Curl to HTTP Request, msg.rejectUnauthorized

General
1

Hi,

I am having a problem converting a Curl command to an HTTP Request on a Teltonika Router.

Hoping there is enough information here!

The Curl command is:-

curl -X POST "https://<ROUTERIP>/api/login" -H "Content-Type: application/json" -d `{"username": "<username>", "password": "<password>"}` -k

With a Verbose response of:-

Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying v:443...
* Connected to <ROUTERIP> (<ROUTERIP>) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256 / X25519 / id-ecPublicKey
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: C=LT; ST=Vilnius; L=Vilnius; O=Teltonika9c3e02a3; CN=Teltonika
*  start date: Mar  6 15:28:50 2025 GMT
*  expire date: Mar  4 15:28:50 2035 GMT
*  issuer: CN=ca
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/1.x
> POST /api/login HTTP/1.1
> Host: <ROUTERIP>
> User-Agent: curl/8.5.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 67
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 200 OK
< Connection: close
< Transfer-Encoding: chunked
< Expect-CT: max-age=86400
< Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Content-Security-Policy:        default-src 'self'; frame-src * 'self';         img-src * 'self' data: blob:;         script-src 'wasm-unsafe-eval' https://cdn.jsdelivr.net/ 'sha256-LV+4Blj3LIWsLHvvq37tdHwBQpq6ZOI+wHw3XeGsJzM=' 'self' 'sha256-8yE2w7Bv8/Il8SvtEkB35j3QNRei9CKtdX8HgqblU04=' 'sha256-Pv4HyWUIdh/mQalp8JMzRdM1eTkfzYhRRnW/9m4pzQ8=' 'sha256-/83V68bpILlL4sGTUJ9oviiw3La/Bskmmf83WaWOw9I=' blob:;         style-src https://cdn.jsdelivr.net/ 'unsafe-hashes' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-kwpt3lQZ21rs4cld7/uEm9qI5yAbjYzx+9FGm/XmwNU=' 'self';         connect-src 'self';     worker-src 'self' blob:;        child-src 'self' blob:; 
< Cache-Control: no-cache
< Access-Control-Allow-Origin: *
< Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
< Content-Type: application/json
< 
* Closing connection
* TLSv1.3 (OUT), TLS alert, close notify (256):
{"success":true,"data":{"username":"admin","token":"<TOKEN>","expires":299}}

Trying to use the HTTP Request node, I get an UNABLE_TO_VERIFY_LEAF_SIGNATURE when injecting just the Payload (User/password).

In the Curl Command, I see SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. to overcome this I added msg.rejectUnauthorized = false in the Inject node. Now the I see requesting, and then after a time the HTTP Request node shows no response from server.

Flow

[{"id":"ef778648825337cb","type":"inject","z":"c17afc2be7cc5e34","name":"Payload and Reject Unauth","props":[{"p":"payload"},{"p":"rejectUnauthorized","v":"false","vt":"bool"}],"repeat":"","crontab":"","once":false,"onceDelay":"6","topic":"","payload":"{\"username\":\"<USERNAME\",\"password\":\"PASSWORD\"}","payloadType":"json","x":210,"y":260,"wires":[["38de799b1b6912aa","39e747f0b6789e32"]]},{"id":"38de799b1b6912aa","type":"http request","z":"c17afc2be7cc5e34","name":"fetch Token","method":"POST","ret":"txt","paytoqs":"ignore","url":"https://<ROUTERIP>/api/login","tls":"","persist":true,"proxy":"","insecureHTTPParser":false,"authType":"","senderr":false,"headers":[{"keyType":"Content-Type","keyValue":"","valueType":"application/json","valueValue":""},{"keyType":"other","keyValue":"Authorization","valueType":"other","valueValue":"Bearer <AUTH_TOKEN>"},{"keyType":"other","keyValue":"Content-length","valueType":"other","valueValue":"67"}],"x":490,"y":260,"wires":[["8e8e7e27668c91f3"]]},{"id":"8e8e7e27668c91f3","type":"debug","z":"c17afc2be7cc5e34","name":"Token","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":650,"y":260,"wires":[]},{"id":"39e747f0b6789e32","type":"debug","z":"c17afc2be7cc5e34","name":"Inputs","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":450,"y":300,"wires":[]},{"id":"72444f26261e574c","type":"inject","z":"c17afc2be7cc5e34","name":"Just Payload","props":[{"p":"payload"}],"repeat":"","crontab":"","once":false,"onceDelay":"6","topic":"","payload":"{\"username\":\"<USERNAME\",\"password\":\"PASSWORD\"}","payloadType":"json","x":170,"y":300,"wires":[["39e747f0b6789e32","38de799b1b6912aa"]]}]

Tried all sorts of things and now I class myself as 'Officially Stuck', not sure where to turn next!

Any help would be gratefully received.
TIA

Best wishes,
Colin J

2

In your curl statement, you are using -k, which tells it to ignore certificate issues. for JS, set an environment variable which does the same::

set NODE_TLS_REJECT_UNAUTHORIZED=0

or, within a function node:

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
3

Thank you for that, I can feel my headache lifting!!

Never having set an Environmental Variable before I now need to understand what I have just done! (Will my headache come back?? :rofl:)

Sorry, so excited I was reading the output of my Catch NODE. Teach me not to properly label Debug nodes!!

Need to look into this further as operation has completely changed. I need to debug flow a bit further,

4

I see in your flow you have as the url

http://<ROUTERIP>/api/login

Have you tried https instead of http ?
In the Teltonika API docs it says

image
image790×100 4.54 KB

Source
https://developers.teltonika-networks.com/

5

Ah, apologies again. That was my sanitised flow, in the actual flow it is https. I must have copied that node when I was getting desperate to get it working and tried lots of different stuff in my fumblings around.

Flow amended.

6

I have carried on and using the search process.env.NODE_TLS_REJECT_UNAUTHORIZED = from @omrid answer, I found this thread

I imported this into my flow and modified my HTTP request to the same as the 'Self Signed' HTTP Request node in this flow. It didn't work.

Copied the 'Self Signed' HTTP Request and inserted in place of my node and it worked. I have now studied both my original node with that from the other thread and can find no differences. I have no idea why it wouldn't work.

Funnily enough, one of my 'fumblings' yesterday was to create a TLS check as @knolleary had indicated (without seeing his post). So I am please I was on the right track.

Thank you @omrid and @UnborN for your pointers! I couldn't have done it without your help!!