search

Cebeerre / pysecuritas

Client to access Securitas Direct Mobile API
MIT License
20 stars 3 forks source link

DH key to small error #5

Closed crazyelectron-io closed 4 years ago

crazyelectron-io commented 4 years ago

When trying a simple command like:

python verisure.py -u USER -p PASSWORD -i INSTALLATION -l NL -c nl EST

I get the following error:

Traceback (most recent call last): File "/usr/local/lib/python3.7/dist-packages/urllib3/contrib/pyopenssl.py", line 485, in wrap_socket cnx.do_handshake() File "/usr/local/lib/python3.7/dist-packages/OpenSSL/SSL.py", line 1934, in do_handshake self._raise_ssl_error(self._ssl, result) File "/usr/local/lib/python3.7/dist-packages/OpenSSL/SSL.py", line 1671, in _raise_ssl_error _raise_current_error() File "/usr/local/lib/python3.7/dist-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue raise exception_type(errors) OpenSSL.SSL.Error: [('SSL routines', 'tls_process_ske_dhe', 'dh key too small')]

EDIT: When removing CipherString = DEFAULT@SECLEVEL=2 from /etc/ssl/openssl.cnf the command just doesn't complete (hangs for minutes).

Cebeerre commented 4 years ago

Not 100% sure, but has something to do with your OpenSSL options as I've seen this in some deployments. It works on mine ...

Anyway, I've added a new line to modify the cypher set. Try now.

crazyelectron-io commented 4 years ago

Thanks for looking into this. It still hangs without returning until I hit Ctrl-C. The issue with the DH key is indeed related to the OpenSSL library. Recent versions don't allow the lesser secure keys by default (adjusting the openssl.conf circumvents that).

The real issue that remains is the fact that it just hangs. Could it be related to the API URL? I have a Dutch VeriSure/Securitas Direct subscription. I did some debugging and found that the first GET returns:

<?xml version="1.0" encoding="UTF-8"?>\n<PET><RES>ERROR</RES><ERR>60067</ERR><MSG>We have had problems identifying you, please end session and log in again.</MSG><BLOQ remotereqactive="0" ></BLOQ></PET>

and it goes into this loop:

            while res != 'OK':
                output = self.call_verisure_get('GET', payload)
                res = output['PET']['RES']

I suppose I need another URL to access the API...

Cebeerre commented 4 years ago

That's the issue then, you've the "other" Verisure system. It actually uses a completely different API, not just the URL.

Try with this one:

https://github.com/persandstrom/python-verisure

crazyelectron-io commented 4 years ago

Ok. Thanks!