3

I'm kinda at a loss here. Trying to set up proton with SSL / TLS access, but after creating the certificates with the (modified) shell scripts supplied by the AppDev-Pack and linking the keyring and everything in notes.ini, I always seem to get the error "Handshake failed with fatal error SSL_ERROR_SSL: error: 100000f7:SSL routines:OPENSSL_internal: WRONG_VERSION_NUMBER".

Tried both a windows and linux server, as well as using the accessing node.js app with and without certificates - but with no success.

Also tried the troubleshoot section of https://doc.cwpcollaboration.com/appdevpack/docs/en/proton-admin.html and it connected just fine, but won't if i connect with node.js.

Looks like the error is thrown before a certificate is even checked?

In this example the error is thrown after trying to get a document by UNID.

notes.ini (proton parts)

gRPC Client Error

If someone has an idea how to fix that issue or where to start - that would really help me.

Thanks in advance.

SvenS
  • 33
  • 1
  • 1
  • 3
  • Could you share the modified scripts (with sensitive info redacted)? – ddumont Jun 06 '19 at 18:30
  • It might also help if you could share the code to your test app. with config info, but without any passwords, certs, or keys. – ddumont Jun 06 '19 at 18:55
  • have you seen this ? http://blog.nashcom.de/nashcomblog.nsf/dx/appdevpack-security-setup-explained.htm?opendocument&comments – umeli Jun 07 '19 at 06:48
  • 1
    Problem was a missing secure flag, like Steve mentioned. I followed a tutorial where the credentials were set, but there was no secure flag as well, which i took for granted, that it'd work... – SvenS Jun 07 '19 at 07:13

1 Answers1

2

It appears that the client side does not have the secure flag set. At least I get a similar stack when I try to connect without TLS when the server expects TLS.

See the secure attribute when calling useServer() function, and you'll also need to provide the credentials attributes.

Steve Nikopoulos
  • 61
  • 4
  • And that did the trick - had credentials added and everything, but the secure flag was missing - thanks! – SvenS Jun 07 '19 at 07:10
  • Glad it worked. Any chance we can get a link to the tutorial which did not show the secure flag? Perhaps we can ask to have it updated. Thanks! – Steve Nikopoulos Jun 09 '19 at 14:20
  • It was on http://oliverbusse.notesx.net/hp.nsf/blogpost.xsp?documentId=2FF2 with the linked testproject located on https://gitlab.com/obusse/proton_blog/blob/master/client_cert/app.js - already left him a comment :) – SvenS Jun 11 '19 at 07:02