Skip to content

WIP: Fix plaintext being used when TLS expected (HTTPS) #213

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
AndrewPaglusch wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

WIP: Fix plaintext being used when TLS expected (HTTPS) #213

AndrewPaglusch wants to merge 2 commits into from

Conversation

@AndrewPaglusch
Copy link

@AndrewPaglusch AndrewPaglusch commented Jun 4, 2025
edited
Loading

I'm working towards fixing the issue described in #211. When PROTOCOL_HTTPS_GET or PROTOCOL_HTTPS_POST are configured, traffic is sent plaintext over TCP443 to the server. I am also fixing other issues that I've come across concerning GET/POST via WiFi and cellular.

@AndrewPaglusch
Copy link
Author

AndrewPaglusch commented Jun 4, 2025

@stanleyhuangyc I would appreciate your input if you have the time. I'm trying to figure out why I'm running into the following issue. An HTTP 400 error is being returned when connected to WiFi. I've verified the traffic is encrypted now, which is a huge improvement. I suspect the error is caused due to missing queryparams in the URL, but I'm not positive:

Traefik logs (in front of Traccar)

10.151.100.199 - - [04/Jun/2025:09:22:35 +0000] "GET /update/notify/REDACTEDCLIENTID?EV=1&SSI=0&VIN= HTTP/1.1" 400 0 "-" "-" 189179 "traccar-update@docker" "http://172.18.0.5:5055" 2ms

NOTE: /update is proxied to the OSMAnd port of Traccar by Traefik

Serial output:

File: /DATA/70.CSV
[WIFI] Joining SSID:REDACTED
[WIFI] IP:10.151.100.199
[BUF] 3 samples | 30 bytes | 1/32
LOGIN(tracker.REDACTED.com:443)...
[BUF] 6 samples | 60 bytes | 2/32
[NET] Login failed
[CELL] Activating...
CELL:SIM7600A-H
IMEI:REDACTED
[CELL] Searching...
APN:hologram
[BUF] 12 samples | 120 bytes | 4/32
[BUF] 18 samples | 180 bytes | 6/32
[BUF] 24 samples | 240 bytes | 8/32
[BUF] 30 samples | 300 bytes | 10/32
[BUF] 36 samples | 360 bytes | 12/32
[...]

@AndrewPaglusch
Copy link
Author

AndrewPaglusch commented Jun 5, 2025

I believe calls to the /notify endpoint (/update/notify in my case) are specifically for the Freematics protocol and aren't part of the OsmAnd spec, which explains why Traccar is responding with a HTTP 400 when it receives this request over the OsmAnd port. I'm not certain why this endpoint is being called when OsmAnd is being used. I have SERVER_PROTOCOL set to PROTOCOL_HTTPS_GET, so according to the docs, OsmAnd should be used when I have that configured:

UDP mode implements a telemetry client for Freematics Hub and Traccar. HTTP(s) mode implements OsmAnd protocol with additional data sent as POST payload.

Still plugging away at this PR...

@AndrewPaglusch
Copy link
Author

AndrewPaglusch commented Jun 5, 2025

It looks like I have two problems to figure out with my latest commit applied:

  1. I need to increase a buffer. What one? Not sure...
[ 20197][V][ssl_client.cpp:381] send_ssl_data(): Handling error -27136
[ 20203][E][ssl_client.cpp:37] _handle_error(): [send_ssl_data():382]: (-27136) SSL - A buffer is too small to receive or write a message
  1. Multiple failed SSL sessions exhaust the memory and eventually lead to a panic. This will probably be resolved if problem 1 is resolved, but some logic to free up memory after SSL failures would be good to add.
[ 34745][E][ssl_client.cpp:37] _handle_error(): [start_ssl_client():264]: (-32512) SSL - Memory allocation failed
[ 34755][E][WiFiClientSecure.cpp:144] connect(): start_ssl_client: -32512
[ 34764][V][ssl_client.cpp:321] stop_ssl_socket(): Cleaning SSL connection.
Guru Meditation Error: Core  1 panic'ed (LoadProhibited). Exception was unhandled.

