I have not yet downloaded code or purchased the app. Is the communication between the iPad app and the pi python server encrypted (e.g. over SSL?). If or, how difficult would it be to implement and when might that be delivered ? Thanks.
As far as the app is concerned, it is simple to do. I've asked Engineering to support that as an option in the new version on a server by server basis. They are adding it to the list but have not given me a date. Ask again in about two weeks and I should have an answer.
The server side should be simple to do on the Raspberry pi. A modification to the RasPiConnectServer.
Really not practical on the Arduino server side (hence the server by server option above).
The app currently provides authentication using MD5 and the configuration files are signed.
Thank you and engineering for adding security to the To Do list. I regularly keep my SW updated so will see any new versions fairly promptly.
I did purchase the app and installed server on my pi and it is up and running. Keeping it on my internal LAN for now so security currently not a show stopper. I do not want certain unsecured info out of the local 'net, though, so will wait for SSL before opening the firewall to the server port.
Thanks for the app product and pi server - this is some neat & fun stuff and timely for a couple projects I have planned.
Thank you - that is good news. I had added the S in the app (httpS) but had not modified RasPiConnectServer.py (web.py).
Note that python-openssl needs to be installed as well on the pi. Run "sudo apt-get install python-openssl" after making the modifications, e.g. adding lines to RasPiConnectServer.py from web.wsgiserver import CherryPyWSGIServer CherryPyWSGIServer.ssl_certificate = "/etc/postfix/tls/server.crt" CherryPyWSGIServer.ssl_private_key = "/etc/postfix/tls/server.key"
I now have server running and in my ipad browser I can see the version number by using URL "httpS://192.168.3.125:9600/Version" However, the ipad app cannot reach the server whether I use http or httpS in the default URL (e.g. httpS://192.168.3.125:9600/raspi). I do not even see the app request to the server (which I started from command line on pi). No disrespect intended; has SSL been tested by engineering (i.e. connect ipad app via SSL to RasPiConnectServer.py) that this does work so that we are past the "theoretically, it should work" stage ?
It was working with no SSL earlier. I am not available to work on it anymore for a few days but will provide an update once I have a chance to work on it again.
Yes, I configured status panel (upper right), number of processes, voltage, remote web view, and Send To for my default URL. Also, in settings, I try the Server Report. No responses from the SSL enabled server when using the app; only via the mobile browser.
i looked over my setup again and can find nothing amiss other than that it appears the iPad app is not sending anything to the pi.
i run rasPiConnectServer.py from command line on pi. I can see it accept requests from the iPad browser to, e.g. 192.168.3.125:9600/Version (or /raspi). However, when I configure the iPad RasPiConnect app for the (/raspi) URL and make a request (e.g. Server Report from setup, or a configured button), I do not see any request go to the server (based on watching command line of running server on pi ).
i have run out of things to do. Have the engineers verified this actually works ? If an upgrade is neede please let me know so I can quit spinning my wheels trying to get this working.
Has anyone got a secure connection going between the iPad app and a pi ?
I haven't had a chance yet to do this, but I will tomorrow. I looked at Wireshark on our computer and it looks like it is sending it in HTPPS. The problem might be on the Raspberry Pi end, which is what I will test.
Did it accept a connection to "https://192.168.3.125:9600/Version"? That narrows it down a lot.
Now that gives me a real clue. I'll talk to the engineer tomorrow. I'l just bet we have a problem reading SSL from a self-generated certificate (which is what I am sure you are using). Simple fix if true, but it will have to go through the appstore so it will be a week or so after we release it.
Here's the scoop. When we run the app against a web.py https server, we get the error:
Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “xxx.xxx.com” which could put your confidential information at risk." UserInfo=0x93bcc40
and the information from the Pi is thrown away.
Now the error isn't a surprise, given that it is self generated. It IS open to a man-in-the-middle attack as well as other potential issues.
There is an API that allows a self signed certificate, but some people say that the Appstore will reject your app if you use it. A bit paranoid, but there you have it.
However, there are free solutions. You can get an signed SSL certificate. Do a search on free ssl certificate.
You do need your own domain.
We are going to prototype the internal App solution for self signed certificates and do some more research about rejection.