[GNC] AqBanking help for Citi CC
Fross, Michael
michael at fross.org
Sun Oct 28 20:11:58 EDT 2018
Thanks a lot for the help Jim. I'm responded to your questions inline in
RED (assuming your mail client support colors) prefaced with [FROSS].
Your information is really helpful Jim and I appreciate the time you took
to respond. Given I can download the Chase information successfully, it
seems like AQBanking is working.....but not sure why CITI works on Ubuntu
but not Windows. I could only test v3.2 on Ubuntu, so I think I'll
downgrade my Windows version to v3.2 and see if that works. It's a bit
more of an "apples to apples" comparison.
Michael
On Sun, Oct 28, 2018 at 2:22 AM Jim Maki via gnucash-user <
gnucash-user at gnucash.org> wrote:
>
> Three areas of comment to some potential problem areas ...
>
>
>
> ===========> Windows certificate bundle is OK
>
> To verify the Windows certificate file is not an issue I copied the the
> following certificate bundle from Windows to Ubuntu:
> C:\Program Files (x86)\gnucash\share\gwenhywfar\ca-bundle.crt
>
> On Ubuntu, Citi's cert was validated using the Windows cert bundle via
> the following command:
> curl ... \
> --cacert ca-bundle.crt --capath . \
> https://www.accountonline.com/cards/svc/CitiOfxManager.do
>
> So the Windows GnuCash certificate bundle is not the issue.
>
>
> ===========> Error on gnutls_bye: -24 might be some password issue
>
> Looking at:
>
> http://mcs.une.edu.au/doc/manual/gnutls.html
>
> the theme for error code -24 (GNUTLS_E_DECRYPTION_FAILED) was about
> passwords, either no password, password not in ASCII, wrong, ... . This
> is a certificate password vs your password which is passed in the OFX
> XML and not used in the connection setup.
>
>
>
> ===========> Comparing your vs my system output - where does it differ?
>
>
> Can you compare your system with the following from my Windows 10?
>
> On a powershell terminal session see what's the default text encoding
> via "[System.Text.Encoding]::Default":
>
> PS===> [System.Text.Encoding]::Default
>
> IsSingleByte : True
> BodyName : iso-8859-1
> EncodingName : Western European (Windows)
> HeaderName : Windows-1252
> WebName : Windows-1252
> WindowsCodePage : 1252
> IsBrowserDisplay : True
> IsBrowserSave : True
> IsMailNewsDisplay : True
> IsMailNewsSave : True
> EncoderFallback : System.Text.InternalEncoderBestFitFallback
> DecoderFallback : System.Text.InternalDecoderBestFitFallback
> IsReadOnly : True
> CodePage : 1252
>
> [FROSS] My output matches yours.
>
> On a DOS terminal session get the OS version via "ver":
>
> ===> ver
> Microsoft Windows [Version 10.0.17134.376]
>
[FROSS] Mine seem seems to be a bit of an older build: Microsoft Windows
[Version 10.0.17134.345]
>
> On the same DOS terminal see the AqBanking version:
>
> ===> cd "C:\Program Files (x86)\gnucash\bin"
> ===> aqbanking-cli.exe versions
> 3:2018/10/27
> 21-25-19:gwen(5224):C:/gcdev64/gnucash/releases/src/gwenhywfar-4.20.0/src/base/i18n.c:
>
> 120: No translation found for WIN32 locale [English_United States.1252]
> Versions:
> AqBanking-CLI: 5.7.8
> Gwenhywfar : 4.20.0.0
> AqBanking : 5.7.8.0
>
[FROSS] I have the same version as you
>
> AqBanking version 5.7.8 looks like the latest:
> https://www.aquamaniac.de/sites/download/packages.php
>
> [FROSS] I looked earlier as well. Looks like there is a 5.9.9 beta, but
not a stable version.
https://www.aquamaniac.de/rdm/projects/aqbanking/files
> Run aqbanking-cli to show your accounts (note the locale error message):
>
> ===> REM Show the account to work with
> ===> aqbanking-cli listaccs
> 3:2018/10/27
> 20-20-43:gwen(8124):C:/gcdev64/gnucash/releases/src/gwenhywfar-4.20.0/src/base/i18n.c:
>
> 120: No translation found for WIN32 locale [English_United States.1252]
> Account www.accountonline.com YOURCCACCOUNT www.accountonline.com
> Citigroup
[FROSS] This shows a Chase credit card, but not Citibank account. GNUCash
shows the user defined, but I don't think I ever successfully connected to
my bank. I get the "Error on gnutls_bye: -24" error when I first attempt
to contact the bank before I ever even enter in my account password. When
setting up a new user, but before "Retrieve Accounts" the setup tool
reaches out to the bank. I get the following output:
TITLE: Setting Up OFX DirectConnect User
-----------------------------------------------------------
10:56:12 Retrieving SSL certificate
10:56:12 Connecting to server...
10:56:12 Using GnuTLS default ciphers.
10:56:12 TLS: SSL-Ciphers negotiated: TLS1.2:ECDHE-RSA-AES-256-GCM:AEAD
10:56:12 Signer not found
10:56:12 Certificate is not trusted
10:57:21 Connected.
10:57:21 Error on gnutls_bye: -24 (Decryption has failed.)
10:57:21 Disconnected.
10:57:21 Connection ok, certificate probably received
10:57:21 Operation finished, you can now close this window.
The attempt times out (I have to wait 30 seconds or so) and then I accept
the certificate. So it seems the account never gets configured into
AQBanking...that's a hint I think. AQBanking does not record the account.
>
> Make a request that will show the details of the cert request (password
> required).
