Version compatibility issues - Re: openssl development work / paid

Tue May 4 05:24:35 UTC 2021

On 5/3/21 2:20 PM, Jan Just Keijser wrote:
> Just for the record:
>
> On 26/03/21 09:51, Embedded Devel wrote:
>> i now have a second developer looking at this, so hoping he can sort 
>> it all out.
>>
> [...]
>
> I was that second developer and even though 'Embedded Devel' listed 
> this as "paid" work and even though he made repeated promises about 
> following up on payment, I never did receive payment.
>
> I checked the email address and IP addresses used for this job and 
> found nothing terribly wrong. My conclusion is that either someone 
> hijacked an email address - meaning that Optimcloud is not a very 
> *safe* company to do business with -  or that 'Embedded Devel' at 
> Optimcloud simply thinks he can get away with this - meaning that 
> Optimcloud is not a very *trustworthy* company to do business with.
>
no actually, neither is the case. I submitted the work for payment, 
accounting inquired of the developer if it was all working and he stated 
it wasnt. So where it is, and its more i think we dont understand is 
when the client registers and is authorized it should generate a new xml 
config for the client, and right now there appears to be some mismatch, 
basically we have no idea how you had this working. so we are a month in 
from the work you did and i submitted payment for, and still have had 0 
reproducability. Ive even reviewed the document you sent, as has he, and 
we are missing something.

the database says

(6,'archer.optimcloud.com','0.0.0.0','60:32:b1:f8:9b:3a','mips','12345678','19.07.2','1.0.3','/etc/apconfig/CA/ac_ca_cert.pem','/etc/apconfig/CA/ac_client_cert.pem','/etc/apconfig/CA/ac_client_key.pem','none','2021-04-29 
07:28:53',1,1)

the ac_server logs says..... so is it a mismatched certificate ?

5]: DEBUG: generic blocked db query: SELECT * FROM blocked_systems WHERE 
mac="60:32:b1:f8:9b:3a";
May  4 07:07:22 portaladmin ac_server[24675]: DEBUG: generic new systems 
db query: SELECT * FROM new_systems WHERE mac="60:32:b1:f8:9b:3a";
May  4 07:07:22 portaladmin ac_server[24675]: DEBUG: generic systems db 
query: SELECT * FROM systems WHERE mac="60:32:b1:f8:9b:3a";
May  4 07:07:22 portaladmin ac_server[24675]: INFO:  Device Registration 
Process
May  4 07:07:22 portaladmin ac_server[24675]: DEBUG: db query: SELECT id 
FROM systems WHERE hostname="client.xi-group.com" and active='1' ORDER 
BY ID DESC LIMIT 1;
May  4 07:07:22 portaladmin ac_server[24675]: 
ac_gen_db_generate_conf_xml(): No such hostname: client.xi-group.com
May  4 07:07:22 portaladmin ac_server[24675]: DEBUG:  Sending ACK reply 
(INIT+XML config)
May  4 07:07:22 portaladmin ac_server[24675]: DEBUG: generic update last 
seen db query: UPDATE systems SET last_seen=NOW() WHERE 
hostname="client.xi-group.com";
May  4 07:07:22 portaladmin ac_server[24675]: DEBUG: generic update log 
db query: INSERT INTO logs(time, actor, action) VALUES (NOW(), 
'ac_server', 'AC_INIT from client: client.xi-group.com; XML Reply.');
the db says your hostname is archer 
(6,'archer.optimcloud.com','0.0.0.0','60:32:b1:f8:9b:3a','mips','12345678','19.07.2','1.0.3','/etc/apconfig/CA/ac_ca_cert.pem','/etc/apconfig/CA/ac_client_cert.pem','/etc/apconfig/CA/ac_client_key.pem','none','2021-04-29 
07:28:53',1,1)

> You have been warned.
>
> JJK
>
>
> On 26/03/21 09:51, Embedded Devel wrote:
>> i believe this was all from back in the 0.9x days, the code in 
>> question is close to 10+/- years old
>>
>> if everyone would look at the email thread  re: "ssl client write / 
>> server accept seems broken"
>>
>> some might see more of the issue i am facing, i have has 1 person 
>> look at this and he believes
>>
>> quote "
>>
>> This looks like using *very* outdated OpenSSL API. Hence the SSL
>> client (and server) code needs to ported to work with more recent
>> versions OpenSSL and make use of TLS methods instead of SSL methods.
>>
>> For testing you could try to build OpenSSL with the old SSL3 support
>> enabled (we don't even support that at all in OpenWrt any longer, but
>> should work to build manually).
>> Because ssl_undefined_function is most likely a result of:
>> Disabled features:
>> ...
>>     ssl3                    [default] OPENSSL_NO_SSL3
>>     ssl3-method             [default] OPENSSL_NO_SSL3_METHOD
>> ...
>>
>> If you find someone very familiar with OpenSSLs API (I've used it, more
>> than once, but it's not what I'm doing every day), this can be done in
>> a few days. I'd probably need a week for this and I'm not particularly
>> keen on it, there are things I'm better with which are waiting as well."
>>
>> i now have a second developer looking at this, so hoping he can sort 
>> it all out.
>>
>