For iformation Tom, my [[FTP]] weewx.conf :
[[FTP]]
# FTP'ing the results to a webserver is treated as just another
report,
# albeit one with an unusual report generator!
# If you wish to use FTP, set "enable" to "true", then
# fill out the next four lines.
skin = Ftp
# Pour Orange, modifier le paramètre ciphers du fichier
/etc/ssl/openssl.cnf
ciphers = 'DEFAULT@SECLEVEL=1'
# Use quotes around passwords to guard against parsing errors.
enable = True
user = A
password = B
server = C # The ftp server name, e.g, www.myserver.org
path = / # The destination directory, e.g., /weather
# Set to True for an FTP over TLS (FTPS) connection. Not all servers
# support this.
secure_ftp = True
secure_data = True
# To upload files from something other than what HTML_ROOT is set
# to above, specify a different HTML_ROOT here.
HTML_ROOT = /var/www/html/weewx
# Most FTP servers use port 21
port = 21
# Set to 1 to use passive mode, zero for active mode
passive = 1
max_trie = 3
ftp_encoding = UTF-8
#bug in the Python libraries that happens when use a Pure-FTP server
reuse_ssl = True
Le lundi 27 juin 2022 à 09:56:07 UTC+2, Remy Lavabre a écrit :
> Hello Tom and thank you.
>
> Unfortunately it does not work (see attached syslog)
> 1/ I replaced ftpupload.py in /usr/sare/weewx/weeutil
> 2/ added ciphers = 'DEFAULT@SECLEVEL=1' in the [[FTP]] section of
> weewx.conf
> 3/ put back in the file /etc/ssl/openssl.cnf the last line "CipherString =
> DEFAULT@SECLEVEL=2" (as originally by default).
> 4/ Stopped WeeWX and restarted
>
> --> If I put DEFAULT@SECLEVEL=1 in the openssl.cnf file, same thing in the
> syslog.
> --> If I stop WeeWX and restart it (with the new FTP.py), it works again
> as before... But with DEFAULT@SECLEVEL=1 in openssl.cnf! :-(
>
> If you have an idear... ?
>
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> ftpgenerator: (0): caught exception '<class 'ssl.SSLError'>': [SSL:
> DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123)
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** Traceback (most recent call last):
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/share/weewx/weewx/reportengine.py", line 436, in run
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** n = ftp_data.run()
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/share/weewx/weeutil/ftpupload.py", line 175, in run
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** ftp_server.login(self.user, self.password)
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/lib/python3.9/ftplib.py", line 738, in login
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** self.auth()
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/lib/python3.9/ftplib.py", line 749, in auth
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** self.sock = self.context.wrap_socket(self.sock,
> server_hostname=self.host)
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** return self.sslsocket_class._create(
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/lib/python3.9/ssl.py", line 1040, in _create
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** self.do_handshake()
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** self._sslobj.do_handshake()
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123)
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> ftpgenerator: (1): caught exception '<class 'ssl.SSLError'>': [SSL:
> DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123)
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** Traceback (most recent call last):
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/share/weewx/weewx/reportengine.py", line 436, in run
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** n = ftp_data.run()
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/share/weewx/weeutil/ftpupload.py", line 175, in run
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** ftp_server.login(self.user, self.password)
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/lib/python3.9/ftplib.py", line 738, in login
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** self.auth()
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/lib/python3.9/ftplib.py", line 749, in auth
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** self.sock = self.context.wrap_socket(self.sock,
> server_hostname=self.host)
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** return self.sslsocket_class._create(
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/lib/python3.9/ssl.py", line 1040, in _create
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** self.do_handshake()
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** self._sslobj.do_handshake()
> Jun 27 09:41:11 localhost weewx[30338] ERROR weewx.reportengine:
> **** ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123)
> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine:
> ftpgenerator: (2): caught exception '<class 'ssl.SSLError'>': [SSL:
> DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123)
> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine:
> **** Traceback (most recent call last):
> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/share/weewx/weewx/reportengine.py", line 436, in run
> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine:
> **** n = ftp_data.run()
> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/share/weewx/weeutil/ftpupload.py", line 175, in run
> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine:
> **** ftp_server.login(self.user, self.password)
> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/lib/python3.9/ftplib.py", line 738, in login
> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine:
> **** self.auth()
> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/lib/python3.9/ftplib.py", line 749, in auth
> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine:
> **** self.sock = self.context.wrap_socket(self.sock,
> server_hostname=self.host)
> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket
> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine:
> **** return self.sslsocket_class._create(
> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/lib/python3.9/ssl.py", line 1040, in _create
> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine:
> **** self.do_handshake()
> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine:
> **** File "/usr/lib/python3.9/ssl.py", line 1309, in do_handshake
> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine:
> **** self._sslobj.do_handshake()
> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine:
> **** ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123)
> Jun 27 09:41:12 localhost weewx[30338] ERROR weewx.reportengine:
> ftpgenerator: Upload failed
>
> Le dimanche 26 juin 2022 à 21:44:40 UTC+2, [email protected] a écrit :
>
>> Try this version of weeutil/ftpupload.py. It will allow you to set a
>> customized cipher:
>>
>> [StdReport]
>> ...