Core  1 register dump:
PC      : 0x400dca19  PS      : 0x00060b30  A0      : 0x800dd696  A1      : 0x3ffd24c0  
A2      : 0x3ffc3f74  A3      : 0x3ffdc934  A4      : 0x000003e8  A5      : 0x00000000  
A6      : 0x3ffd24cc  A7      : 0x00000020  A8      : 0x00000000  A9      : 0x3ffd2130  
A10     : 0x00000000  A11     : 0x3ffdc934  A12     : 0x0000002b  A13     : 0x3ffd2340  
A14     : 0x0000002b  A15     : 0x3ffd2340  SAR     : 0x00000004  EXCCAUSE: 0x0000001c  
EXCVADDR: 0x00000000  LBEG    : 0x4008b09d  LEND    : 0x4008b0ad  LCOUNT  : 0xfffffffa  


Backtrace: 0x400dca16:0x3ffd24c0 0x400dd693:0x3ffd2500 0x400d34e8:0x3ffd2520 0x400d362c:0x3ffd2540 0x400d47ee:0x3ffd2630




ELF file SHA256: c1fb576ed3fb6d32

Rebooting...

Full Log

SD:29832 MB total, 2 MB used
File: /DATA/78.CSV
[WIFI] Joining SSID:REDACTED
[ 15512][D][WiFiGeneric.cpp:1040] _eventCallback(): Arduino Event: 0 - WIFI_READY
[ 15600][V][WiFiGeneric.cpp:341] _arduino_event_cb(): STA Started
[ 15602][V][WiFiGeneric.cpp:97] set_esp_interface_ip(): Configuring Station static IP: 0.0.0.0, MASK: 0.0.0.0, GW: 0.0.0.0
[ 15619][D][WiFiGeneric.cpp:1040] _eventCallback(): Arduino Event: 2 - STA_START
[ 17760][V][WiFiGeneric.cpp:356] _arduino_event_cb(): STA Connected: SSID: REDACTED, BSSID: REDACTED, Channel: 6, Auth: WPA3_PSK
[ 17773][D][WiFiGeneric.cpp:1040] _eventCallback(): Arduino Event: 4 - STA_CONNECTED
[ 17839][V][WiFiGeneric.cpp:370] _arduino_event_cb(): STA Got New IP:10.151.100.199
[ 17847][D][WiFiGeneric.cpp:1040] _eventCallback(): Arduino Event: 7 - STA_GOT_IP
[ 17855][D][WiFiGeneric.cpp:1103] _eventCallback(): STA IP: 10.151.100.199, MASK: 255.255.255.0, GW: 10.151.100.1
[WIFI] IP:10.151.100.199
[ 17968][V][ssl_client.cpp:62] start_ssl_client(): Free internal heap before TLS 188928
[ 17976][V][ssl_client.cpp:68] start_ssl_client(): Starting socket
[ 18011][V][ssl_client.cpp:146] start_ssl_client(): Seeding the random number generator
[ 18020][V][ssl_client.cpp:155] start_ssl_client(): Setting up the SSL/TLS structure...
[ 18030][D][ssl_client.cpp:176] start_ssl_client(): WARNING: Skipping SSL Verification. INSECURE!
[ 18039][V][ssl_client.cpp:254] start_ssl_client(): Setting hostname for TLS session...
[ 18047][V][ssl_client.cpp:269] start_ssl_client(): Performing the SSL/TLS handshake...
[BUF] 3 samples | 30 bytes | 1/32
[ 19999][V][ssl_client.cpp:290] start_ssl_client(): Verifying peer X.509 certificate...
[ 20007][V][ssl_client.cpp:298] start_ssl_client(): Certificate verified.
[ 20014][V][ssl_client.cpp:313] start_ssl_client(): Free internal heap after TLS 147148
[NET] Skipping notify call - assuming OsmAnd protocol
RSSI:-60dBm
[DAT] 0:19993,24:369,20:0.01;0.01;0.04,82:33*9B
[ 20074][V][ssl_client.cpp:62] start_ssl_client(): Free internal heap before TLS 146832
[ 20085][V][ssl_client.cpp:68] start_ssl_client(): Starting socket
[ 20113][V][ssl_client.cpp:146] start_ssl_client(): Seeding the random number generator
[ 20123][V][ssl_client.cpp:155] start_ssl_client(): Setting up the SSL/TLS structure...
[ 20131][D][ssl_client.cpp:176] start_ssl_client(): WARNING: Skipping SSL Verification. INSECURE!
[ 20140][V][ssl_client.cpp:254] start_ssl_client(): Setting hostname for TLS session...
[ 20148][V][ssl_client.cpp:269] start_ssl_client(): Performing the SSL/TLS handshake...
[ 20156][V][ssl_client.cpp:290] start_ssl_client(): Verifying peer X.509 certificate...
[ 20164][V][ssl_client.cpp:298] start_ssl_client(): Certificate verified.
[ 20171][V][ssl_client.cpp:313] start_ssl_client(): Free internal heap after TLS 110016
[WIFI] /update/push?id=REDACTED&timestamp=&lat=0.000000&lon=0.000000&altitude=0&speed=0.000000&heading=0
[ 20179][V][ssl_client.cpp:369] send_ssl_data(): Writing HTTP request with 166 bytes...
[ 20197][V][ssl_client.cpp:381] send_ssl_data(): Handling error -27136
[ 20203][E][ssl_client.cpp:37] _handle_error(): [send_ssl_data():382]: (-27136) SSL - A buffer is too small to receive or write a message
[ 20218][V][ssl_client.cpp:321] stop_ssl_socket(): Cleaning SSL connection.
[BUF] 4 samples | 38 bytes | 1/32
[HTTP] No response
