search

Hacksore / bluelinky

An unofficial nodejs API wrapper for Hyundai bluelink and Kia UVO
https://bluelinky.readme.io
MIT License
346 stars 78 forks source link

SSL Error for Kia Canada #254

Closed djensenius closed 1 year ago

djensenius commented 1 year ago

Describe the bug When running npm debug I'm getting:

debug: write EPROTO 00DE05DC01000000:error:0A000172:SSL routines:tls12_check_peer_sigalg:wrong signature type:ssl/t1_lib.c:1573:

Usefull info(please complete the following information):

Additional context Node: 18.16.1 Happy to privately provide login details.

Hacksore commented 1 year ago

since it's a TLS issue it could be an issue with your machine and or dependencies.

I'd try in another machine or even in a docker container to troubleshoot.

djensenius commented 1 year ago

Tried with a linux machine and node 20.4.0 with the same error :(

I think both are using openssl@3

djensenius commented 1 year ago

Just tried on a GitHub Codespace


@djensenius ➜ /workspaces/bluelinky (master) $ npm run debug

> bluelinky@8.1.1 debug
> cross-env LOG_LEVEL=debug ts-node debug.ts

? What Region are you in? CA
? Which brand are you using? kia
{ region: 'CA', brand: 'kia' }
Logging in...
[2023-07-12 01:20:21] debug: CA Controller created
[2023-07-12 01:20:21] debug: Bluelinky is logging in automatically, to disable use autoLogin: false
[2023-07-12 01:20:21] info: Begin login request
[2023-07-12 01:20:21] debug: [https://kiaconnect.ca/tods/api/lgn] {} {"loginId":"hiding_this","password":"hiding_this"}
[2023-07-12 01:20:21] info: Begin getVehicleList request
[2023-07-12 01:20:21] debug: [https://kiaconnect.ca/tods/api/vhcllst] {} {}
[2023-07-12 01:20:22] debug: write EPROTO 00483CBC0B7F0000:error:0A000172:SSL routines:tls12_check_peer_sigalg:wrong signature type:../deps/openssl/openssl/ssl/t1_lib.c:1572:

[2023-07-12 01:20:22] debug: Found 0 on the account```
Hacksore commented 1 year ago

can you try curl -vvv https://kiaconnect.ca/tods/api/vhcllst and see if you get errors that relate to TLS?

djensenius commented 1 year ago

Hmm, nope:


❯ curl -vvv https://kiaconnect.ca/tods/api/vhcllst
*   Trying 209.198.184.19:443...
* Connected to kiaconnect.ca (209.198.184.19) port 443 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: C=US; ST=California; O=Kia Motors America Inc; CN=www.kiaconnect.ca
*  start date: Sep 13 00:00:00 2022 GMT
*  expire date: Oct  6 23:59:59 2023 GMT
*  subjectAltName: host "kiaconnect.ca" matched cert's "kiaconnect.ca"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Organization Validation Secure Server CA
*  SSL certificate verify ok.
* using HTTP/1.x
> GET /tods/api/vhcllst HTTP/1.1
> Host: kiaconnect.ca
> User-Agent: curl/7.88.1
> Accept: */*
> 
< HTTP/1.1 500 Internal Server Error
< Date: Wed, 12 Jul 2023 01:27:40 GMT
< Server: Oracle-Application-Server-11g
< Access-Control-Allow-Methods: POST, GET
< Access-Control-Max-Age: 1000
< Access-Control-Allow-Headers: language, offset, UCID, From, x-requested-with, Content-Type, origin, authorization, accept, client-security-token, accesstoken, clientId, clientSecret
< Access-Control-Allow-Credentials: true
< Allow: POST
< Set-Cookie: JSESSIONID=2AD79C7CD36EE3A300DDEC91582646B5; Path=/; HttpOnly
< Content-Length: 358
< Access-Control-Allow-Origin: *
< Connection: close
< Content-Type: text/html;charset=UTF-8
< Content-Language: en
< ```
Hacksore commented 1 year ago

I just ran debug with CA and i got the same issue πŸ’€.