>> [[FTP]]
>> ...
>> ciphers = 'DEFAULT@SECLEVEL=1'
>>
>> If it works, I'll put it in the code base.
>>
>> -tk
>>
>>
>> On Sun, Jun 26, 2022 at 10:21 AM Remy Lavabre <[email protected]>
>> wrote:
>>
>>> Thanks for your reply Tom. Unfortunately, the ftp to ftps modification
>>> of the host is not new... May 2019! so no need to explain to you that it
>>> will not change overnight...
>>> I thought of trying to modify your Ftp.py, but in the event of an update
>>> of weewx, everything will have to be redone...
>>> I opted for the option to modify the ssl.cnf file in /usr/ssl but it is
>>> far from ideal!
>>> is it possible to provide this kind of option at the level of weewx.conf
>>> during a future evolution?
>>> thanks tom
>>>
>>> Le dimanche 26 juin 2022 à 13:01:11 UTC+2, [email protected] a écrit :
>>>
>>>> A little Googling reveals that this problem is caused by outdated
>>>> libraries on the FTP server. The "set_ciphers" option requests than an
>>>> older, less secure, protocol be used on the client side in order to match
>>>> what the server has.
>>>>
>>>> We could add support for setting cipher levels, but, before doing that,
>>>> is there any way you can talk your service provider into updating their
>>>> libraries? It's the better approach.
>>>>
>>>> On Sun, Jun 26, 2022 at 12:45 AM Remy Lavabre <[email protected]>
>>>> wrote:
>>>>
>>>>> Hello,
>>>>> I would like to use WeeWX's FTP option.
>>>>> In Python, this works perfectly (WITH THE OPTION IN BOLD) :
>>>>>
>>>>>
>>>>> from ftplib import FTP_TLS
>>>>> import ssl
>>>>> import requests
>>>>>
>>>>> HOST='A'
>>>>> ID = 'B'
>>>>> MDP = 'C'
>>>>>
>>>>> def connect():
>>>>> ftp = FTP_TLS()
>>>>> ftp.debugging = 2
>>>>> * ftp.context.set_ciphers('DEFAULT@SECLEVEL=1')*
>>>>> ftp.connect(HOST)
>>>>> ftp.login(ID, MDP)
>>>>> return ftp
>>>>>
>>>>> ftp = connect()
>>>>> ftp.retrlines('LIST')
>>>>>
>>>>> Without this option '
>>>>> * ftp.context.set_ciphers('DEFAULT@SECLEVEL=1')'*, I always get the
>>>>> error: ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:997)
>>>>>
>>>>> *My question*: How to configure the FTPS option in weewx.conf to
>>>>> force the same configuration?
>>>>> Thanks a lot
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "weewx-user" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to [email protected].
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/weewx-user/74de0d09-fe98-4dc4-956a-0dd359f37bd4n%40googlegroups.com
>>>>>
>>>>> <https://groups.google.com/d/msgid/weewx-user/74de0d09-fe98-4dc4-956a-0dd359f37bd4n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "weewx-user" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>>
>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/weewx-user/6dfd9849-4b82-461f-a51e-a10cf594e42dn%40googlegroups.com
>>>
>>> <https://groups.google.com/d/msgid/weewx-user/6dfd9849-4b82-461f-a51e-a10cf594e42dn%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"weewx-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/weewx-user/5b8057dd-0588-489a-8191-3c0192575826n%40googlegroups.com.
