Charmed Quark Systems, Ltd. - Support Forums and Community
New Amazon Echo Support - Printable Version

+- Charmed Quark Systems, Ltd. - Support Forums and Community (
+-- Forum: General Discussion (
+--- Forum: CQC Support (
+--- Thread: New Amazon Echo Support (/showthread.php?tid=9423)

New Amazon Echo Support - wuench - 10-05-2015

I couldn't get it working. It would not complete the SSL handshake.

New Amazon Echo Support - Dean Roddey - 10-05-2015

Can you use a browser to connect to your web server via your public IP address using the secure port, so that you can view an image or page? If so, then it has to be something about how the javascript on the Amazon server is doing the TLS exchange. We know our web server implements TLS correctly. If you can access the server via a web browser from the outside address, the we know it can't be anything to do with certificate validation since that would have to work for the browser to do that. So that would mean our server has to be serving up the certificate correctly and it's being validated by the external authority.

If so, it would come down to something like the certificate authority isn't one the Amazon servers understand, or the settings on the javascript https have some sort of default that is making it not work (like using SSL instead of TLS, or requiring two way certificate verification.)

New Amazon Echo Support - wuench - 10-05-2015

Yeah I could connect to web pages just fine with a browser, just the Amazon SSL connection wouldn't complete.

New Amazon Echo Support - Dean Roddey - 10-05-2015

Are there any settings available to the javascript https engine? There maybe something that needs to be set up first. I poked around but all I can see are the options= JSON object that you set up to pass into the request method. If the port value at the top of the javascript is updated correctly, and you change the require to indicate https (I need to update the javascript to automatically do that), I can't see anything else that would be need, or that you can do.

I found some Lamba examples making outgoing https connections and that's all they are doing. And I found an example of an Echo skill and that's all it was doing as well.

New Amazon Echo Support - wuench - 10-05-2015

I did change the call from http to https on the JS, it was connecting but not completing the SSL negotiation. I took a sniffer trace, but couldn't determine why it was failing. I mentioned it in the other thread it was some sort of client negotiation or something, I didn't see a client cert passed or anything but it could've been encrypted at that point, I am not sure. I am not familiar with client cert negotiation so it could have been the start of that and CQC rejecting. I need to see a good client cert negotiation to compare it to.

New Amazon Echo Support - Dean Roddey - 10-05-2015

I wonder if there's a setting that would disable client certificate sending from the AWS side? I don't think the javascript https normally tries to do that, so I'm guessing that Amazon sets it up that way by default. But we don't need that. We just want to verify that the incoming connection is from the AWS server. The key in the message is sufficient for client validation.

There are some options that can be set that start with ca. , meaning certificate authority, but I'm not sure about those.

It's very difficult to find any good information. Almost everything that is relevant to Echo is talking about setting up your own server to be talked to by the Echo, not having AWS code talk to your server.

New Amazon Echo Support - Dean Roddey - 10-05-2015

According to the docs, the client sending a client certificate is meaningless unless the server choose to do something with it. The server can require that the client send one, but I don't do that. Otherwise, if it gets sent, it supposedly has no effect.

New Amazon Echo Support - Dean Roddey - 10-05-2015

Give 4.7.22 a try. I realized I'd never enabled TLS 1.2, and maybe they are requiring that since it's the latest and greatest. It's far from certain, but worth a try. I cannot see anything I can do wrt to client certificate handling, on the server side I mean, so I don't think that's an issue.

New Amazon Echo Support - bbrendon - 10-09-2015

I get a lot of this, but it does what it's supposed to: "There was a problem with the requested skill's response."

It seems the first time I talk to the echo RepText works, after that it doesn't work until something gets restarted.

Anyone else experience something like this?

New Amazon Echo Support - Dean Roddey - 10-09-2015

What's showing up in the logs? And what kind of info are you putting into the reply text? Is anything that might cause syntax issues in JSON maybe?

Also, what CQC version are you on? There was an issue a bit back where I forgot that every web server service thread was loading its own copy of the config file. So, if you did a reload command, that one thread that serviced that command would reload it, but the rest would still have the old stuff. So you could be stuck with old config data in some threads and the new stuff in others. Which one services your next request is semi-random so it could give the appearance of random failures.