Interesting! I installed the GNUCash v2.6.19 on Ubuntu (the one in the repo) and it worked fine! I'm going to try v3.3 on Ubuntu and see if I can narrow this down to a windows problem (which is my assumption) or a 3.3 issue for me.
Thanks. I'll report back when I have additional information. Michael On Wed, Oct 24, 2018 at 9:17 AM Fross, Michael <mich...@fross.org> wrote: > Hello Jim, > > This is great news. I had the Citibank Credit Card download working for > years, but it broke early this year. I've attempted to setup GNUCash based > on the above, but continue to struggle. I receive the following error > during the initial bank connection: > > *Error on gnutls_bye: -24 (Decryption has failed.)* > > After looking at your OFX settings above, I used the following during the > GNUCash setup: > > - Create User - Select OFX > - Bank Name: Citi Credit Card > - Broker Id: > - FID: 24909 > - ORG: Citigroup > - Server URL: https://www.accountonline.com/cards/svc/CitiOfxManager.do > - User Name: myusername > - User Id: myusername<space> <--- I added a space per your comments > - Client UID: > - Emulated App: Quicken 2013 > - Application ID: QWIN > - Application Version: 2400 > - Header Version: 103 > > After accepting the certificate , the log window has that error. If I > retrieve accounts after this, I get the following: > > 09:12:27 Sending request... > 09:12:27 Using GnuTLS default ciphers. > 09:12:28 TLS: SSL-Ciphers negotiated: TLS1.2:ECDHE-RSA-AES-256-GCM:AEAD > 09:12:28 Signer not found > 09:12:28 Certificate is not trusted > 09:13:31 Waiting for response... > 09:13:31 No message received > 09:13:31 Network error while waiting for response > 09:13:31 Operation finished, you can now close this window. > > I have a long password, but no special characters in it. I'm on windows > and need to read up a bit more on how to get the OFX.log. Setting the ENV > variable and starting GNUCash from the command session didn't seem to > produce one. > > I appreciate the guidance and the time. I'm sure a lot of people use Citi > Cards and your debugging can benefit a lot of people. Can you provide any > differences in your GNUCash config settings that what I have above? I've > tried a few variations but to no avail. > > Thank you! > > Michael > > > On Tue, Oct 23, 2018 at 11:12 PM Jim Maki via gnucash-user < > gnucash-user@gnucash.org> wrote: > >> I just successfully set up GnuCash to download Citi credit card data >> using AqBanking - for now all you have to do is add a space to the end >> of your userid (assuming everything else is correct).The issue seems to >> be with Citi ... >> >> When it consistently failed with code 403, I turned on OFX logging >> (export AQOFX_LOG_COMM=1), snagged the OFX request (from /tmp/ofx.log), >> formatted it to make it more readable, and created a bash script using >> curl to make the OFX request. Paradoxically it worked while the >> equivalent un-beautified GnuCash request failed. >> >> After little debugging, the key lines in the GnuCash ofx.log were: >> >> ================== OFX ================== >> ... >> ... <USERID>myuserid >> <USERPASS>mypassword >> ... >> ================== OFX ================== >> >> The above will work if you add a space either at the end of the >> "...<USERID>myuserid" line, or before "<USERPASS>" in the next line. At >> the GnuCash user interface level that involves adding a trailing space >> to the AqBanking userid for Citi. >> >> For reference, below is the OFX template file I use to feed my >> curl-based script. Eventually GnuCash makes an equivalent request. >> (Again, eliminate the leading spaces before "<USERPASS>" and it, too >> fails.) >> >> ================== OFX ================== >> OFXHEADER:100 >> DATA:OFXSGML >> VERSION:103 >> SECURITY:NONE >> ENCODING:USASCII >> CHARSET:1252 >> COMPRESSION:NONE >> OLDFILEUID:NONE >> NEWFILEUID:$OFX_DATETIME >> >> <OFX> >> <SIGNONMSGSRQV1> >> <SONRQ> >> <DTCLIENT>$OFX_DATETIME >> <USERID>$OFX_USER >> <USERPASS>$OFX_PW >> <LANGUAGE>ENG >> <FI> >> <ORG>$OFX_ORG >> <FID>$OFX_FID >> </FI> >> <APPID>QWIN >> <APPVER>2400 >> </SONRQ> >> </SIGNONMSGSRQV1> >> <CREDITCARDMSGSRQV1> >> <CCSTMTTRNRQ> >> <TRNUID>$OFX_DATETIME >> <CLTCOOKIE>1 >> <CCSTMTRQ> >> <CCACCTFROM> >> <ACCTID>$OFX_ACCOUNT >> </CCACCTFROM> >> <INCTRAN> >> <DTSTART>$OFX_STARTDATE >> <DTEND>$OFX_ENDDATE >> <INCLUDE>Y >> </INCTRAN> >> </CCSTMTRQ> >> </CCSTMTTRNRQ> >> </CREDITCARDMSGSRQV1> >> </OFX> >> ================== OFX ================== >> >> If GnuCash did prettified SGML it would avoid this problem with Citi's >> parsing. >> >> Jim >> >> _______________________________________________ >> gnucash-user mailing list >> gnucash-user@gnucash.org >> To update your subscription preferences or to unsubscribe: >> https://lists.gnucash.org/mailman/listinfo/gnucash-user >> If you are using Nabble or Gmane, please see >> https://wiki.gnucash.org/wiki/Mailing_Lists for more information. >> ----- >> Please remember to CC this list on all your replies. >> You can do this by using Reply-To-List or Reply-All. > > _______________________________________________ gnucash-user mailing list gnucash-user@gnucash.org To update your subscription preferences or to unsubscribe: https://lists.gnucash.org/mailman/listinfo/gnucash-user If you are using Nabble or Gmane, please see https://wiki.gnucash.org/wiki/Mailing_Lists for more information. ----- Please remember to CC this list on all your replies. You can do this by using Reply-To-List or Reply-All.
