OFX Support
Linas Vepstas
linas@linas.org
Wed, 11 Dec 2002 10:45:47 -0600
On Tue, Dec 10, 2002 at 11:57:49PM -0500, bock@step.polymtl.ca was heard to remark:
> But I think now I approached this backwards. Once we get two-way communication
> working with a few banks (no reason to think we would fail, much of the hard
> part is done), we should build our own list of hostnames/port numbers and
> distribute it in the source.
Yes; I suppose in some file that the user could edit to add new
associations.
> It should be relatively easy to do since ofx
> travels over http, and would go something like this:
>
> -Fire up sniffer or connection monitor
> -Fire up Quicken, use direct connect with the bank we need the info for.
> -Note the hostname and portname of the connection that was generated
> -Send this info, along with bank's name and perhaps what was used as the
> username back to the LibOFX project.
I see several problems: the ofx servers are urls, and not
hostname/ports. Thus you need to have
https://ofx.server.com:443/cgi-bin/ofx-servlet/
and not just the knowledge that its ofx.server.comn port 443
Since the SSL connnection to ofx.server.com is opened before the
POST /cgi-bin/ofx-servlet/ HTTP/1.1
is sent, you don't have a way of sniffing out the whole URL.
Note also that some (most?) banks will use a redirect. This is not
a problem, but something you would have to deal with: e.g.
open SSL connection to www.mybank.com
GET /path/to/fake/ofx-server HTTP/1.1
which replies:
403 ReDirect https://ofx.mybank-carzy-domain.com/true-ofx-server/
so you close above, and open an SSL connection to
ofx.mybank-carzy-domain.com
and POST /true-ofx-server/
Note that in this case, the URL that GnuCash should remember is
https://www.mybank.com/path/to/fake/ofx-server
and *not* the real one-- that's because the real one might change,
but the 'fake' one will probably stay the same (??).
--------
The other potential problem is that some banks may be using a
'client certificate', and if so, this would be a pain; but I don't
think that this is done anywhere.
--
pub 1024D/01045933 2001-02-01 Linas Vepstas (Labas!) <linas@linas.org>
PGP Key fingerprint = 8305 2521 6000 0B5E 8984 3F54 64A9 9A82 0104 5933