Author

Topic: [ANN] FIX gateway available on bitfloor.com (Read 2555 times)

member
Activity: 135
Merit: 10
March 25, 2013, 03:36:58 AM
#8
 Kiss Bitfloor.
legendary
Activity: 1246
Merit: 1002

It seems that the cert file that can be downloaded from the fix api page has expired and does not actually match what is currently used on api.bitfloor.com.
You can get current cert file with following command:

openssl s_client -showcerts -connect api.bitfloor.com:5252

From the output copy the lines starting from -----BEGIN CERTIFICATE----- up to and including -----END CERTIFICATE----- and save those to the .crt file
that is in stunnel configuration.



my first tip!

legendary
Activity: 1246
Merit: 1002

It seems that the cert file that can be downloaded from the fix api page has expired and does not actually match what is currently used on api.bitfloor.com.
You can get current cert file with following command:

openssl s_client -showcerts -connect api.bitfloor.com:5252

From the output copy the lines starting from -----BEGIN CERTIFICATE----- up to and including -----END CERTIFICATE----- and save those to the .crt file
that is in stunnel configuration.



Thanks.  This works.  The stunnel still stops, but it is later in the process.
Do I need a certificate as well?  If so, can it be self signed?

Code:
2013.03.18 16:32:28 LOG7[13652:3077700416]: SNI: host name: api.bitfloor.com
2013.03.18 16:32:28 LOG7[13652:3077700416]: SSL state (connect): before/connect initialization
2013.03.18 16:32:28 LOG7[13652:3077700416]: SSL state (connect): SSLv3 write client hello A
2013.03.18 16:32:28 LOG7[13652:3077700416]: SSL state (connect): SSLv3 read server hello A
2013.03.18 16:32:28 LOG7[13652:3077700416]: Starting certificate verification: depth=0, /C=US/ST=New York/L=New York/O=Bitfloor, Inc./CN=bitfloor.com/[email protected]
2013.03.18 16:32:28 LOG6[13652:3077700416]: CERT: Locally installed certificate matched
2013.03.18 16:32:28 LOG5[13652:3077700416]: Certificate accepted: depth=0, /C=US/ST=New York/L=New York/O=Bitfloor, Inc./CN=bitfloor.com/[email protected]
2013.03.18 16:32:28 LOG7[13652:3077700416]: SSL state (connect): SSLv3 read server certificate A
2013.03.18 16:32:28 LOG7[13652:3077700416]: SSL state (connect): SSLv3 read server done A
2013.03.18 16:32:29 LOG7[13652:3077700416]: SSL state (connect): SSLv3 write client key exchange A
2013.03.18 16:32:29 LOG7[13652:3077700416]: SSL state (connect): SSLv3 write change cipher spec A
2013.03.18 16:32:29 LOG7[13652:3077700416]: SSL state (connect): SSLv3 write finished A
2013.03.18 16:32:29 LOG7[13652:3077700416]: SSL state (connect): SSLv3 flush data
2013.03.18 16:32:29 LOG7[13652:3077700416]: SSL state (connect): SSLv3 read server session ticket A
2013.03.18 16:32:29 LOG7[13652:3077700416]: SSL state (connect): SSLv3 read finished A
2013.03.18 16:32:29 LOG7[13652:3077700416]:    1 items in the session cache
2013.03.18 16:32:29 LOG7[13652:3077700416]:    1 client connects (SSL_connect())
2013.03.18 16:32:29 LOG7[13652:3077700416]:    1 client connects that finished
2013.03.18 16:32:29 LOG7[13652:3077700416]:    0 client renegotiations requested
2013.03.18 16:32:29 LOG7[13652:3077700416]:    0 server connects (SSL_accept())
2013.03.18 16:32:29 LOG7[13652:3077700416]:    0 server connects that finished
2013.03.18 16:32:29 LOG7[13652:3077700416]:    0 server renegotiations requested
2013.03.18 16:32:29 LOG7[13652:3077700416]:    0 session cache hits
2013.03.18 16:32:29 LOG7[13652:3077700416]:    0 external session cache hits
2013.03.18 16:32:29 LOG7[13652:3077700416]:    0 session cache misses
2013.03.18 16:32:29 LOG7[13652:3077700416]:    0 session cache timeouts
2013.03.18 16:32:29 LOG6[13652:3077700416]: SSL connected: new session negotiated
2013.03.18 16:32:29 LOG6[13652:3077700416]: Negotiated ciphers: RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
2013.03.18 16:32:29 LOG5[13652:3077700416]: Error detected on SSL (read) file descriptor: Connection reset by peer (104)
2013.03.18 16:32:29 LOG5[13652:3077700416]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
eja
newbie
Activity: 39
Merit: 0

