[GNC] AqBanking help for Citi CC

Jim Maki jim.maki at bitbender.org
Sun Oct 28 03:20:21 EDT 2018 

Three areas of comment to some potential problem areas ...



===========> Windows certificate bundle is OK

To verify the Windows certificate file is not an issue I copied the the 
following certificate bundle from Windows to Ubuntu:
     C:\Program Files (x86)\gnucash\share\gwenhywfar\ca-bundle.crt

On Ubuntu, Citi's cert was validated using the Windows cert bundle via 
the following command:
     curl ... \
         --cacert ca-bundle.crt --capath . \
         https://www.accountonline.com/cards/svc/CitiOfxManager.do

So the Windows GnuCash certificate bundle is not the issue.


===========> Error on gnutls_bye: -24 might be some password issue

Looking at:

     http://mcs.une.edu.au/doc/manual/gnutls.html

the theme for error code -24 (GNUTLS_E_DECRYPTION_FAILED) was about 
passwords, either no password, password not in ASCII, wrong, ... . This 
is a certificate password vs your password which is passed in the OFX 
XML and not used in the connection setup.



===========> Comparing your vs my system output - where does it differ?


Can you compare your system with the following from my Windows 10?

On a powershell terminal session see what's the default text encoding 
via "[System.Text.Encoding]::Default":

   PS===> [System.Text.Encoding]::Default

   IsSingleByte      : True
   BodyName          : iso-8859-1
   EncodingName      : Western European (Windows)
   HeaderName        : Windows-1252
   WebName           : Windows-1252
   WindowsCodePage   : 1252
   IsBrowserDisplay  : True
   IsBrowserSave     : True
   IsMailNewsDisplay : True
   IsMailNewsSave    : True
   EncoderFallback   : System.Text.InternalEncoderBestFitFallback
   DecoderFallback   : System.Text.InternalDecoderBestFitFallback
   IsReadOnly        : True
   CodePage          : 1252


On a DOS terminal session get the OS version via "ver":

   ===> ver
   Microsoft Windows [Version 10.0.17134.376]


On the same DOS terminal see the AqBanking version:

   ===> cd "C:\Program Files (x86)\gnucash\bin"
   ===> aqbanking-cli.exe  versions
   3:2018/10/27 
21-25-19:gwen(5224):C:/gcdev64/gnucash/releases/src/gwenhywfar-4.20.0/src/base/i18n.c: 
120: No translation found for WIN32 locale [English_United States.1252]
   Versions:
    AqBanking-CLI: 5.7.8
    Gwenhywfar   : 4.20.0.0
    AqBanking    : 5.7.8.0


AqBanking version 5.7.8 looks like the latest:
   https://www.aquamaniac.de/sites/download/packages.php


Run aqbanking-cli to show your accounts (note the locale error message):

   ===> REM Show the account to work with
   ===> aqbanking-cli  listaccs
   3:2018/10/27 
20-20-43:gwen(8124):C:/gcdev64/gnucash/releases/src/gwenhywfar-4.20.0/src/base/i18n.c: 
120: No translation found for WIN32 locale [English_United States.1252]
   Account www.accountonline.com   YOURCCACCOUNT www.accountonline.com   
Citigroup


Make a request that will show the details of the cert request (password 
required).
I'd be curious as to how your output differs:

   ===> aqbanking-cli  request --balance
   3:2018/10/27 
20-14-37:gwen(10536):C:/gcdev64/gnucash/releases/src/gwenhywfar-4.20.0/src/base/i18n.c: 
120: No translation found for WIN32 locale [English_United States.1252]
   ===== Executing Jobs =====
   AqBanking v5.7.8.0stable
   Sending jobs to the bank(s)
   Locking user YOURUSERID
   ===== Enter Password =====
   Please enter the password for user YOURUSERID
   Input: YOURPASSWORD
   3:2018/10/27 
20-14-44:(null)(10536):C:/gcdev64/gnucash/releases/src/aqbanking-5.7.8/src/plugins/backends/aqofxconnect/plugin/network.c: 
82: Saving response in "/tmp/ofx.log" ...
   Saving communication log to /tmp/ofx.log
   Sending request...
   Connecting to server...
   Resolving hostname "www.accountonline.com" ...
   IP address is "104.65.4.169"
   Connecting to "www.accountonline.com"
   Connected to "www.accountonline.com"
   Using GnuTLS default ciphers.
   TLS: SSL-Ciphers negotiated: TLS1.2:ECDHE-RSA-AES-256-GCM:AEAD
   Signer not found
   Certificate is not trusted
   5:2018/10/27 
20-14-44:aqbanking(10536):C:/gcdev64/gnucash/releases/src/aqbanking-5.7.8/src/libs/aqbanking/gui/abgui.c: 
165: Automatically accepting certificate 
[D0:7D:90:E7:63:F0:59:E0:CE:D2:62:82:61:4A:68:68]
   Connected.
   Sending message...
   Message sent.
   Waiting for response...
   Receiving response...
   HTTP-Status: 200 (OK)
   Response received.
   Disconnecting from server...
   Disconnected.
   Parsing response...
   3:2018/10/27 
20-14-45:(null)(10536):C:/gcdev64/gnucash/releases/src/aqbanking-5.7.8/src/plugins/backends/aqofxconnect/plugin/network.c: 
171: Saving response in "/tmp/ofx.log" ...
   Parsing response
   Status for signon request: Success (Code 0, severity "INFO")
   The server successfully processed the request.
   Status for transaction statement request: Success (Code 0, severity 
"INFO")
   The server successfully processed the request.
   Unlocking user YOURUSERID
   Executing Jobs: 1 of 1
   Postprocessing jobs
   Job Get Balance: finished
   Resetting provider queues
   Executing Jobs: Finished.
   ...

At some point yours will differ and that may give a hint. I assume your 
AqBanking users/accounts is similar to the one I provided previously.

   Jim

More information about the gnucash-user mailing list