> I'd be curious as to how your output differs:
>
> ===> aqbanking-cli request --balance
> 3:2018/10/27
> 20-14-37:gwen(10536):C:/gcdev64/gnucash/releases/src/gwenhywfar-4.20.0/src/base/i18n.c:
>
> 120: No translation found for WIN32 locale [English_United States.1252]
> ===== Executing Jobs =====
> AqBanking v5.7.8.0stable
> Sending jobs to the bank(s)
> Locking user YOURUSERID
> ===== Enter Password =====
> Please enter the password for user YOURUSERID
> Input: YOURPASSWORD
> 3:2018/10/27
> 20-14-44:(null)(10536):C:/gcdev64/gnucash/releases/src/aqbanking-5.7.8/src/plugins/backends/aqofxconnect/plugin/network.c:
>
> 82: Saving response in "/tmp/ofx.log" ...
> Saving communication log to /tmp/ofx.log
> Sending request...
> Connecting to server...
> Resolving hostname "www.accountonline.com" ...
> IP address is "104.65.4.169"
> Connecting to "www.accountonline.com"
> Connected to "www.accountonline.com"
> Using GnuTLS default ciphers.
> TLS: SSL-Ciphers negotiated: TLS1.2:ECDHE-RSA-AES-256-GCM:AEAD
> Signer not found
> Certificate is not trusted
> 5:2018/10/27
> 20-14-44:aqbanking(10536):C:/gcdev64/gnucash/releases/src/aqbanking-5.7.8/src/libs/aqbanking/gui/abgui.c:
>
> 165: Automatically accepting certificate
> [D0:7D:90:E7:63:F0:59:E0:CE:D2:62:82:61:4A:68:68]
> Connected.
> Sending message...
> Message sent.
> Waiting for response...
> Receiving response...
> HTTP-Status: 200 (OK)
> Response received.
> Disconnecting from server...
> Disconnected.
> Parsing response...
> 3:2018/10/27
> 20-14-45:(null)(10536):C:/gcdev64/gnucash/releases/src/aqbanking-5.7.8/src/plugins/backends/aqofxconnect/plugin/network.c:
>
> 171: Saving response in "/tmp/ofx.log" ...
> Parsing response
> Status for signon request: Success (Code 0, severity "INFO")
> The server successfully processed the request.
> Status for transaction statement request: Success (Code 0, severity
> "INFO")
> The server successfully processed the request.
> Unlocking user YOURUSERID
> Executing Jobs: 1 of 1
> Postprocessing jobs
> Job Get Balance: finished
> Resetting provider queues
> Executing Jobs: Finished.
> ...
>
> [FROSS] Because I can't try this with a citibank account as none is
present in AQBanking, I did try this with my Chase account.
C:\Program Files (x86)\gnucash\bin>aqbanking-cli.exe request --balance
3:2018/10/28
10-58-58:gwen(22020):C:/gcdev64/gnucash/releases/src/gwenhywfar-4.20.0/src/base/i18n.c:
120:
No translation found for WIN32 locale [English_United States.1252]
===== Executing Jobs =====
AqBanking v5.7.8.0stable
Sending jobs to the bank(s)
Locking user <Account ID>
===== Enter Password =====
Please enter the password for user <Account ID>
Input: <Account Password>
******************************
Sending request...
Connecting to server...
Resolving hostname "ofx.chase.com" ...
IP address is "159.53.44.44"
Connecting to "ofx.chase.com"
Connected to "ofx.chase.com"
Using GnuTLS default ciphers.
TLS: SSL-Ciphers negotiated: TLS1.2:ECDHE-RSA-AES-128-GCM:AEAD
Signer not found
Certificate is not trusted
Accquiring lock: Started.
Accquiring lock: 2812 of 60000
<......>
Accquiring lock: 59984 of 60000
Accquiring lock: 59999 of 60000
Accquiring lock: Finished.
3:2018/10/28
11-04-37:gwen(39044):C:/gcdev64/gnucash/releases/src/gwenhywfar-4.20.0/plugins/configmgr/dir/c
fgdir.c: 469: Could not lock group [shared/certs]: 2
3:2018/10/28
11-04-37:aqbanking(39044):C:/gcdev64/gnucash/releases/src/aqbanking-5.7.8/src/libs/aqbanking/b
anking_cfg.c: 303: Could not lock shared group [certs] (-109)
4:2018/10/28
11-04-37:aqbanking(39044):C:/gcdev64/gnucash/releases/src/aqbanking-5.7.8/src/libs/aqbanking/g
ui/abgui.c: 147: Could not lock certs db, asking user (-109)
===== Certificate Received =====
3:2018/10/28
11-04-37:gwen(39044):C:/gcdev64/gnucash/releases/src/gwenhywfar-4.20.0/src/base/buffer.c:
527
: Pointer outside buffer size (257 bytes)
Assertion failed!
Program: C:\Program Files (x86)\gnucash\bin\aqbanking-cli.exe
File: C:/gcdev64/gnucash/releases/src/gwenhywfar-4.20.0/src/base/memory.c,
Line 426
Expression: p
I don't see the "Error on gnutls_bye: -24" error here, but I frankly don't
understand the errors at the end. This Chase account can download
successfully in GNUCash.
At some point yours will differ and that may give a hint. I assume your
> AqBanking users/accounts is similar to the one I provided previously.
>
> Jim
>
>
>
>
>
> _______________________________________________
> gnucash-user mailing list
> gnucash-user at gnucash.org
> To update your subscription preferences or to unsubscribe:
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> If you are using Nabble or Gmane, please see
> https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.
More information about the gnucash-user
mailing list