search

bnw / firefly-iii-fints-importer

Import financial transactions from you FinTS enabled bank into Firefly III.
GNU Affero General Public License v3.0
151 stars 23 forks source link

[comdirect] Connection Issue #71

Closed m4t7 closed 2 years ago

m4t7 commented 2 years ago

Issue

Good day, I used your application the past months without any problem, it seems that comdirect changed something on their end.

I receive the following issue:

Fatal error: Uncaught Fhp\CurlException: Failed connection to https://fints.comdirect.de/fints: OpenSSL SSL_read: Connection reset by peer, errno 104 in /vendor/nemiah/php-fints/lib/Fhp/Connection.php:78 
Stack trace: 
#0 /vendor/nemiah/php-fints/lib/Fhp/FinTs.php(946): Fhp\Connection->send('HNHBK:1:3+00000...') 
#1 /vendor/nemiah/php-fints/lib/Fhp/FinTs.php(645): Fhp\FinTs->sendMessage(Object(Fhp\Protocol\Message)) 
#2 /vendor/nemiah/php-fints/lib/Fhp/FinTs.php(673): Fhp\FinTs->ensureBpdAvailable() 
#3 /vendor/nemiah/php-fints/lib/Fhp/FinTs.php(532): Fhp\FinTs->ensureTanModesAvailable() 
#4 /app/FinTsFactory.php(55): Fhp\FinTs->getTanModes() 
#5 /app/FinTsFactory.php(30): App\FinTsFactory::get_tan_mode(Object(Fhp\FinTs), Object(Symfony\Component\HttpFoundation\Session\Session)) 
#6 /app/CollectData.php(50): App\FinTsFactory::create_from_session(Object(Symfony\Component\HttpFoundation\Session\Session)) #7 /app/index.php(45): App\StepFunction\CollectData() 
#8 {main} thrown in /vendor/nemiah/php-fints/lib/Fhp/Connection.php on line 78

Configuration

/app/configurations # cat example.json 
{
  "bank_username": "",
  "bank_password": "",
  "bank_code": "COBADEHDXXX",
  "bank_url": "https://fints.comdirect.de/fints",
  "bank_2fa": "902",
  "firefly_url": "https://hidden.url",
  "firefly_access_token": "hidden because of privacy",
  "skip_transaction_review": "false"
}

Inside Docker Container

I checked the /vendor/nemiah/php-fints/lib/Fhp/Connection.php file and found there a custom user agent. I tried to change this value, this works not in the application but if I do a plain curl with option -A specified it is sometimes working (see below).

43         curl_setopt($this->curlHandle, CURLOPT_USERAGENT, 'phpFinTS);

Curl with User-Agent phpFinTS

I receive no anwser.

curl Output ``` /app/configurations # curl -A "phpFinTS" -v https://fints.comdirect.de/fints * Trying 193.41.133.14:443... * Connected to fints.comdirect.de (193.41.133.14) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: businessCategory=Private Organization; serialNumber=HRB 32000; jurisdictionC=DE; jurisdictionL=Frankfurt am Main; jurisdictionST=Hessen; C=DE; ST=Hessen; L=Frankfurt am Main; street=Kaiserstrasse 16; O=COMMERZBANK AG; CN=fints.comdirect.de * start date: Nov 29 07:21:16 2021 GMT * expire date: Dec 31 07:21:16 2022 GMT * subjectAltName: host "fints.comdirect.de" matched cert's "fints.comdirect.de" * issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Extended Validation CA - SHA256 - G3 * SSL certificate verify ok. > GET /fints HTTP/1.1 > Host: fints.comdirect.de > User-Agent: phpFinTS > Accept: */* > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): ^C ```

Curl with User-Agent Mozilla Chrome Safari

I receive a answer.

curl Output ``` /app/configurations # curl -A "Mozilla Chrome Safari" -v https://fints.comdirect.de/fints * Trying 193.41.133.14:443... * Connected to fints.comdirect.de (193.41.133.14) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: businessCategory=Private Organization; serialNumber=HRB 32000; jurisdictionC=DE; jurisdictionL=Frankfurt am Main; jurisdictionST=Hessen; C=DE; ST=Hessen; L=Frankfurt am Main; street=Kaiserstrasse 16; O=COMMERZBANK AG; CN=fints.comdirect.de * start date: Nov 29 07:21:16 2021 GMT * expire date: Dec 31 07:21:16 2022 GMT * subjectAltName: host "fints.comdirect.de" matched cert's "fints.comdirect.de" * issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Extended Validation CA - SHA256 - G3 * SSL certificate verify ok. > GET /fints HTTP/1.1 > Host: fints.comdirect.de > User-Agent: Mozilla Chrome Safari > Accept: */* > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * Mark bundle as not supporting multiuse < HTTP/1.1 200 200 < Date: Sat, 30 Apr 2022 08:52:08 GMT < Server: Apache < Strict-Transport-Security: max-age=31536000; includeSubDomains < x-tr-requestticket: 98rytT8seYXXXXXXXXRoDBH2CgQA < Cache-Control: no-cache, no-store, must-revalidate < Pragma: no-cache < Expires: Thu, 01 Jan 1970 00:00:00 GMT < Content-Length: 262 < SE5IQks6MTozKzAw[obfuscated because of privacy ..............,.........................,] OTkn SElSTUc6MjoyKzkw[obfuscated because of privacy............................................ ]VyLis5ODAwOjpEaWFs b2cgYWJnZWJyb2N[obfuscated because of privacy............................................ ]W5zdGVsbHVuZzpubyBk * Connection #0 to host fints.comdirect.de left intact ```

Another try gives me no answer

curl Output ``` /app/configurations # curl -A "Mozilla Chrome Safari" -v https://fints.comdirect.de/fints * Trying 193.41.133.14:443... * Connected to fints.comdirect.de (193.41.133.14) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: businessCategory=Private Organization; serialNumber=HRB 32000; jurisdictionC=DE; jurisdictionL=Frankfurt am Main; jurisdictionST=Hessen; C=DE; ST=Hessen; L=Frankfurt am Main; street=Kaiserstrasse 16; O=COMMERZBANK AG; CN=fints.comdirect.de * start date: Nov 29 07:21:16 2021 GMT * expire date: Dec 31 07:21:16 2022 GMT * subjectAltName: host "fints.comdirect.de" matched cert's "fints.comdirect.de" * issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Extended Validation CA - SHA256 - G3 * SSL certificate verify ok. > GET /fints HTTP/1.1 > Host: fints.comdirect.de > User-Agent: Mozilla Chrome Safari > Accept: */* > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): ^C ```

I have no clue what is going on. Is there a way to see more debug output?

m4t7 commented 2 years ago

Oh man, I had somehow inserted my BIC and not my BLZ.