galmok
commented
5 years ago I have added a certificate and made apiscraper.py load it (only 2 lines of code change), but the Android App refuses to talk to the server. I have verified that the certificate indeed is loaded and working, but as it is a self-signed certificate, the Android App flat out refuses it. I even loaded the certificate into the certificate store in the phone, but it wont work. Browsers also warn about the certificate, but lets me bypass the warning.
I tested the webserver using https://www.digicert.com/help/ and it reports every is ok, except there is not CA (which self-signed certificates do not have).
Could you expand on the app and either let all self-signed certificates pass (not a great idea, but better what we have not) or only let the certificate with the correct thumb-print pass? Or check if the certificate is loaded into the phones certificate store, in which case, the app accepts it (I prefer this solution).
The change I made is this:
bme@bme-Virtual-Machine:~/tesla-apiscraper$ diff apiscraper.original.py apiscraper.py
27a28
> import ssl
391a393
> self.socket = ssl.wrap_socket(self.socket, certfile='certificate.pem', keyfile='private.pem', server_side=True)And I created the PEM files like this:
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout private.pem -out certificate.pemI filled out the country code and the common name (with the common name equal to my FQDN).
I converted to CRT (for Android) this way:
openssl x509 -inform PEM -outform DM -in certificate.pem -out certificate.crt
lephisto
I have gotten most if it up and running, but I am concerned about the seemingly lack of HTTPS support for the communication between the Android app and the tesla api scraper. HTTP makes it very easy to sniff out the API key...
So, could we get support for HTTPS? :)