Raspbian buster : ne fonctionne pas

[Krys600]

Salut,

sur Ubuntu 19.10 ce script fonctionne mais impossible sur mon Raspberry Pi 4 4G

Ubuntu:

$ curl --version
curl 7.65.3 (x86_64-pc-linux-gnu) libcurl/7.65.3 OpenSSL/1.1.1c zlib/1.2.11 libidn2/2.2.0 libpsl/0.20.2 (+libidn2/2.0.5) libssh/0.9.0/openssl/zlib nghttp2/1.39.2 librtmp/2.3
Release-Date: 2019-07-19
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets

Raspbian :

$ curl --version
curl 7.64.0 (arm-unknown-linux-gnueabihf) libcurl/7.64.0 OpenSSL/1.1.1d zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
Release-Date: 2019-02-06
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

Voici la sortie depuis le rpi :

$ bash -x /usr/local/bin/iddns -u tmp -p <secret> -i 8.8.8.4 rapture.ch
+ VERSION=1.0.0
+ IDDNS_USERNAME=
+ IDDNS_PASSWORD=
+ IDDNS_GRABBER=https://api.ipify.org/
+ IDDNS_IP=
+ IDDNS_TIMESTAMPS=false
+ IDDNS_SILENT=false
+ getopts :c:u:p:i:g:tsv opt
+ case ${opt} in
+ opt_username=tmp
+ getopts :c:u:p:i:g:tsv opt
+ case ${opt} in
+ opt_password=<secret>
+ getopts :c:u:p:i:g:tsv opt
+ case ${opt} in
+ opt_ip=8.8.8.4
+ getopts :c:u:p:i:g:tsv opt
+ shift 6
+ IDDNS_HOSTNAME=rapture.ch
+ [[ rapture.ch = '' ]]
+ [[ -f /home/pi/.iddns ]]
+ [[ -f '' ]]
+ [[ -n tmp ]]
+ IDDNS_USERNAME=tmp
+ [[ -n <secret> ]]
+ IDDNS_PASSWORD=<secret>
+ [[ -n 8.8.8.4 ]]
+ IDDNS_IP=8.8.8.4
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ 8.8.8.4 = '' ]]
+ log 'Trying to make rapture.ch point to 8.8.8.4'
+ [[ false = false ]]
+ [[ false = true ]]
+ echo Trying to make rapture.ch point to 8.8.8.4
Trying to make rapture.ch point to 8.8.8.4
++ curl --silent --user tmp:<secret> 'https://infomaniak.com/nic/update?hostname=rapture.ch&myip=8.8.8.4'
+ OUTPUT=
+ case ${OUTPUT} in
+ log ''
+ [[ false = false ]]
+ [[ false = true ]]
+ echo+ exit 1

[nhedger]

Salut, quel est le résultat de la commande suivante:

curl -v --user "tmp:<secret>" "https://infomaniak.com/nic/update?hostname=rapture.ch&myip=8.8.8.4"

[Krys600]

Salut, voici comme demandé:

*   Trying 2001:1600:4:1::14...
* TCP_NODELAY set
* Expire in 149997 ms for 3 (transfer 0x13f9880)
* Expire in 200 ms for 4 (transfer 0x13f9880)
* Connected to infomaniak.com (2001:1600:4:1::14) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (OUT), TLS alert, handshake failure (552):
* error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type
* Closing connection 0
curl: (35) error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type

[Krys600]

J'ai aussi essayé d'actualiser les ca certs mais sans succès.

$ sudo update-ca-certificates -f

[nhedger]

Qu'en est-il de

curl -v --ciphers DEFAULT@SECLEVEL=1 --user "tmp:<secret>" "https://infomaniak.com/nic/update?hostname=rapture.ch&myip=8.8.8.4"

Possiblement en lien avec openssl/openssl#7126

[Krys600]

$ curl -v --ciphers DEFAULT@SECLEVEL=1 --user "tmp:<secret>" https://infomaniak.com/nic/update?hostname=rapture.ch&myip=8.8.8.8

*   Trying 2001:1600:4:1::14...
* TCP_NODELAY set
* Expire in 149997 ms for 3 (transfer 0x7ba880)
* Expire in 200 ms for 4 (transfer 0x7ba880)
* Connected to infomaniak.com (2001:1600:4:1::14) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: DEFAULT@SECLEVEL=1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: serialNumber=CHE103167648; jurisdictionC=CH; jurisdictionST=Geneva; jurisdictionL=Les Acacias; businessCategory=Private Organization; C=CH; postalCode=1227; ST=Geneva; L=Les Acacias; street=Rue Eug�ne-Marziano 25; O=Infomaniak Network SA; OU=COMODO EV Multi-Domain SSL; CN=www.infomaniak.com
*  start date: Mar  5 00:00:00 2019 GMT
*  expire date: Mar  4 23:59:59 2021 GMT
*  subjectAltName: host "infomaniak.com" matched cert's "infomaniak.com"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Extended Validation Secure Server CA
*  SSL certificate verify ok.
* Server auth using Basic with user 'tmp'
> GET /nic/update?hostname=rapture.ch HTTP/1.1
> Host: infomaniak.com
> Authorization: Basic dG1wOlVicm5KekxVVzJucA==
> User-Agent: curl/7.64.0
> Accept: */*
> 
< HTTP/1.1 400 Bad Request
< Cache-Control: no-cache
< Content-Type: text/plain; charset=UTF-8
< Date: Thu, 07 Nov 2019 17:35:25 GMT
< Server: Apache
< Set-Cookie: currency=eyJpdiI6InBucjhVblB2K0Z3WTU4eXh4SWFXajdEVm91OFRXMGs4RVwvZVNHVjAraW8wPSIsInZhbHVlIjoiRnJoTjhCNXlPUWlZQ1ZyOXUxY2xWTXl2dUhOZE9qdEFsc0p6cjEraERIND0iLCJtYWMiOiJmMzg4Njg3Mjk5MzI1NzM2YjY1YmFkNzMxNzhiNzE0Yzk5NTFhN2ZiMWU0OWM0NzcxZWU5YmRkOGQ1MmM5NjUyIn0%3D; expires=Fri, 06-Nov-2020 17:35:25 GMT; Max-Age=31536000; path=/; domain=.com; httponly
< Vary: Accept-Encoding
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< Content-Length: 13
< Connection: close
< 
* Closing connection 0
conflict AAAA
[1]+  Done                    curl -v --ciphers DEFAULT@SECLEVEL=1 --user "tmp:<secret>" https://infomaniak.com/nic/update?hostname=rapture.ch

HTTP/1.1 400 Bad Request là je comprend pas...

[nhedger]

Le bon signe c'est que ça passe désormais. Avant le handshake ne fonctionnait même pas. Maintenant tu as une erreur retournée par le service DynDNS.

Est-ce que tu es sûr de bien avoir exécuté

curl -v --ciphers DEFAULT@SECLEVEL=1 --user "tmp:<secret>" "https://infomaniak.com/nic/update?hostname=rapture.ch&myip=8.8.8.4"

Sur ta sortie on dirait que l'URL fournie à curl a été tronquée. Il manque &myip=8.8.8.4. Aurais-tu oublié d'englober l'URL dans des guillemets " ?

[Krys600]

C'est effectivement mieux avec les guillemets, j'ai une réponse 200 OK et l'adresse IP a bien pu se mettre à jour :-)

Merci pour tout !