Untrusted peer, closing connection immediately about pushproxy HOT 11 CLOSED

angelovAlex, you closed this issue without any comments. It would be helpful if you commented on how you fixed it since I'm sure other people (like me) will encounter the same issue in the future.

Thanks,
-Luke

from pushproxy.

PushProxy has the apple certificate chain at certs/apple/apple-cert-chain.pem. One of the certificates (Apple iPhone Device CA) has expired at Apr 16, 2014, so it drops connection from apsd. I noticed the expiration error from OpenSSL many times, but I thought that something wrong with my certificates. I have removed peer verification in intercept.py. But better solution would be to find the new certificate or generate a fake one.
I used the app called xca to generate the absolutely same looking certificate chain for courier.push.apple.com with x509v3 extensions.
So It seems the PushProxy works great on 10.10.

Thanks.

from pushproxy.

@angelovAlex Thanks for debugging this! I'll see where I can find the new intermediate certificate and put it into pushproxy.

I'll keep this issue open as a reminder.

from pushproxy.

hi i get this error message

devide ios 5.0.1

2014-10-25 16:37:21+0800 [#7] New connection from 192.168.1.101:49384
2014-10-25 16:37:21+0800 Unable to connect to peer: [Failure instance: Traceback: <class 'OpenSSL.SSL.Error'>: [('SSL routines', 'SSL3_GET_CLIENT_CERTIFICATE', 'no certificate returned')]
/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/twisted/python/context.py:81:callWithContext
/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/twisted/internet/selectreactor.py:150:_doReadOrWrite
/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/twisted/internet/tcp.py:199:doRead
/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/twisted/protocols/tls.py:413:dataReceived
--- ---
/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/twisted/protocols/tls.py:352:_flushReceiveBIO
]

ios log:

<APSCourier: 0x153640>: Stream error occurred for <APSTCPStream: 0x16dbe0>: TLS Error Code=-9828 "peer reported cert expired"

how can i solve this problem?
thanks!!

from pushproxy.

@duking As @angelovAlex described, you can disable peer certificate verification for the device connection.

from pushproxy.

i patch it but it ditn't work, can you tell me which part and code line i need patch ? thanks!! I got this problem for a month .........

from pushproxy.

In InterceptServerContextFactory, that's how my getContext looks:

ctx = ssl.DefaultOpenSSLContextFactory.getContext(self)
ctx.use_certificate_chain_file(self.cert)
return ctx

And in SSLInfoCallback method in InterceptServer, I have removed this line
#subject = dict(cert.get_subject().get_components())
and edited this
self.deviceCommonName = "1AD0FADF-9C18-437E-9723-66EA71BDA8X6" #subject['CN']

from pushproxy.

what is 1AD0FADF-9C18-437E-9723-66EA71BDA8X6 ? where i can find this uuid from my device (ios5)? @angelovAlex

from pushproxy.

this is the commonName in the certificate that was extracted when you did "Extract and copy device certificate" step.
I'm not sure but I think that this variable isnt used in PushProxy except printing to logs in the line next to
self.deviceCommonName = "1AD0FADF-9C18-437E-9723-66EA71BDA8X6" #subject['CN']
so you probably can write any string there or delete this and next line either. But you rather should to ask @meeee about this variable.

from pushproxy.

@angelovAlex @meeee very thanks!! it works ! Orz : )

from pushproxy.

Fixed in 89c7719 by disabling device certificate validation.

from pushproxy.