I don’t have the full context for this discussion, but I’m wondering: is the OTA update mechanism protected against a man-in-the-middle attack? Tom From: OvmsDev <ovmsdev-bounces@lists.openvehicles.com> on behalf of Mark Webb-Johnson <mark@webb-johnson.net> Reply-To: OVMS Developers <ovmsdev@lists.openvehicles.com> Date: Wednesday, April 4, 2018 at 11:51 PM To: OVMS Developers <ovmsdev@lists.openvehicles.com> Subject: Re: [Ovmsdev] OTA status check timeout / SSL problem? I think it was a fault on the api.openvehicles.com config - that shouldn’t be redirecting to https. I fixed it, and it should be ok now. Regards, Mark. On 5 Apr 2018, at 12:44 AM, Michael Balzer <dexter@expeedo.de> wrote: Mark, the server check for an OTA update now fails every time, times out after 10 seconds. I think that's because the new server currently does a redirect from http to https also on the api.openvehicles.com host. Not sure why the module doesn't fail directly on that, maybe it tries to validate the certificate which also does not match. As the openvehicles server has frequent connectivity issues from here I've added a "nocheck" option to the ota status command and use that for the standard web status page. The OTA page still checks for the update. Regards, Michael -- Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal Fon 02333 / 833 5735 * Handy 0176 / 206 989 26 _______________________________________________ OvmsDev mailing list OvmsDev@lists.openvehicles.com http://lists.openvehicles.com/mailman/listinfo/ovmsdev _______________________________________________ OvmsDev mailing list OvmsDev@lists.openvehicles.com http://lists.openvehicles.com/mailman/listinfo/ovmsdev