B4J Question Disable SSL certificate check?

Tom1s

Member
Licensed User
Longtime User
Hello

I try to connect to siemens OZW672.01 web server. When connecting with pc browser it says not safe or problem with certificate etc.

I have code in perl and python to make this work but cannot do it with this. I have tried Jhttputils2SSL to make SSL false and true and tried HttpUtils2Service.bas module with acceptall-line.



https://x.x.x.x/api/auth/login.json?user=username&pwd=password
This should give me a sessioncode that I can use to ask more.

Now with jOKhttputils2 i got
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

With pearl they disable SSL checking https://forum.fhem.de/index.php?topic=32866.0

Any ideas?
 

Tom1s

Member
Licensed User
Longtime User
Or I do something wrong...?

I think Jhttputils2SSL should disable the checking with "false" option:

B4X:
Dim Job1 As HttpJob
Dim serverauth As String ="https://192.168.1.10/api/auth/login.json?user=User&pwd=Pass"
Log(serverauth)
Job1.Initialize("authorization",Me,False)
Job1.Download(serverauth)

End Sub

Waiting for debugger to connect...
Program started.
https://192.168.1.10/api/auth/login.json?user=User&pwd=Pass
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:399)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:143)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554)
at anywheresoftware.b4a.http.HttpClientWrapper.executeWithTimeout(HttpClientWrapper.java:310)
at anywheresoftware.b4a.http.HttpClientWrapper.access$0(HttpClientWrapper.java:308)
at anywheresoftware.b4a.http.HttpClientWrapper$ExecuteHelper.run(HttpClientWrapper.java:207)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
 
Upvote 0

Tom1s

Member
Licensed User
Longtime User
If i try it with webview it does not show anything..it should show json string.

This is another approach...it uses cookies i think.

B4X:
def www_login(IP, USER, PASSWD):
        requests.packages.urllib3.disable_warnings()
        result = requests.get( 'https://' + IP + '/main.app?user=' + USER + \
                '&pwd=' + PASSWD, verify=False)
        return result.cookies



def www_get_PID_value(IP, cookie, PID):
        result = requests.get('https://' + IP + '/ajax.app?service=getDp&plantItemId=' + PID , \
                verify=False, cookies=cookie)
        logging.debug(result.json())
        return result.json()['value'].strip()
 
Upvote 0

Tom1s

Member
Licensed User
Longtime User
Ok I already tried OkHttpUtils2 and put hc.InitializeAcceptAll("hc") to httputils2service.bas.
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

I will try jhttputils2 next.
 
Upvote 0

Tom1s

Member
Licensed User
Longtime User
I took it here: https://www.b4x.com/android/forum/threads/jhttputils2-source-code.39415/#content
Added those as modules it needed JHTTP(version1.11) as library as well.
I made that modification but still says:javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

Same address string with Chrome gives this:
{

"SessionId": "e29502c3-2aaa-4616-c47be5887117",

"Result": {
"Success": "true"
}
}

=(

B4X:
Sub Process_Globals
    Private hc As HttpClient
    Private TaskIdToJob As Map
    Public TempFolder As String
    Private taskCounter As Int
End Sub

Sub Initialize
    If hc.IsInitialized = False Then
        TempFolder = File.DirTemp
        hc.InitializeAcceptAll("hc")
        TaskIdToJob.Initialize
    End If
End Sub
 
Upvote 0

Tom1s

Member
Licensed User
Longtime User
Previously i tried jHTTP ver 1.01 but it started asking client4.0 or something so I couldn't get it working.

Btw this siemens server is brand new and connected to the air to water pump
 
Upvote 0

Tom1s

Member
Licensed User
Longtime User
Perhaps I can =)

From manual:
Web operation via portal takes place through an HTTPS encrypted connection
(Port 443) via TCP/IP. The required certificate is accredited.
Web operation without portal takes place through an HTTPS encrypted
connection (Port 443) via TCP/IP. The required certificate is not accredited. The
self signed certificate by Siemens has saved on the Web Server for a period of 20
years. The certificate can be installed in the web browser as needed.
In addition, an HTTP (Port 80) connection is supported. Port 80 is disabled as
delivered. The access via http is not secured. The user is responsible for enabling
Port 80.
 
Upvote 0
Top