Fabio/ddclient
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Disable SSL certificate validation for Gandi.

Browse source 
Attempting a Gandi LiveDNS update, I received the following error:

WARNING:  cannot connect to api.gandi.net:443 socket: IO::Socket::SSL: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed IO::Socket::INET configuration failed error:00000000:lib(0):func(0):reason(0)

This was on my EdgeOS router.  It probably was missing the proper
certificate authority chain to validate the SSL certificate, or perhaps
Gandi's certificate had expired.  Either way, disabling the host
verification was the easiest way to fix the problem and get the update
to actually work successfully.

Since the magic EdgeOS commands to configure this are not obvious,
here's how to configure Gandi LiveDNS on EdgeOS, if the WAN interface
(to the Internet) is on eth0:

configure
delete service dns dynamic interface eth0
set service dns dynamic interface eth0 service custom-gandi protocol gandi
set service dns dynamic interface eth0 service custom-gandi login dummy
set service dns dynamic interface eth0 service custom-gandi password GANDI_API_KEY
set service dns dynamic interface eth0 service custom-gandi options zone=DOMAIN_NAME,ttl=5m
set service dns dynamic interface eth0 service custom-gandi host-name HOSTNAME
commit; save; exit
update dns dynamic interface eth0
show dns dynamic status

For the host-name parameter, a comma-separated list can be used to
update multiple hostnames to the dynamic IP address, and "@" can be used
as a hostname to update the IP address associated with the domain itself
(which must be specified in the zone=DOMAIN_NAME parameter).

If the "ttl" option is not specified, it will default to 3 hours;
Gandi's minimum TTL supported is 5 minutes.
This commit is contained in:
Deven T. Corzine 2020-09-27 02:49:42 -04:00
parent 0c6f4ef7c8
commit 15d69cc981
1 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
ddclient.in
View file

@ -5744,11 +5744,12 @@ sub nic_gandi_update {
$url .= "/livedns/domains/$config{$h}{'zone'}/records/$hostname/$rrset_type";
my $reply = geturl(
proxy => opt('proxy'),
url => $url,
headers => $headers,
method => 'PUT',
data => $data,
proxy => opt('proxy'),
url => $url,
headers => $headers,
method => 'PUT',
data => $data,
ssl_validate => 0,
);
unless ($reply) {
failed("%s -- Could not connect to %s.", $h, $config{$h}{'server'});