OFTP2 - BMW CURL errors

From OS4X
Jump to navigation Jump to search

Version history

  • 2018-02-23: First writing of this document

Background

OS4X may log massively in the OS4X's system log the following messages:

 CURL error 56 while fetching CRL from URL http://sslcrl.bmwgroup.net/pki/BMW%20Group%20Issuing%20CA%20SSL1.crl: Failure when receiving data from the peer; HTTP code 0, check proxy settings

Google ChromeScreenSnapz473.png

This error occurs since the given URL is not publically available from the internet. The URL comes from a certificate of BMW, which is contained in the Odette's TSL. OS4X scans all certificates for new CRL URLs, so we have to define not to re-enable the URL again, and afterwards disable the corresponding CRL URL.

Solution

Step 1: disable automatic reactivation of CRLs

Navigate to "Configuration" -> "TLS" and activate the checkbox "Disable automatic reactivation of CRLs":

Google ChromeScreenSnapz471.png

Save this config afterwards.

Step 2: disable the corresponding CRL entries

Navigate to "Certificates" -> "Revocation lists" and disable the entries which cannot be downloaded by clicking on the second icon entitled by a tooltip "Activate/Deactivate":

Google ChromeScreenSnapz472.png