It seems that the cert file that can be downloaded from the fix api page has expired and does not actually match what is currently used on api.bitfloor.com.
You can get current cert file with following command:

openssl s_client -showcerts -connect api.bitfloor.com:5252

From the output copy the lines starting from -----BEGIN CERTIFICATE----- up to and including -----END CERTIFICATE----- and save those to the .crt file
that is in stunnel configuration.

legendary
Activity: 1246
Merit: 1002

As always, if you have questions or suggestions, feel free to email support!

I am digging a little deeper into this.  I am not an stunnel expert, and I welcome comments & help.

The tunnel seems to close down after it considers the bitfloor.com certificate.  Do I manage this at my end, or ask for shtylman to do something?


Here is my stunnel configuration file.
Code:
# Adapted from https://bitfloor.com/docs/api/order-entry/fix#stunnel
# Aubrey McIntosh 2013-02-15
# see also www.linuplanet.org/blogs/?cat=5269

debug = 7
output = /var/log/stunnel4/bitfloor.log

[fix-prod]
client=yes

#The local address to use.
accept = 192.168.0.200:5252
connect = api.bitfloor.com:5252

CAFile = /etc/stunnel/certs/bitfloor.stunnel.crt
verify = 3
#verify = 4 creates an error.



Here is the /var/log/stunnel4/bitfloor.log file after a connection attempt.

