Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL certification error to OpenAI API #1368

Closed
stc1988 opened this issue Jul 9, 2024 · 7 comments
Closed

SSL certification error to OpenAI API #1368

stc1988 opened this issue Jul 9, 2024 · 7 comments

Comments

@stc1988
Copy link
Contributor

stc1988 commented Jul 9, 2024

Build environment: macOS
Moddable SDK version: 3bf5202
Target device: Mac simulator

Steps to Reproduce

  1. Set OpenAI API key. If you don't have api key, remove line 19 and 20.
  2. Build and install the app examples/pins/audioout/openai-stream using this build command: mcconfig -d -m -p mac
  3. Shows error /Users/satoshi/Projects/moddable/modules/files/resource/Resource.c (44) # Break: Resource: Resource not found: ca236.der!
  4. Fix manifest_openaistreamer.json to set ca236 and re-run app.
  5. shows error /Users/satoshi/Projects/moddable/modules/crypt/etc/x509.js (140) # Break: Error: x509: unsupported curve!
@phoddie
Copy link
Collaborator

phoddie commented Jul 9, 2024

That's unusual. That said, not all curves are supported. You could try disabling use of ECC to fall back to another ciphersuite.

	"config": {
		"tls": {
			"DHE_RSA": false,
			"ECDHE_RSA": false
		}
	}

@stc1988
Copy link
Contributor Author

stc1988 commented Jul 9, 2024

I added the config section to manifest.json, and see another error /Users/satoshi/Projects/moddable/modules/crypt/ssl/ssl_alert.js (83) # Break: Error: alert: 2, 40!.

@phoddie
Copy link
Collaborator

phoddie commented Jul 15, 2024

Thank you for trying. This may be more complex to address. I'll take a look in the coming days.

@phoddie
Copy link
Collaborator

phoddie commented Jul 15, 2024

Some good news. Turning off TLS certificate validation allows the connection to succeed. (Of course, you still need to add ca236.der).

While not a long term solution, this allow things to continue working while working on a proper solution. Please give it a try by modifying these three lines in openaistreamer.js as shown below.

		const http = {...device.network.https};
		http.socket = {...http.socket, secure: {...http.socket.secure, verify: false}};
		return new streamer({
			...o,
			http,

The actual problem appears to occur while parsing the response. In one case, the curve string hasundefined where a number is expected. I'll look into that.

@stc1988
Copy link
Contributor Author

stc1988 commented Jul 16, 2024

While not a long term solution, this allow things to continue working while working on a proper solution. Please give it a try by modifying these three lines in openaistreamer.js as shown below.

  const http = {...device.network.https};
  http.socket = {...http.socket, secure: {...http.socket.secure, verify: false}};
  return new streamer({
  	...o,
  	http,

Thank you for suggestion, I confirmed this code works.

@phoddie
Copy link
Collaborator

phoddie commented Jul 16, 2024

I cannot reproduce the undefined behavior above. Looking deeper, it is necessary to implement the secp384r1 curve for this certificate. I have that working, but it needs some more testing.

mkellner pushed a commit that referenced this issue Jul 19, 2024
@phoddie
add secp384r1 #1368
899da58
@stc1988
Copy link
Contributor Author

stc1988 commented Jul 20, 2024

This issue fixed in 4.9.0.

Thank you.

@stc1988 stc1988 closed this as completed Jul 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phoddie @stc1988