On Wednesday, June 8, 2022 at 5:53:50 PM UTC+2 Brian Candler wrote: > On Wednesday, 8 June 2022 at 10:09:26 UTC+1 andig wrote: > >> We've not found an approach for communicating with the device sofar >> unless using patched Go stdlib. >> > > Connect via a proxy like stunnel? > > Out of interest, does raw "openssl s_client" allow communication with the > device? >
We receive an alert 40 (Handshake failure ) when using openssl. So the cert is definitively faulty in some way. :~/wallbox/hack$ openssl s_client -connect 192.168.1.180:4712 CONNECTED(00000005) depth=0 CN = EEBUS, O = EVBox Intelligence, C = NL verify error:num=18:self signed certificate verify return:1 depth=0 CN = EEBUS, O = EVBox Intelligence, C = NL verify return:1 140477570593216:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1528:SSL alert number 40 --- Certificate chain 0 s:CN = EEBUS, O = EVBox Intelligence, C = NL i:CN = EEBUS, O = EVBox Intelligence, C = NL --- Server certificate -----BEGIN CERTIFICATE----- MIIBszCCAVmgAwIBAgIBATAKBggqhkjOPQQDAjA6MQ4wDAYDVQQDDAVFRUJVUzEb Seems that in this case- if we regard openssl as "the standard" it's obsolete to talk about Go. > It would seem reasonable to me for InsecureSkipVerify to skip certificates > without parsing them at all. It is, after all, insecure by definition. > It doesn't do that as it checks for supported ciphers afterwards, so it needs to decode the cert first. Cheers, Andi -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/e7270ed8-35bd-428f-8ec8-69e50d48b0b7n%40googlegroups.com.
