Validation of OFX TLS Certificates?

Christoph R subscriptions+listen at rohland.net
Tue Jan 16 01:47:37 EST 2018


Hi Jeff,

I do not think that aqbanking checks against the system certificates. But you should have to accept a certificate only once. BUT when called directly from Gnucash aqbanking this does not work. It only remembers the certificate when called from the the command line e.g. with "/Applications/Gnucash.app/Contents/MacOS/aqbanking-cli request —balance”. After that it will only ask you again when the certificate changes. 

Cheers,
Christoph

> Am 16.01.2018 um 04:33 schrieb Jeff Kletsky <gnucash at allycomm.com>:
> 
> I haven't been able to find much on getting past AqBanking not verifying certificates for OFX connections.
> 
> https://wiki.gnucash.org/wiki/De/Setting_up_OFXDirectConnect_in_GnuCash_2 says to "blindly" accept them, which seems risky in this day and age. I found a question around it asked on the list, but unanswered on 2016-11-23, "OFX connection certificate troubles"
> 
> http://www.linuxsecurity.com/content/view/188984/102/ suggests that gwenhywfar was patched to "use system ca-certificates" in 2015.
> 
> Before I dig further into this, is there a way to have the certificates properly validated and, ideally, the revocation list checked? MacOS X here, but a "generic" solution as a framework would also help!
> 
> Thanks,
> 
> Jeff
> 
> 
> _______________________________________________
> gnucash-user mailing list
> gnucash-user at gnucash.org
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.



More information about the gnucash-user mailing list