Timeouts: OBD:0 Network:1
[ 25226][V][ssl_client.cpp:62] start_ssl_client(): Free internal heap before TLS 152936
[ 25238][V][ssl_client.cpp:68] start_ssl_client(): Starting socket
[ 25281][V][ssl_client.cpp:146] start_ssl_client(): Seeding the random number generator
[ 25290][V][ssl_client.cpp:155] start_ssl_client(): Setting up the SSL/TLS structure...
[ 25298][D][ssl_client.cpp:176] start_ssl_client(): WARNING: Skipping SSL Verification. INSECURE!
[ 25307][V][ssl_client.cpp:254] start_ssl_client(): Setting hostname for TLS session...
[ 25315][V][ssl_client.cpp:269] start_ssl_client(): Performing the SSL/TLS handshake...
[ 27333][V][ssl_client.cpp:290] start_ssl_client(): Verifying peer X.509 certificate...
[ 27341][V][ssl_client.cpp:298] start_ssl_client(): Certificate verified.
[ 27348][V][ssl_client.cpp:313] start_ssl_client(): Free internal heap after TLS 111916
[DAT] 0:27323,24:365,20:0;0;0,82:34*DA
[ 27357][V][ssl_client.cpp:62] start_ssl_client(): Free internal heap before TLS 111784
[ 27368][V][ssl_client.cpp:68] start_ssl_client(): Starting socket
[ 27384][V][ssl_client.cpp:146] start_ssl_client(): Seeding the random number generator
[ 27394][V][ssl_client.cpp:155] start_ssl_client(): Setting up the SSL/TLS structure...
[ 27402][D][ssl_client.cpp:176] start_ssl_client(): WARNING: Skipping SSL Verification. INSECURE!
[ 27410][V][ssl_client.cpp:254] start_ssl_client(): Setting hostname for TLS session...
[ 27419][V][ssl_client.cpp:269] start_ssl_client(): Performing the SSL/TLS handshake...
[ 27427][V][ssl_client.cpp:290] start_ssl_client(): Verifying peer X.509 certificate...
[ 27435][V][ssl_client.cpp:298] start_ssl_client(): Certificate verified.
[ 27441][V][ssl_client.cpp:313] start_ssl_client(): Free internal heap after TLS 74972
[WIFI] /update/push?id=REDACTED&timestamp=&lat=0.000000&lon=0.000000&altitude=0&speed=0.000000&heading=0
[ 27450][V][ssl_client.cpp:369] send_ssl_data(): Writing HTTP request with 166 bytes...
[ 27467][V][ssl_client.cpp:381] send_ssl_data(): Handling error -27136
[ 27474][E][ssl_client.cpp:37] _handle_error(): [send_ssl_data():382]: (-27136) SSL - A buffer is too small to receive or write a message
[ 27488][V][ssl_client.cpp:321] stop_ssl_socket(): Cleaning SSL connection.
[BUF] 7 samples | 68 bytes | 2/32
[HTTP] No response
Timeouts: OBD:0 Network:2
[ 32495][V][ssl_client.cpp:62] start_ssl_client(): Free internal heap before TLS 118552
[ 32507][V][ssl_client.cpp:68] start_ssl_client(): Starting socket
[ 32524][V][ssl_client.cpp:146] start_ssl_client(): Seeding the random number generator
[ 32533][V][ssl_client.cpp:155] start_ssl_client(): Setting up the SSL/TLS structure...
[ 32541][D][ssl_client.cpp:176] start_ssl_client(): WARNING: Skipping SSL Verification. INSECURE!
[ 32550][V][ssl_client.cpp:254] start_ssl_client(): Setting hostname for TLS session...
[ 32558][V][ssl_client.cpp:269] start_ssl_client(): Performing the SSL/TLS handshake...
[ 34657][V][ssl_client.cpp:290] start_ssl_client(): Verifying peer X.509 certificate...
[ 34665][V][ssl_client.cpp:298] start_ssl_client(): Certificate verified.
[ 34671][V][ssl_client.cpp:313] start_ssl_client(): Free internal heap after TLS 77508
RSSI:-56dBm
[DAT] 0:34648,24:351,20:0;0;0,82:34*DD
[ 34681][V][ssl_client.cpp:62] start_ssl_client(): Free internal heap before TLS 77508
[ 34692][V][ssl_client.cpp:68] start_ssl_client(): Starting socket
[ 34710][V][ssl_client.cpp:146] start_ssl_client(): Seeding the random number generator
[ 34720][V][ssl_client.cpp:155] start_ssl_client(): Setting up the SSL/TLS structure...
[ 34728][D][ssl_client.cpp:176] start_ssl_client(): WARNING: Skipping SSL Verification. INSECURE!
[ 34737][V][ssl_client.cpp:254] start_ssl_client(): Setting hostname for TLS session...
[ 34745][E][ssl_client.cpp:37] _handle_error(): [start_ssl_client():264]: (-32512) SSL - Memory allocation failed
[ 34755][E][WiFiClientSecure.cpp:144] connect(): start_ssl_client: -32512
[ 34764][V][ssl_client.cpp:321] stop_ssl_socket(): Cleaning SSL connection.
Guru Meditation Error: Core  1 panic'ed (LoadProhibited). Exception was unhandled.

