Testing communication between stunnel and aws or aws and alexa skill

[vecnar]

Hello,

Thank you for developing the skill!
Trying to setup sqeeze-alexa for the past few days but a bit stuck and not sure where to look for logs. I tried to follow documentation but i could have missed something.
I struggled with stunnel and self signed certs with local root CA cert but i think i got it working as i am able to connect to it when my laptop connected to my mobile hotspot using below command replacing x with dns name.
openssl s_client -connect xxx.xx.xxx.org:44302 -cert squeeze-alexa.pem

Executing "python3 bin/local_test.py" also worked from outside my network as it listed my currently selected player, number of playlists etc.

#Cert generation using other local rootCA cert
openssl genrsa -out devicekey.pem 2048
openssl req -new -key devicekey.pem -out device.csr -sha256 -nodes
openssl x509 -req -in device.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out devicecrt.pem -days 3650
cat devicekey.pem devicecrt.pem > squeeze-alexa.pem

#stunnel part
cert = devicecrt.pem
key = devicekey.pem
CAfile = path to rootCA.crt
verify = 2

I believe the above concludes that from network and certificates point of view i am ok but do let me know if any command output could assist confirming it.

I modified settings.py and chose APPLICATION_ID as None as amazon aws prompted me to insert skill id when adding "Alexa skills kit" trigger, without it i wasn't able to add lambda arn into endpoint in Alexa Developer website.

I opened stunnel log using "tail -f path to stunnel.log" but nothing is showing up when i execute tests in alexa skill developer website.

I would like to rule out communications\certificates being an issue between all different parts, my home server with aws function and alexa skill with aws function but i am not sure how to execute scripts/commands from aws or alexa skill development page or what logs to look at. Let me know if there is a better or easier way of finding it out.

UPDATE:
After redoing nearly all steps again and trying disabling verify server hostname it started to work but after changing it back to bool(CERT_FILE_PATH) it continued to work.
I will do some tests in next few days and see if it continues to work or not and test things i would use it for.
Thank you.
VERIFY_SERVER_HOSTNAME = False

[declension]

Great, sounds like you got it working.

Verifying the server name should be turned on really, otherwise there's no assurance that the skill is taking to your genuine endpoint.

This would probably be supported by the lack of stunnel logs, as SSL handshakes would fail before any logs (I think, it's been a while).

However the fact that enabling that config now works is confusing. Perhaps it's a cached connection (unlikely to persist long though). Perhaps your cert hostnames were wrong originally, though I think the s_client command should catch this though...

[declension]

Actually it doesn't
https://linux.die.net/man/1/s_client

If you try that command with -verify 2 you might have seen errors

[vecnar]

Thank you for prompt response and sorry for disturbing you.

I think it was problem with alexa skill talking to aws, as i was able to see action in stunnel.log when executing "openssl s_client -connect xxx.xx.xxx.org:44302 -cert squeeze-alexa.pem" from my laptop.
I think initially i didn't add trigger "Alexa skills kit" in aws, later i was adding it but wasn't hitting save button.
I reverted change to VERIFY_SERVER_HOSTNAME and everything still works.

"openssl s_client -verify 2 -connect xx.xx.xxx.org:44302 -cert etc/certs/squeeze-alexa.pem"
returns "Verify return code: 19 (self signed certificate in certificate chain" but still connects

openssl s_client -verify 2 -connect xx.xx.xxx.org:44302 -cert etc/certs/squeeze-alexa.pem -CAfile etc/certs/rootCA.crt
returns "Verify return code: 0 (ok)" and connects

I spent a lot of time on finding out that os runs python 2.7 and 3.6 and that i need to execute below commands in order to install necessary parts on debian.
apt-get install python3-pip
pip3 install -U setuptools
pip3 install PGPy
pip3 install poetry

But on linux mint i had problems finding which ones are missing.
apt-get install python3-pip
pip3 install -U setuptools
pip3 install python3-dev
sudo apt-get install libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev zlib1g-dev libffi-dev
pip3 install wheel
pip3 install PGPy
pip3 install poetry

I haven't used alexa, it has been laying around for a few years so need to learn how it works. Now I am trying to familiarize myself with functions/intents and what i would like to use and remove unnecessary sample utterances for the intents, in hope to improve accuracy.

One thing noticed that if i say "alexa ask squeezebox to select kitchen" I can use "alexa play/stop/next" but not sure how long it lasts for as if i say "alexa play/pause/next" after some time it will play radio from tunein, intents will not be directed to squeezebox.

All my squeezeboxes are not real hardware, i have one on raspberry pi connected to speakers, 2 running as dockers on nas that are attached to multi zone amplifier that is in premises i currently rent.

Do not mind the above, it is just me sharing my findings.
Thank you.