Code:
aubrey@gaia:/var/log/stunnel4$ sudo more bitfloor.log
2013.03.18 12:31:56 LOG7[11658:3078449600]: No limit detected for the number of clients
2013.03.18 12:31:56 LOG7[11658:3078449600]: signal_pipe: FD=3 allocated (non-blocking mode)
2013.03.18 12:31:56 LOG7[11658:3078449600]: signal_pipe: FD=4 allocated (non-blocking mode)
2013.03.18 12:31:56 LOG5[11658:3078449600]: stunnel 4.42 on i686-pc-linux-gnu platform
2013.03.18 12:31:56 LOG5[11658:3078449600]: Compiled with OpenSSL 1.0.0e 6 Sep 2011
2013.03.18 12:31:56 LOG5[11658:3078449600]: Running  with OpenSSL 1.0.1 14 Mar 2012
2013.03.18 12:31:56 LOG5[11658:3078449600]: Update OpenSSL shared libraries or rebuild stunnel
2013.03.18 12:31:56 LOG5[11658:3078449600]: Threading:PTHREAD SSL:ENGINE Auth:LIBWRAP Sockets:POLL,I
Pv6
2013.03.18 12:31:56 LOG5[11658:3078449600]: Reading configuration from file /etc/stunnel/bitfloor.co
nf
2013.03.18 12:31:56 LOG7[11658:3078449600]: Snagged 64 random bytes from /home/aubrey/.rnd
2013.03.18 12:31:56 LOG7[11658:3078449600]: Wrote 1024 new random bytes to /home/aubrey/.rnd
2013.03.18 12:31:56 LOG7[11658:3078449600]: PRNG seeded successfully
2013.03.18 12:31:56 LOG6[11658:3078449600]: Initializing SSL context for service fix-prod
2013.03.18 12:31:56 LOG7[11658:3078449600]: Loaded verify certificates from /etc/stunnel/certs/bitfl
oor.stunnel.crt
2013.03.18 12:31:56 LOG7[11658:3078449600]: Loaded /etc/stunnel/certs/bitfloor.stunnel.crt revocatio
n lookup file
2013.03.18 12:31:56 LOG7[11658:3078449600]: SSL options set: 0x00000004
2013.03.18 12:31:56 LOG6[11658:3078449600]: SSL context initialized
2013.03.18 12:31:56 LOG5[11658:3078449600]: Configuration successful
2013.03.18 12:31:56 LOG7[11658:3078449600]: libwrap_init: FD=5 allocated (blocking mode)
2013.03.18 12:31:56 LOG7[11658:3078449600]: libwrap_init: FD=6 allocated (blocking mode)
2013.03.18 12:31:56 LOG7[11658:3078449600]: libwrap_init: FD=6 allocated (blocking mode)
2013.03.18 12:31:56 LOG7[11658:3078449600]: libwrap_init: FD=7 allocated (blocking mode)
2013.03.18 12:31:56 LOG7[11658:3078449600]: libwrap_init: FD=7 allocated (blocking mode)
2013.03.18 12:31:56 LOG7[11658:3078449600]: libwrap_init: FD=8 allocated (blocking mode)
2013.03.18 12:31:56 LOG7[11658:3078449600]: libwrap_init: FD=8 allocated (blocking mode)
2013.03.18 12:31:56 LOG7[11658:3078449600]: libwrap_init: FD=9 allocated (blocking mode)
2013.03.18 12:31:56 LOG7[11658:3078449600]: libwrap_init: FD=9 allocated (blocking mode)
2013.03.18 12:31:56 LOG7[11658:3078449600]: libwrap_init: FD=10 allocated (blocking mode)
2013.03.18 12:31:56 LOG7[11658:3078449600]: accept socket: FD=11 allocated (non-blocking mode)
2013.03.18 12:31:56 LOG7[11658:3078449600]: Option SO_REUSEADDR set on accept socket
2013.03.18 12:31:56 LOG7[11658:3078449600]: Service fix-prod bound to 192.168.0.200:5252
2013.03.18 12:31:56 LOG7[11658:3078449600]: Service fix-prod opened FD=11
2013.03.18 12:31:56 LOG7[11664:3078449600]: Created pid file /var/run/stunnel4.pid
2013.03.18 13:45:53 LOG7[11664:3078449600]: local socket: FD=0 allocated (non-blocking mode)
2013.03.18 13:45:54 LOG7[11664:3078449600]: Service fix-prod accepted FD=0 from 192.168.0.200:34637
2013.03.18 13:45:54 LOG7[11664:3078540096]: Service fix-prod started
2013.03.18 13:45:54 LOG7[11664:3078540096]: Option TCP_NODELAY set on local socket
2013.03.18 13:45:54 LOG7[11664:3078540096]: Waiting for a libwrap process
2013.03.18 13:45:54 LOG7[11664:3078540096]: Acquired libwrap process #0
2013.03.18 13:45:54 LOG7[11664:3078540096]: Releasing libwrap process #0
2013.03.18 13:45:54 LOG7[11664:3078540096]: Released libwrap process #0
2013.03.18 13:45:54 LOG7[11664:3078540096]: Service fix-prod permitted by libwrap from 192.168.0.200
:34637
2013.03.18 13:45:54 LOG5[11664:3078540096]: Service fix-prod accepted connection from 192.168.0.200:
34637
2013.03.18 13:45:54 LOG7[11664:3078540096]: remote socket: FD=1 allocated (non-blocking mode)
2013.03.18 13:45:54 LOG6[11664:3078540096]: connect_blocking: connecting 107.6.65.226:5252
2013.03.18 13:45:54 LOG7[11664:3078540096]: connect_blocking: s_poll_wait 107.6.65.226:5252: waiting
 10 seconds
2013.03.18 13:45:54 LOG5[11664:3078540096]: connect_blocking: connected 107.6.65.226:5252
2013.03.18 13:45:54 LOG5[11664:3078540096]: Service fix-prod connected remote server from 192.168.0.
200:51960
2013.03.18 13:45:54 LOG7[11664:3078540096]: Remote FD=1 initialized
2013.03.18 13:45:54 LOG7[11664:3078540096]: Option TCP_NODELAY set on remote socket
2013.03.18 13:45:54 LOG7[11664:3078540096]: SNI: host name: api.bitfloor.com
2013.03.18 13:45:54 LOG7[11664:3078540096]: SSL state (connect): before/connect initialization
2013.03.18 13:45:54 LOG7[11664:3078540096]: SSL state (connect): SSLv3 write client hello A
2013.03.18 13:45:54 LOG7[11664:3078540096]: SSL state (connect): SSLv3 read server hello A
2013.03.18 13:45:54 LOG7[11664:3078540096]: Starting certificate verification: depth=0, /C=US/ST=New
 York/L=New York/O=Bitfloor, Inc./CN=bitfloor.com/[email protected]
2013.03.18 13:45:54 LOG4[11664:3078540096]: CERT: Verification error: self signed certificate
2013.03.18 13:45:54 LOG4[11664:3078540096]: Certificate check failed: depth=0, /C=US/ST=New York/L=N
ew York/O=Bitfloor, Inc./CN=bitfloor.com/[email protected]
2013.03.18 13:45:54 LOG7[11664:3078540096]: SSL alert (write): fatal: unknown CA
2013.03.18 13:45:54 LOG3[11664:3078540096]: SSL_connect: 14090086: error:14090086:SSL routines:SSL3_
GET_SERVER_CERTIFICATE:certificate verify failed
2013.03.18 13:45:54 LOG5[11664:3078540096]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to s
ocket
2013.03.18 13:45:54 LOG7[11664:3078540096]: Service fix-prod finished (0 left)
2013.03.18 13:45:54 LOG7[11664:3078540096]: str_stats: 0 block(s), 0 byte(s)

