fail HTTP.request mongoose call

10 posts / 0 new

10 May, 2020 - 07:39

dar63

Hi,

To have better user experience and new features in the abrp plugin, I need to implement oauth. I am at the last step, where I try to catch the answer of a request, which is a JSON containing the "access_token".

to launch the abrp authentication page, with the oauth api, I used a webplugin, and it works well it the ovms box is connected to a wifi with internet.
but I found no way, except facing CORS errors (cross domain origin) to catch the last answer, which is displayed.

If I launch the last call in a new web page, I have the result (see screen copy of firefox result).

https://pasteboard.co/J7HOhMq.tiff

So I tried to launch this url with the HTTP.request call in the plugin script, but I have an error, I am not sure about the meaning:

https://pasteboard.co/J7HNEs5.tiff

Could you help me to understand what is this error, please ?

kindly regards

David

10 May, 2020 - 08:30

dexter

fail HTTP.request mongoose call

Your screenshots are broken…

10 May, 2020 - 09:47

(Reply to #2) #3

dar63

OK, I added links in the

OK, I added links in the description :-)

The url I launch in firefox by hand : https://web.abetterrouteplanner.com/oauth/token?client_id=49&client_secret=32b2162f-9599-4647-8139-66e9f9528370&code=5972e204-3495-496d-9565-dc9ed5b0f7f0&redirect_uri=https://inexpensive-caterwauling-myrtle.glitch.me

The error I have when I try it with HTTP.request:

mongoose: mg_ssl_if_mbed_err 0x3f84e8a4 SSL error: -9984

10 May, 2020 - 10:03

dexter

fail HTTP.request mongoose call

Both links lead to "Image not found".

11 May, 2020 - 15:50

dexter

fail HTTP.request mongoose call

I assume you missed adding the CA PEM file to your trusted CA list as documented: https://docs.openvehicles.com/en/latest/userguide/ssltls.html

web.abetterrouteplanner.com currently uses a certificate by Cloudflare, so you need to add the Cloudflare CA, which is currently:

After adding this, your request succeeds on my module.

Regards,
Michael

11 May, 2020 - 17:13

(Reply to #5) #6

dar63

I will try that, thanks a lot

I will try that, thanks a lot, Michael !

12 May, 2020 - 16:31

dar63

need help ... still

Michael,

Following your advice, I have done this:

creation of a file cloudfare.crt

OVMS# vfs cat /store/trustedca/cloudfare.crt

-----BEGIN CERTIFICATE-----

MIIDozCCAougAwIBAgIQD/PmFjmqPRoSZfQfizTltjANBgkqhkiG9w0BAQsFADBa

MQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl

clRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE1

MTAxNDEyMDAwMFoXDTIwMTAwOTEyMDAwMFowbzELMAkGA1UEBhMCVVMxCzAJBgNV

BAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBDbG91ZEZs

YXJlLCBJbmMuMSAwHgYDVQQDExdDbG91ZEZsYXJlIEluYyBFQ0MgQ0EtMjBZMBMG

ByqGSM49AgEGCCqGSM49AwEHA0IABNFW9Jy25DGg9aRSz+Oaeob/8oayXsy1WcwR

x07dZP1VnGDjoEvZeFT/SFC6ouGhWHWPx2A3RBZNVZns7tQzeiOjggEZMIIBFTAS

BgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjA0BggrBgEFBQcBAQQo

MCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA6BgNVHR8E

MzAxMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vT21uaXJvb3QyMDI1

LmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93

d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUPnQtH89FdQR+P8Cihz5MQ4NR

E8YwHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwDQYJKoZIhvcNAQEL

BQADggEBADhfp//8hfJzMuTVo4mZlmCvMsEDs2Xfvh4DyqXthbKPr0uMc48qjKkA

DgEkF/fsUoV2yOUcecrDF4dQtgQzNp4qnhgXljISr0PMVxje28fYiCWD5coGJTH9

vV1IO1EB3SwUx8FgUemVAdiyM1YOR2aNbM2v+YXZ6xxHR4g06PD6wqtPaU4JWdRX

xszByOPmGcFYOFLi4oOF3iI03D+m968kvOBvwKtoLVLHawVXLEIbLUiHAwyQq0hI

qSi+NIr7uu30YJkdFXgRqtltU39pKLy3ayB2f6BVA3F59WensKAKF1eyAKmtz/9n

jD4m5ackvMJvEOiJxnCl0h+A7Q0/JxM=

-----END CERTIFICATE-----

I used "tls trust clear", then "tls trust reload" and got this:

OVMS# tls trust list

[…]

cloudfare.crt length 1321 bytes

1321 byte certificate: cloudfare.crt

cert. version : 3

serial number : 0F:F3:E6:16:39:AA:3D:1A:12:65:F4:1F:8B:34:E5:B6

issuer name : C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root

subject name : C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2

issued on : 2015-10-14 12:00:00

expires on : 2020-10-09 12:00:00

signed using : RSA with SHA-256

EC key size : 256 bits

basic constraints : CA=true, max_pathlen=0

key usage : Digital Signature, Key Cert Sign, CRL Sign

[…]

In my script, I added this code

exports.getAuthKey = function (req_url) {

HTTP.request( {

url: req_url,

done: function(resp) {print(resp + CR)},

fail: function(err) {print(err + CR)}

} );

