Open foxt opened 3 years ago
foxt
commented
3 years ago As it turned out, I was attempting to use port 8008 (which is default on the swagger thing), which rejects all authentication,.
I'm unsure if simply switching to HTTPs port fixes this
rithvikvibhu
commented
3 years ago Hm I haven't really looked at what an unlinked device does. All calls that we've seen over HTTPS (on port 8443) requires a token that is linked to a Google account. Maybe this token is optional when unlinked, idk, will try it out sometime (please post if you do).
stale[bot]
commented
3 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
interfect
commented
2 years ago I've got an unlinked device, and endpoints that supposedly require authentication seem to be open on it.
$ curl -vvv --insecure --tlsv1.2 --tls-max 1.2 https://10.1.0.243:8443/setup/supported_timezones
* Trying 10.1.0.243:8443...
* TCP_NODELAY set
* Connected to 10.1.0.243 (10.1.0.243) port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=California; L=Mountain View; O=Google Inc; OU=Cast; CN=C964B4 FA8FCA982080
* start date: May 28 01:32:38 2019 GMT
* expire date: May 23 01:32:38 2039 GMT
* issuer: C=US; ST=California; L=Mountain View; O=Google Inc; OU=Cast; CN=Chromecast ICA 5 (4K)
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET /setup/supported_timezones HTTP/1.1
> Host: 10.1.0.243:8443
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Access-Control-Allow-Headers:Content-Type
< Cache-Control:no-cache
< Content-Length:11892
< Content-Type:application/json
<
[{"display_string":"Samoa Standard Time (Midway)","offset":-660,"timezone":"Pacific/Midway"},{"display_string":"Hawaii-Aleutian Standard Time (Honolulu)","offset":-600,"timezone":"Pacific/Honolulu"},{"display_string":"Hawaii-Aleutian Standard Time (Adak)","offset":-600,"timezone":"America/Adak"},{"display_string":"Alaska Standard Time (Anchorage)","offset":-540,"timezone":"America/Anchorage"},{"display_string":"Pacific Standard Time (Los Angeles)","offset":-480,"timezone":"America/Los_Angeles"},{"display_string":"Pacific Standard Time (Vancouver)","offset":-480,"timezone":"America/Vancouver"},{"display_string":"Pacific Standard Time (Tijuana)","offset":-480,"timezone":"America/Tijuana"}, ...
Has there been any investigation on how to authenticate to devices that are not linked to a Google account, and how would one link to a Google account? A CLAT is only generated once a device is linked to an account and it doesn't accept no CLAT for an answer.