Send Motion-user mailing list submissions to
motion-user@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/motion-user
or, via email, send a message with subject or body 'help' to
motion-user-requ...@lists.sourceforge.net
You can reach the person managing the list at
motion-user-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Motion-user digest..."
Today's Topics:
1. TLS not working for webcontrol (worik)
2. Re: TLS not working for webcontrol (worik)
----------------------------------------------------------------------
Message: 1
Date: Fri, 28 Jun 2019 12:29:46 +1200
From: worik <r...@worik.org>
To: motion-user@lists.sourceforge.net
Subject: [Motion-user] TLS not working for webcontrol
Message-ID: <09104600-022e-14fa-644c-5919bf1b6...@worik.org>
Content-Type: text/plain; charset=utf-8
Friends
I am using motion V 4.1.1
wget
https://github.com/Motion-Project/motion/releases/download/release-4.1.1/pi_stretch_motion_4.1.1-1_armhf.deb
dpkg -i pi_stretch_motion_4.1.1-1_armhf.deb
on a Raspberry PI Zero.
The relevant (?) configuration is:
webcontrol_port 2936
webcontrol_localhost off
webcontrol_html_output off
webcontrol_parms 2
webcontrol_interface? 1 # Text
only??????????????????????????????????????????????????????????????????????????????????????????????????????????
webcontrol_tls on
webcontrol_cert <path to cert>
webcontrol_key <path to key>
The key and certificate are self signed that I use for other TLS/SSL
access to the PI.?
Testing the setup with openssl I get...
$ openssl s_client -connect 127.0.0.1:2936
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 4 bytes and written 176 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
??? Protocol? : TLSv1.2
??? Cipher??? : 0000
??? Session-ID:
??? Session-ID-ctx:
??? Master-Key:
??? PSK identity: None
??? PSK identity hint: None
??? SRP username: None
??? Start Time: 1561681501
??? Timeout?? : 7200 (sec)
??? Verify return code: 0 (ok)
??? Extended master secret: no
---
I am not sure how to interpret that, except it is a failure!
The certificate and key are both owned by the user running motion.
The permissions are set to -rw-r--r-- for the certificate and -rw-------
for the key
can anybody help?
Worik
--
If not me then who? If not now then when? If not here then where?
So, here I stand, I can do no other
r...@worik.org 021-1680650, (03) 4821804 Aotearoa (New Zealand)
------------------------------
Message: 2
Date: Fri, 28 Jun 2019 13:09:17 +1200
From: worik <r...@worik.org>
To: motion-user@lists.sourceforge.net
Subject: Re: [Motion-user] TLS not working for webcontrol
Message-ID: <66fe5840-31a1-b71e-5b5f-a47ed36d4...@worik.org>
Content-Type: text/plain; charset=utf-8
On 28/06/19 12:29 PM, worik wrote:
> Friends
>
> I am using motion V 4.1.1
I cloned the git repository and compiled from there.
Now using openssl s_client -connect 127.0.0.1:2936 it looks much better.
I have yet to test webcontrol and streaming over TLS/SSL but we will see...
Congratulations Mr Dave on keeping this going.
Worik
> wget
> https://github.com/Motion-Project/motion/releases/download/release-4.1.1/pi_stretch_motion_4.1.1-1_armhf.deb
> dpkg -i pi_stretch_motion_4.1.1-1_armhf.deb
>
> on a Raspberry PI Zero.
>
>
>
> The relevant (?) configuration is:
> webcontrol_port 2936
>
> webcontrol_localhost off
> webcontrol_html_output off
> webcontrol_parms 2
> webcontrol_interface? 1 # Text
> only??????????????????????????????????????????????????????????????????????????????????????????????????????????
>
> webcontrol_tls on
> webcontrol_cert <path to cert>
> webcontrol_key <path to key>
>
> The key and certificate are self signed that I use for other TLS/SSL
> access to the PI.?
>
>
> Testing the setup with openssl I get...
>
> $ openssl s_client -connect 127.0.0.1:2936
> CONNECTED(00000003)
> write:errno=0
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 4 bytes and written 176 bytes
> Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
> ??? Protocol? : TLSv1.2
> ??? Cipher??? : 0000
> ??? Session-ID:
> ??? Session-ID-ctx:
> ??? Master-Key:
> ??? PSK identity: None
> ??? PSK identity hint: None
> ??? SRP username: None
> ??? Start Time: 1561681501
> ??? Timeout?? : 7200 (sec)
> ??? Verify return code: 0 (ok)
> ??? Extended master secret: no
> ---
>
> I am not sure how to interpret that, except it is a failure!
>
> The certificate and key are both owned by the user running motion.
>
> The permissions are set to -rw-r--r-- for the certificate and -rw-------
> for the key
>
> can anybody help?
>
> Worik
>
>
--
If not me then who? If not now then when? If not here then where?
So, here I stand, I can do no other
r...@worik.org 021-1680650, (03) 4821804 Aotearoa (New Zealand)
------------------------------
------------------------------
Subject: Digest Footer
_______________________________________________
Motion-user mailing list
Motion-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/motion-user
------------------------------
End of Motion-user Digest, Vol 156, Issue 40
********************************************
