Https requests failing to specific domains

Hi. I’m trying to send some data from my Vera to a remote server that requires and https POST. I’ve done this before and have code that works. However, this particular server is immediately closing the connection which I suspect is due to a Web Application Firewall (WAF) not liking the way the request is formed. My code is below which show two ways of making the call, one via the ssl.https library in Lua and one via CURL. The one via CURL works.

local ssl = require 'ssl'
local https = require 'ssl.https'
local socket = require 'socket'
local ltn12 = require 'ltn12'

print(_VERSION)

BASE_URL = "https://webhooks.mongodb-realm.com"
url = "/api/client/v2.0/app/homeautomation-rjoff/service/http/incoming_webhook/api"
reqbody='my data'

local respbody = {} 

	local result, respcode, respheaders, respstatus = https.request {
		method = "POST",
		protocol = "tlsv1_2",
		url = BASE_URL..url,
		source = ltn12.source.string(reqbody),
		sink = ltn12.sink.table(respbody),
		mode = "client",
		verify = "none",
		options = "all",
		headers = {
			["Host"] = BASE_URL,
			["content-length"] = string.len(reqbody),
			["content-type"] = "text/plain; charset=UTF-8",
			["accept"] = "*/*"
		}
	}
	print(result)
	print(respcode)
	print(table.concat(respbody))
	print(respheaders)
	print(respstatus)

print("-----------------------------------------")

local command = "curl -s "..BASE_URL..url.." -d '"..reqbody.."'"
local f = assert(io.popen(command, 'r'))
local response = assert(f:read('*a'))
f:close(f)
print(response)

the output is:

Lua 5.1
nil
closed

nil
nil
-----------------------------------------
{"error":"invalid secret","link":"https://realm.mongodb.com/groups/xxxxxx"}

Whilst the CURL method returns an error this is correct as I haven’t authenticated, whereas the Lua method returns nothing. If I change the URL to www.google.com then the Lua method also works. And when I run the same code on my Windows machine via ZeroBrane it also works.

Completely stuck so any ideas appreciated…

Thanks

The SSL compatibility in the Lua library is out of date compared to what is built into curl. This is a common problem for a lot of plugins right now. Using curl is one possible workaround. Some systems allow an upgrade of LuaSec (Plus, Secure) which also addresses the issue (for the moment).

Ok. Thanks rigpapa. Much appreciated. It would be good to see a firmware update for that from eZLO.