Workaround for AqBanking „The TLS connection was non-properly terminated“

After updating my system to Ubuntu 16.10 I wasn’t able to synchronize my accounts anymore. The problem was that the banking servers seem to not properly shutdown their TLS connections. Googling around showed this Ticket #259 and Ticket #230. The last ticket gave a hint on what to change in the Gwenhywfar library to get AqBanking back to work.

Just to make it clear, it doesn’t seem to be a bug in AqBanking but in the TLS handling of the banking servers. Ok, maybe a little bug as it is possible to set the userflag tlsIgnPrematureClose in AqBanking which is currently not correctly parsed in Gwenhywfar.

So here is the workaround that involves rebuilding Gwenhywfar and AqBanking by hand. It is adjusted to my needs (only CLI) but can be adapted to your setup. First the installed versions are removed so make sure you understand what you are doing.

WARNING: This procedure can brick your Operating System installation. Proceed at your own risk. If something is unclear stop here and get advice first.

The required sources can be downloaded from here: www.aquamaniac.de. You need gwenhywfar-4.16.0beta.tar.gz and aqbanking-5.7.4beta.tar.gz.


# remove systems aqbanking completely
apt-get --purge remove libgwenhywfar\*

# prepare installation
apt-get install libgcrypt20-dev libgnutls28-dev libxmlsec1-gnutls libxmlsec1-dev checkinstall build-essential

# install libgwenhywfar (download from:
tar -jvxf gwenhywfar-4.16.0beta.tar.gz
cd gwenhywfar-4.16.0beta

# workaround for TLS error
sed -e 's/rv==GNUTLS_E_PREMATURE_TERMINATION/rv!=GNUTLS_E_PREMATURE_TERMINATION/' -i src/sio/syncio_tls.c

./configure --prefix=/usr --with-guis=none
sudo checkinstall
cd ..

# install aqbanking-cli
tar -zvxf aqbanking-5.7.4beta.tar.gz
cd aqbanking-5.7.4beta
./configure --prefix=/usr --enable-cli --with-backends=aqhbci --with-bankinfos=de
make
sudo checkinstall

Thanks to the authors of this great toolset and Happy Banking!

Ein Kommentar

Kommentar hinterlassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.