Core  1 register dump:
PC      : 0x400dca19  PS      : 0x00060b30  A0      : 0x800dd696  A1      : 0x3ffd24c0  
A2      : 0x3ffc3f74  A3      : 0x3ffdc934  A4      : 0x000003e8  A5      : 0x00000000  
A6      : 0x3ffd24cc  A7      : 0x00000020  A8      : 0x00000000  A9      : 0x3ffd2130  
A10     : 0x00000000  A11     : 0x3ffdc934  A12     : 0x0000002b  A13     : 0x3ffd2340  
A14     : 0x0000002b  A15     : 0x3ffd2340  SAR     : 0x00000004  EXCCAUSE: 0x0000001c  
EXCVADDR: 0x00000000  LBEG    : 0x4008b09d  LEND    : 0x4008b0ad  LCOUNT  : 0xfffffffa  


Backtrace: 0x400dca16:0x3ffd24c0 0x400dd693:0x3ffd2500 0x400d34e8:0x3ffd2520 0x400d362c:0x3ffd2540 0x400d47ee:0x3ffd2630




ELF file SHA256: c1fb576ed3fb6d32

Rebooting...

@AndrewPaglusch
Copy link
Author

AndrewPaglusch commented Jun 12, 2025

If anyone is open to collaborating on this PR, I would certainly appreciate some assistance. I'm still experiencing the issue described in my last update and have made no significant progress.

@coolham123
Copy link

coolham123 commented Jul 21, 2025

I am also having this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AndrewPaglusch @coolham123