> bluelinky@8.1.1 debug
> cross-env LOG_LEVEL=debug ts-node debug.ts

? What Region are you in? CA
? Which brand are you using? kia
{ region: 'CA', brand: 'kia' }
Logging in...
[2023-07-11 20:29:55] debug: CA Controller created
[2023-07-11 20:29:55] debug: Bluelinky is logging in automatically, to disable use autoLogin: false
[2023-07-11 20:29:55] info: Begin login request
[2023-07-11 20:29:55] debug: [https://kiaconnect.ca/tods/api/lgn] {} {"loginId":"bluelinkyci@gmail.com","password":"<REEEEEEEEEEEEEEEEDACTED>"}
[2023-07-11 20:29:56] info: Begin getVehicleList request
[2023-07-11 20:29:56] debug: [https://kiaconnect.ca/tods/api/vhcllst] {} {}
[2023-07-11 20:29:56] debug: write EPROTO 005ED0EE01000000:error:0A000172:SSL routines:tls12_check_peer_sigalg:wrong signature type:../deps/openssl/openssl/ssl/t1_lib.c:1572:

[2023-07-11 20:29:56] debug: Found 0 on the account
djensenius commented 1 year ago

Same thing is happening with the login method, it's just not logging the response by default.

I looked at upgrading got thinking that might have something to do with it. But the new version has a lot of breaking changes. 🀷

Hacksore commented 1 year ago

Hmmm I tried without got and native fetch in node v18 and got a similar issue with the CA endpoint.

I have to assume the TLS settings were changed on their server causing this issue πŸ€”.

Code:

fetch('https://kiaconnect.ca/test')
  .then(res => res.json())
  .then(console.log)
  .catch(console.error);

Error:

TypeError: fetch failed
    at Object.fetch (node:internal/deps/undici/undici:11457:11)
    at processTicksAndRejections (node:internal/process/task_queues:95:5) {
  cause: [Error: 005ED0EE01000000:error:0A000172:SSL routines:tls12_check_peer_sigalg:wrong signature type:../deps/openssl/openssl/ssl/t1_lib.c:1572:
  ] {
    library: 'SSL routines',
    reason: 'wrong signature type',
    code: 'ERR_SSL_WRONG_SIGNATURE_TYPE'
  }
}
djensenius commented 1 year ago

Looks like OpenSSL 3, which newer versions of node are compiled against, does not like the certificate. Can’t get a workaround working unfortunately.

Guess we wait for the cert to expire, which is luckily not a terribly long wait.

Hacksore commented 1 year ago

Could you downgrade node and try to see if that's a workaround for now?

djensenius commented 1 year ago

@Hacksore Yep, downgrading to node 16 is MUCH happier:

Logging in...
[2023-07-14 10:31:05] debug: CA Controller created
[2023-07-14 10:31:05] debug: Bluelinky is logging in automatically, to disable use autoLogin: false
[2023-07-14 10:31:05] info: Begin login request
[2023-07-14 10:31:05] debug: [https://kiaconnect.ca/tods/api/lgn] {} {"loginId":"<nope>","password":"<nope>"}
[2023-07-14 10:31:06] debug: {
  "accessToken": "<nope>",
  "scope": [
    "profile"
  ],
  "tokenType": "bearer",
  "expireIn": 86400,
  "refreshToken": "<nope>",
  "signature": ""
}
[2023-07-14 10:31:06] info: Begin getVehicleList request
[2023-07-14 10:31:06] debug: [https://kiaconnect.ca/tods/api/vhcllst] {} {}
[2023-07-14 10:31:07] debug: CA Vehicle <nope> created
[2023-07-14 10:31:07] debug: Found 1 on the account
Hacksore commented 1 year ago

Woot woot!

Maybe once they update the cert this won't be an issue like you said πŸ˜….

Closing for now as we have a workaround, thanks for digging into this.

carlosgamezvillegas commented 12 months ago

Hello @Hacksore and team,

Have we found a solutions for issue? The workaround provided is not going to work for much longer since node.js 16 has been deprecated.

Kind regards,

Hacksore commented 12 months ago

related got issue https://github.com/sindresorhus/got/issues/2271

We could switch to fetch which has a workaround. However, that's a considerable amount of work and something is probably bound to break.

import crypto from 'crypto';
import { Agent } from 'undici';

fetch('https://kiaconnect.ca', {
  dispatcher: new Agent({
    connect: {
      rejectUnauthorized: false,
      secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT,
    },
  }),
}).then((res) => console.log(res.status));

If anyone wants to ship a PR πŸ™

gruijter commented 11 months ago

A fix is indeed needed. The new Homey Home automation platform only runs on node 18. So Bluelinky is broken there :(

See details here: https://community.homey.app/t/app-pro-kia-and-hyundai/32487/560

Someone here that can do a PR? πŸ™

glenviewjeff commented 8 months ago

Why is this closed?

Hacksore commented 8 months ago

Why is this closed?

I don't have bandwidth to fix it, PRs are welcomed tho!

glenviewjeff commented 8 months ago

FYI I ran into this with a US Hyundai. I can't remember right now if it was an old version of Bluelinky that I was trying when I added this comment or the current version.