 22:40:36Z TLS status: sbits 0
2017-04-29 22:40:36Z Certificate validation with adept server at piaware.flightaware.com/1200 failed: required field 'subject' is missing
2017-04-29 22:40:36Z reconnecting in 51 seconds...
from piaware.
That is pretty weird. It may be a problem with Arch's tcltls package. The TLS handshake says it is succeeding, but then returns no useful info about the negotiated connection.
from piaware.
Thanks for your answer @mutability. So, should I contact the maintainer referring to this issue?
The packages are available here:
from piaware.
I built a standalone testcase, can you try this:
https://gist.github.com/mutability/8cc5e34aa57e262c23bc816a76a068ed
Normal output looks like this:
$ ./tls.tcl
establishing connection
importing socket
handshaking
callback: info sock115f688 handshake start {before/connect initialization}
callback: info sock115f688 connect loop {before/connect initialization}
callback: info sock115f688 connect loop {unknown state}
callback: info sock115f688 connect exit {unknown state}
handshake: returned 0
handshaking
callback: info sock115f688 connect loop {unknown state}
callback: verify sock115f688 2 {sha1_hash B69ABB0BF41433F4E27434BF6628CE1EA1CAA704 subject {CN=FlightAware Root,OU=Operations,O=FlightAware LLC,L=Houston,ST=TX,C=US} issuer {CN=FlightAware Root,OU=Operations,O=FlightAware LLC,L=Houston,ST=TX,C=US} notBefore {Dec 9 16:50:04 2015 GMT} notAfter {Dec 4 16:50:04 2035 GMT} serial A9FE756D9E6B94B4} 1 {}
callback: verify sock115f688 1 {sha1_hash D191B12012733E764CA27D5DFB88336499C9C7C1 subject {CN=FlightAware Intermediate,OU=Operations,O=FlightAware LLC,ST=TX,C=US} issuer {CN=FlightAware Root,OU=Operations,O=FlightAware LLC,L=Houston,ST=TX,C=US} notBefore {Dec 9 16:59:51 2015 GMT} notAfter {Dec 6 16:59:51 2025 GMT} serial 2048} 1 {}
callback: verify sock115f688 0 {sha1_hash ED69EEEF3FEE10E7DDD1BEC93C10EDCDF88989A1 subject {CN=*.flightaware.com,OU=Operations,O=FlightAware LLC,L=Houston,ST=Texas,C=US} issuer {CN=FlightAware Intermediate,OU=Operations,O=FlightAware LLC,ST=TX,C=US} notBefore {Dec 11 16:33:41 2015 GMT} notAfter {Dec 11 16:33:41 2019 GMT} serial 2049} 1 {}
callback: info sock115f688 connect loop {unknown state}
callback: info sock115f688 connect loop {unknown state}
callback: info sock115f688 connect loop {unknown state}
callback: info sock115f688 connect loop {unknown state}
callback: info sock115f688 connect loop {unknown state}
callback: info sock115f688 connect loop {unknown state}
callback: info sock115f688 connect loop {unknown state}
callback: info sock115f688 connect loop {unknown state}
callback: info sock115f688 connect exit {unknown state}
handshake: returned 0
handshaking
callback: info sock115f688 connect loop {unknown state}
callback: info sock115f688 connect loop {unknown state}
callback: info sock115f688 handshake done {SSL negotiation finished successfully}
callback: info sock115f688 connect exit {SSL negotiation finished successfully}
handshake: returned 1
tls status: sha1_hash ED69EEEF3FEE10E7DDD1BEC93C10EDCDF88989A1 subject {CN=*.flightaware.com,OU=Operations,O=FlightAware LLC,L=Houston,ST=Texas,C=US} issuer {CN=FlightAware Intermediate,OU=Operations,O=FlightAware LLC,ST=TX,C=US} notBefore {Dec 11 16:33:41 2015 GMT} notAfter {Dec 11 16:33:41 2019 GMT} serial 2049 sbits 256 cipher AES256-SHA
callback: info sock115f688 alert write {close notify}
from piaware.
Definitely something different:
$ ./tls.tcl
establishing connection
importing socket
handshaking
callback: info sock1cd2b30 handshake start {before SSL initialization}
callback: info sock1cd2b30 connect loop {before SSL initialization}
callback: info sock1cd2b30 connect loop {SSLv3/TLS write client hello}
callback: info sock1cd2b30 connect exit {SSLv3/TLS write client hello}
handshake: returned 1
tls status: sbits 0
from piaware.
OK, definitely a tcltls/openssl problem then. If you pass that testcase on to the tcltls maintainer they may be able to do something with it.
The specific bug in your output is that tls::handshake has returned 1 to say that the TLS handshake is complete when the handshake is not actually complete. the API says it should either return 0 (socket is nonblocking, handshake is not complete), return 1 (handshake is complete), or generate an error.
from piaware.
TclTLS bugs can be reported here: http://core.tcl.tk/tcltls/reportlist
from piaware.
I can't reproduce the bug with tcltls 1.6 (on a Pi) or 1.6.7 (Ubuntu, x86_64)
I can reproduce the bug on tcltls 1.7.11 (FreeBSD, amd64 - @bovine, that's on graceful)
from piaware.
Raised a bug report upstream: http://core.tcl.tk/tcltls/tktview/1367823d51d97f90c7d72a3307b5ba7c8757b500
from piaware.
It's already fixed in tcltls 1.7.12, I'm waiting for the update in order to test if the piaware issue is gone.
Thanks @mutability and @bovine.
from piaware.
from piaware.
Test done.
Tcltls 1.7.12 just landed in Arch's repo and seems to fix the server connection issue.
@anish you can update the PKGBUILD.
TLS handshake with adept server at piaware.flightaware.com/1200 completed
FlightAware server certificate validated
encrypted session established with FlightAware
logged in to FlightAware
from piaware.
Related Issues (20)
- `statusfile.tcl` is not setting `type = "flightfeeder"` HOT 2
- buffer overflow HOT 2
- Upgrade from 5.0 to 6.1 from stats page fails with apt-get update error HOT 1
- Prevent automatic rebooting when no A/Cs are detected or increase check interval HOT 3
- Enable text compression on lighthttpd HOT 15
- Dark Mode
- skyaware978 404 HOT 6
- Adept server not compatible with OpenSSL 3.0 in standard settings HOT 5
- update 6.1 to 7.2 on RPI Zero 2 W ( Bullseye ) HOT 2
- piaware doesn't appear to reconnect after adept server side closes connection? HOT 2
- Apt update fail on mirror HOT 1
- Error loop on boot prevent access to piaware HOT 2
- dump1090-fa versus Piaware HOT 8
- MLAT problems with version 8.0~dev (and Python 3.9?) HOT 13
- Password protect web UI HOT 1
- piaware crashes with itcl3 3.4.4 HOT 8
- offline maps
- AttributeError: 'AdeptConnection' object has no attribute 'send_clock_jump' HOT 3
- Bad link for repo in README HOT 1
- Disabling IPV6 Results In Core Dump
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from piaware.