After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 559670 - Aqbanking and Certificates
Aqbanking and Certificates
Status: RESOLVED FIXED
Product: GnuCash
Classification: Other
Component: Import - AqBanking
2.2.x
Other All
: Normal normal
: ---
Assigned To: Christian Stimming
Christian Stimming
Depends on:
Blocks: backport
 
 
Reported: 2008-11-06 22:05 UTC by Rainer Dorsch
Modified: 2018-06-29 22:12 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Add support for AqBanking's permanently accepted SSL certificates (4.32 KB, patch)
2009-04-05 21:03 UTC, Micha Lenk 		committed Details | Review

Description Rainer Dorsch 2008-11-06 22:05:27 UTC 
Hello,

the gnucash wiki describes in

http://wiki.gnucash.org/wiki/AqBanking#Retrieve_a_system_identification_number

"This command will ask you several questions. First it retrieves the server 
certificate and asks you whether you accept it. Then it asks whether you want 
to accept the certificate only this session or forever."

I do not see any more the question if I want to accept the certificat forever. 
Instead I get querried for each transaction multiple times, if I want to 
accept this certificate, which always has the same hash value. I think I 
observed this behavior since I upgraded to gnucash 2.2.7/aqbanking 3.8.0.

Micha Lenk mentions that this is a known gnucash problem without a bug report:

http://lists.gnucash.org/pipermail/gnucash-devel/2008-November/024230.html

Thanks,
Rainer
Comment 1 Micha Lenk 2009-04-05 21:03:12 UTC 
Created attachment 132147 [details] [review]
Add support for AqBanking's permanently accepted SSL certificates

The attached patch fixes part of the problem for AqBanking 4.x (or newer).

The patch queries the certificates that have been accepted during the AqBanking setup procedure. A hash of every single such certificate is stored by AqBanking 4.x under $HOME/.aqbanking/settings/shared/certs.conf.

For older versions of AqBanking the patch does nothing (yet). The main difference is where AqBanking stores the hashes for such certificates. I've added a FIXME comment on the appropriate place where code for older AqBanking versions should be added.

I've successfully checked the patch with Gnucash 2.2.9, but it should also apply cleanly to SVN trunk.
Comment 2 Christian Stimming 2009-04-06 19:12:07 UTC 
I was about to commit this, but currently I don't get access to SVN. The patch is fine except that in the non-aqbanking4 #ifdef, the variable "rv" isn't being initialized, which needs to be added.
Comment 3 Christian Stimming 2009-04-10 20:23:09 UTC 
Trunk r18037, thanks a lot!
Comment 4 Rolf Leggewie 2009-05-10 21:50:35 UTC 
closing as the patch has been committed to trunk
Comment 5 Rainer Dorsch 2009-05-12 21:25:24 UTC 
I applied

svn merge -c r18037 http://svn.gnucash.org/repo/gnucash/trunk

a fresh 2.2.x branch checkout

http://svn.gnucash.org/repo/gnucash/branches/2.2

and gnucash still asks many times for accepting the (same) certificate. I am using aqbanking 3.8.2.

Rainer
Comment 6 John Ralls 2018-06-29 22:12:06 UTC 
GnuCash bug tracking has moved to a new Bugzilla host. This bug has been copied to https://bugs.gnucash.org/show_bug.cgi?id=559670. Please update any external references or bookmarks.