Bug #863

cannot connect to Banque Postale

Added by Anonymous about 4 years ago. Updated over 3 years ago.

Status:Resolved Start:2012-05-09
Priority:Normal Due date:
Assigned to:- % Done:

0%

Category:Modules Spent time: -
Target version:0.d
Module:bp Branch:

Description

When I try to test a bank account with La Banque Postale, no connection is obtained.

Since I am a new user, I may have done something wrong. Please, do not hesitate to contact me.

Here is the output of boobank --debug when using the list command.

2012-05-09 08:57:20,152:DEBUG:bcall:bcall.py:80:__init__ Creating a new thread for <Backend 'bp'>
2012-05-09 08:57:20,153:DEBUG:bcall:bcall.py:100:_caller <Backend 'bp'>: Thread created successfully
2012-05-09 08:57:20,153:DEBUG:bcall:bcall.py:105:_caller <Backend 'bp'>: Calling function <bound method Boobank._do_complete of weboob.applications.boobank.boobank.Boobank object at 0x15e5210>>
2012-05-09 08:57:20,153:DEBUG:bcall:bcall.py:114:_caller <Backend 'bp'>: Called function <bound method Boobank._do_complete of weboob.applications.boobank.boobank.Boobank object at 0x15e5210>> returned: <generator object _do_complete_iter at 0x16bf0f0>
2012-05-09 08:58:20,226:DEBUG:root:decorators.py:43:f_retry <urlopen error [Errno 104] Connection reset by peer> url="https://voscomptesenligne.labanquepostale.fr/wsost/OstBrokerWeb/loginform?AM_OP=login&ERROR_CODE=0x00000000&URL=%2Fvoscomptes%2FcanalXHTML%2Fidentif.ea%3Forigin%3Dparticuliers"), Retrying in 3 seconds...
2012-05-09 08:59:23,275:DEBUG:root:decorators.py:43:f_retry <urlopen error [Errno 104] Connection reset by peer> (url="https://voscomptesenligne.labanquepostale.fr/wsost/OstBrokerWeb/loginform?TAM_OP=login&ERROR_CODE=0x00000000&URL=%2Fvoscomptes%2FcanalXHTML%2Fidentif.ea%3Forigin%3Dparticuliers"), Retrying in 6 seconds...
2012-05-09 09:01:29,354:DEBUG:root:decorators.py:43:f_retry <urlopen error [Errno 104] Connection reset by peer> (url="https://voscomptesenligne.labanquepostale.fr/voscomptes/canalXHTML/comptesCommun/synthese_assurancesEtComptes/rechercheContratAssurance-synthese.ea"), Retrying in 3 seconds...
2012-05-09 09:02:32,394:DEBUG:root:decorators.py:43:f_retry <urlopen error [Errno 104] Connection reset by peer> (url="https://voscomptesenligne.labanquepostale.fr/voscomptes/canalXHTML/comptesCommun/synthese_assurancesEtComptes/rechercheContratAssurance-synthese.ea"), Retrying in 6 seconds...
Error(bp): <urlopen error [Errno 104] Connection reset by peer> (url="https://voscomptesenligne.labanquepostale.fr/voscomptes/canalXHTML/comptesCommun/synthese_assurancesEtComptes/rechercheContratAssurance-synthese.ea")

aaa - Patch to dynamically patch python ssl bindings and enforce TLSv1 version (1.1 KB) Jean-Christophe Dubacq, 10/4/2012 12:11 am

Associated revisions

Revision 8c9409930bf9666accd32b6d1e8ac7eeb636a075
Added by Romain Bignon over 3 years ago

workaround to libssl 1.0.1c bug (closes #863)

History

Updated by Romain Bignon about 4 years ago

  • Category set to Modules
  • Status changed from New to Rejected
  • Module set to bp

There is a bug in openssl 1.0.1 with some websites with TLS : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666051

I suggest you to install an older version (for example 1.0.0h) or to upgrade to 1.0.1b.

Updated by Jean-Christophe Dubacq about 4 years ago

Romain Bignon wrote:

There is a bug in openssl 1.0.1 with some websites with TLS : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666051

I suggest you to install an older version (for example 1.0.0h) or to upgrade to 1.0.1b.

Hi! Thank you !

Installing 1.0.0h solved the issue. Installing 1.0.1b (which, AFAIK, was the installed version anyway), did not solve the issue.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666051 seems to indicate that this upload is not perfect for all sites, and La Banque Postale is possibly one of them.

BTW, I created an account. If somebody has this power, I was the original poster.
I think this bug should be left opened as long as the BP site interacts badly with current versions of libssl.

Updated by Jean-Christophe Dubacq about 4 years ago

Romain Bignon wrote:

There is a bug in openssl 1.0.1 with some websites with TLS : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666051

I suggest you to install an older version (for example 1.0.0h) or to upgrade to 1.0.1b.

libssl1.0.0:amd64 1.0.1c-1 is still not working. Other applications are compiled only with 1.0.1, and thus maintaining 1.0.0h installed becomes more and more difficult.

Updated by f. c. almost 4 years ago

Also have the probleme with libssl 1.0.1c-4.
But can connect to labanquepostale with lynx. How does the navigator connect with the server ? can't you use the same method ?

Updated by Florent Fourcot almost 4 years ago

Lynx does not use Openssl but libgnutls, this is why it works with.

There is a python biding for libgnutls (http://pypi.python.org/pypi/python-gnutls) but we do not have the choice to use it, the dependency to openssl is somewhere in HTTP library.

Updated by Jean-Christophe Dubacq over 3 years ago

Still bugging on debian. I reopened the http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666051

However, it is linked to rt.openssl.org #2771, and there, they believe it is fixed. But it is not
(the patches there were integrated in Debian, but still not working with banquepostale.fr).

Updated by Jean-Christophe Dubacq over 3 years ago

Note that I fixed this by simply patching httplib.py:sudo vi +1161 /usr/lib/python2.7/httplib.py
self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
becomes
self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=ssl.PROTOCOL_TLSv1)

...and voilà!

I am not knowledgeable in python, I wonder if one could dynamically override this method...

Updated by Jean-Christophe Dubacq over 3 years ago

  • File aaa added

To be inserted at the end of bp/backend.py

I am not really familiar with the architecture of weboob (I do not know when backends are loaded).
I expect this will only stop the ability of boobank to load with generic sslv23 support for
people with multiple account and banks not supporting TLSv1, but I cannot test that. But hey, if
we do not do that, then they won't be able to use bp module anyway on debian+ubuntu (and, I suspect,
most recent Linux systems).

Updated by Jean-Christophe Dubacq over 3 years ago

BTW, if somebody has this power, I was the original poster of this bug. Is it possible to change this?

Updated by Romain Bignon over 3 years ago

  • Status changed from Rejected to Resolved
  • Target version set to 0.d

Also available in: Atom PDF