legendary
Activity: 1246
Merit: 1002
Bitfloor is happy to announce the availability of a FIX (Financial Information Exchange) order entry gateway for trading. FIX is a financial industry standard and our FIX gateway allows you to use many off the shelf trading tools and libraries to connect and trade on Bitfloor. Unlike a REST gateway, the FIX gateway is connection based and will notify you immediately when you are filled; you will not need to poll to get your order updates.

See the Bitfloor FIX API documentation for additional details
https://bitfloor.com/docs/api/fix

The FIX library our FIX gateway is written on top of. It supports developing both Acceptors and Initiators and uses node.js (javascript).
https://github.com/bitfloor/nodefix

Me on The Bitcoin Show talking about Bitfloor and our release of the FIX gateway.
http://onlyonetv.com/2012/02/the-bitcoin-show-056-roman-shtylman-of-bitfloor-com/

The FIX gateway is currently operational on our testnet site (https://testnet.bitfloor.com) and will be available on production trading upon request. I will work closely with FIX gateway traders to make sure they are able to connect and trade during initial setup.

As always, if you have questions or suggestions, feel free to email support!

I have downloaded quickfixj into Ubuntu 12.04.
I modified bin/banzai.sh by adding :$qfjhome/lib/optional/mina-filter-ssl-1.1.7.jar to the list of libraries
I created etc/conf/bitfloor.cfg
I executed cd bin; sh banzai.sh ../etc/conf/bitfloor.cfg &

I appear to connect to api.bitfloor.com, but I am disconnected within about 15-20 seconds.

Code:
[default]
ConnectionType=initiator

[session]
# --------
SenderCompID=
SenderSubID=
# --------
FileStorePath=examples/target/data/bitfloor
TargetCompID=bitfloor
HeartBtInt=30
SocketConnectPort=5252

LogonTimeout=60
ResetOnLogon=Y
BeginString=FIX.4.2
StartTime=00:00:01 US/Central
EndTime=23:59:59 US/Central
ReconnectInterval=60
# --------
SocketConnectHost=api.bitfloor.com
SocketUseSSL=Y


sr. member
Activity: 243
Merit: 250
February 24, 2012, 11:21:16 AM
#1
Bitfloor is happy to announce the availability of a FIX (Financial Information Exchange) order entry gateway for trading. FIX is a financial industry standard and our FIX gateway allows you to use many off the shelf trading tools and libraries to connect and trade on Bitfloor. Unlike a REST gateway, the FIX gateway is connection based and will notify you immediately when you are filled; you will not need to poll to get your order updates.

See the Bitfloor FIX API documentation for additional details
https://bitfloor.com/docs/api/fix

The FIX library our FIX gateway is written on top of. It supports developing both Acceptors and Initiators and uses node.js (javascript).
https://github.com/bitfloor/nodefix

Me on The Bitcoin Show talking about Bitfloor and our release of the FIX gateway.
http://onlyonetv.com/2012/02/the-bitcoin-show-056-roman-shtylman-of-bitfloor-com/

The FIX gateway is currently operational on our testnet site (https://testnet.bitfloor.com) and will be available on production trading upon request. I will work closely with FIX gateway traders to make sure they are able to connect and trade during initial setup.

As always, if you have questions or suggestions, feel free to email support!
Jump to: