I'm getting a stream error on all 4 apps that I currently have running, and that were all running fine this morning. I get both of these errors on Xcode,
This error seems to have something to do with TLS protocol. I get this error running from my phone or from my iMac running Xcode. I'm trying to figure out if this is an Apple problem or a Particle one.
There have been no changes on the Particle API, related to TLS / SSL certificates or not, for a couple days. If this issue just appeared today and it was working yesterday it’s most likely an issue on your machine, maybe due to a recent system update?
Here’s what I see when I run curl against the API on a Windows machine. Can you post what you see?
curl -v https://api.particle.io/oauth/token
* Adding handle: conn: 0x27e8c70
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x27e8c70) send_pipe: 1, recv_pipe: 0
* About to connect() to api.particle.io port 443 (#0)
* Trying 52.202.229.241...
* Connected to api.particle.io (52.202.229.241) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: C:\Ruby\cacert.pem
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES128-SHA
* Server certificate:
* subject: CN=*.particle.io
* start date: 2016-04-23 00:00:00 GMT
* expire date: 2017-05-23 12:00:00 GMT
* subjectAltName: api.particle.io matched
* issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
* SSL certificate verify ok.
> GET /oauth/token HTTP/1.1
> User-Agent: curl/7.30.0
> Host: api.particle.io
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< Date: Tue, 14 Mar 2017 10:46:40 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 117
< Connection: keep-alive
* Server nginx is not blacklisted
< Server: nginx
< Access-Control-Allow-Origin: *
< Cache-Control: no-store
< Pragma: no-cache
< ETag: W/"75-PJoF3voMEmjrMl1G5YzwaA"
<
{"error":"invalid_request","error_description":"Method must be POST with application/x-www-form-urlencoded encoding"}* Connection #0 to host api.particle.io left intact
It’s the spark.io SSL certificate that expired. So if you’re using api.spark.io, for example, you’ll run into trouble as of March 13, 2017, but api.particle.io is fine.
My real problem is with this line of code that I have in a VB.Net application that uses the SparkIO.WebServices library:
MyCore = New CoreAPI(“my_username”, “my_password”, , , “https://api.particle.io”)
This was working fine up until yesterday but then I started getting this error:
System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
I haven’t used curl for a long while, but when I saw that I could not get the curl command to work, I figured that if that could be solved, it would also solve my other problem. The curl problem was easier to explain. I still cannot connect through curl or through the vb.net application. When I saw @Ric problem and that its start coincided with mine, I figured the problem was related.
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.