In that case the best solution would be to put the self created CA in the system's trusted CA so the SSL verification would pass. I haven't tried this yet but when I will do I'll report how to do this.
Disabling SSL verification in a production environment is highly discouraged in all cases. Routers could be subject to man in the middle attacks, an attacker could pretend to be OpenWISP and inject an arbitrary configuration, which would then allow him to root SSH into the routers. So unless you are using OpenWISP in your home or in a small office in which you trust everyone, SSL should never be disabled in production, otherwise you incur in the risk of malicious people being able to do criminal activities from your own routers which in turn send packets to the public internet from your own IP addresses, in that case in most countries the police would come to your door and ask questions. You won't go to jail but if you run a business your reputation will be compromised. Saving time to properly configure SSL doesn't sound like a good investment considered the risk involved, IMHO. Think about it and let it sink. Federico Il mer 18 apr 2018, 11:24 Артур Скок <[email protected]> ha scritto: > Disabling the SSL verification may work, but it's not a good practice for > production environments because it's insecure so it should be used only as > a temporary solution. (c) > May by they use self-signed cert in local network. In this case there is > not big risk. > > 2018-04-18 19:01 GMT+05:00 Federico Capoano <[email protected]>: > >> From https://curl.haxx.se/libcurl/c/libcurl-errors.html >> >> CURLE_SSL_CACERT_BADFILE (77) >> >> Problem with reading the SSL CA cert (path? access rights?) >> >> Disabling the SSL verification may work, but it's not a good practice for >> production environments because it's insecure so it should be used only as >> a temporary solution. >> >> What SSL library are you using? openssl, mbedtls or cyassl? >> >> Federico >> >> On Wed, Apr 18, 2018 at 7:53 AM Артур Скок <[email protected]> wrote: >> >>> Hi. >>> Try to use "option verify_ssl '0'" >>> >>> 2018-04-18 15:41 GMT+05:00 Nam Lê <[email protected]>: >>> >>>> Hi all, >>>> >>>> I can't connect between openwisp agent and controller. >>>> >>>> Log agent show code 77 . >>>> Wed Apr 18 10:35:49 2018 daemon.err openwisp: Failed to connect to >>>> controller while getting checksum: curl exit code 77 >>>> >>>> I installed openwisp-config-no-sll on agent and this is >>>> /etc/config/openwisp >>>> >>>> config controller 'http' >>>> option url 'https://10.0.1.253' >>>> #option interval '120' >>>> #option verify_ssl '1' >>>> #option shared_secret '' >>>> #option consistent_key '1' >>>> #option mac_interface 'eth0' >>>> #option merge_config '1' >>>> #option test_config '1' >>>> #option test_script '/usr/sbin/mytest' >>>> option uuid '01619bd52e3e4f468ab7xxxxxxxxxx' >>>> option key 'SU0kQIV1Jkaa70UK9AYbxxxxxxxxx' >>>> list unmanaged 'system.@led' >>>> list unmanaged 'network.loopback' >>>> list unmanaged 'network.@switch' >>>> list unmanaged 'network.@switch_vlan' >>>> # curl options >>>> #option connect_timeout '15' >>>> #option max_time '30' >>>> #option capath '/etc/ssl/certs' >>>> >>>> And how I do? Please help me! Thanks everyone. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "OpenWISP" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "OpenWISP" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "OpenWISP" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "OpenWISP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