}

And finally here's what I got :-(

OVMS# script eval abrp.getAuthKey("https://web.abetterrouteplanner.com/oauth/token?client_id=49&client_secret=32b2162f-9599-4647-8139-66e9f9528370&code=f8690e6f-cc69-4a08-9de5-a780b17f5c49&redirect_uri=https://inexpensive-caterwauling-myrtle.glitch.me")

W (14933287) websocket: WebSocketHandler[0x3f856400]: job queue overflow detected

W (14933337) websocket: WebSocketHandler[0x3f856400]: job queue overflow resolved, 16 drops

I (14933367) script: [sendlivedata2abrp.js:380:] SSL error

So the error is not the same anymore, it definilty help to add the crt file, as I no longer have mongoose error, but as you said you got an answer trying it on your module, I was wondering what mistake I made...

kindly regards

David

13 May, 2020 - 16:49

dexter

fail HTTP.request mongoose call

David,

I assumed you don't want to use the oauth redirection in a HTTP.Request, as it doesn't seem to make sense to redirect a script to a user site.

So I did the request without the redirect parameter:

HTTP.Request({
url: "https://web.abetterrouteplanner.com/oauth/token?client_id=49&client_secret=32b2162f-9599-4647-8139-66e9f9528370&code=5972e204-3495-496d-9565-dc9ed5b0f7f0",
always: function() { JSON.print(this, false); }
});

Doing this creates this response:

I (143694) script: [eval:3:] {"url":"https://web.abetterrouteplanner.com/oauth/token?client_id=49&client_secret=32b2162f-9599-4647-8139-66e9f9528370&code=5972e204-3495-496d-9565-dc9ed5b0f7f0","always":function () { [ecmascript code] },"redirectCount":0,"error":"","response":{"statusCode":200,"statusText":"OK","body":"{\"access_token\": \"9c714107-56aa-4e4d-a318-80c3bf967e35\", \"token_type\": \"bearer\", \"state\": \"darkianiro63.local\"}","headers":[{"Date":"Wed, 13 May 2020 16:11:45 GMT"},{"Content-Type":"application/json"},{"Transfer-Encoding":"chunked"},{"Connection":"keep-alive"},{"Set-Cookie":"__cfduid=d23c2e76010a17a55f4101b64469a5cd31589386304; expires=Fri, 12-Jun-20 16:11:44 GMT; path=/; domain=.abetterrouteplanner.com; HttpOnly; SameSite=Lax"},{"Vary":"Accept-Encoding"},{"CF-Cache-Status":"DYNAMIC"},{"Expect-CT":"max-age=604800, report-uri=\"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\""},{"Server":"cloudflare"},{"CF-RAY":"592da835d9d19bf7-AMS"},{"cf-request-id":"02b06775ab00009bf7d491c200000001"}]}}

That's a status 200 and has an access_token in the body, so seems to be a valid response.

If you actually want to let the script follow the redirect, you will need to add the CA for the redirect destination (inexpensive-caterwauling-myrtle.glitch.me) as well.

Regards,
Michael

13 May, 2020 - 18:05

dar63

Hi Michael !

This time, I feel really stupid. Of course you're right regarding the redirect.

So I upgraded my OVMS device to the latest version I found (3.2.012-225-g64499067), reboot. Then I've written exactly the same code as you, made a script reload and I still have this:

I (184732) script: Duktape: Initialising module system

I (185022) script: Duktape: Executing ovmsmain.js

I (185042) script: [ovmsmain.js:1:main] loading abrp...

I (185512) script: [ovmsmain.js:3:main] main script OK

I (200752) webcommand: HttpCommandStream[0x3f840e18]: 3909320 bytes free, executing: script eval abrp.getAuthKey()

I (219412) script: [sendlivedata2abrp.js:385:] {"url":"https://web.abetterrouteplanner.com/oauth/token?client_id=49&client_secret=32b2162f-9599-4647-8139-66e9f9528370&code=5972e204-3495-496d-9565-dc9ed5b0f7f0","always":function () { [ecmascript code] },"redirectCount":0,"error":"SSL error"}

I am a bit lost

I still have this with tls trust list:

cloudfare.crt length 6098 bytes
6098 byte certificate: cloudfare.crt
  cert. version     : 3
  serial number     : 05:69:9B:73:2C:E4:F0:AF:2B:C1:F5:80:20:3B:68:69
  issuer name       : C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2
  subject name      : C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com
  issued  on        : 2020-04-08 00:00:00
  expires on        : 2020-10-09 12:00:00
  signed using      : ECDSA with SHA256
  EC key size       : 256 bits
  basic constraints : CA=false
  subject alt name  : abetterrouteplanner.com, *.abetterrouteplanner.com, sni.cloudflaressl.com
  key usage         : Digital Signature
  ext key usage     : TLS Web Server Authentication, TLS Web Client Authentication

kindly regards

/David

13 May, 2020 - 18:49

#10

dexter

fail HTTP.request mongoose call

David,

if you take a closer look, your "cloudflare.crt" has changed in your last post.

It seems you meanwhile have exchanged the CA certificate by the server certificate. That won't work.

Install the CA certificate from my previous post. If you have a second file containing the server certificate, delete that.

Regards,
Michael