SSLError

[tomasz8w]

Hi @PiotrMachowski , Thanks for this implementation. I was trying to make it working but unfortunately I stuck up with this error:

2019-07-01 14:48:24 ERROR (MainThread) [homeassistant.components.sensor] Error while setting up platform tauron_amiplus
Traceback (most recent call last):
  File "/srv/homeassistant/lib/python3.7/site-packages/urllib3/contrib/pyopenssl.py", line 472, in wrap_socket
    cnx.do_handshake()
  File "/srv/homeassistant/lib/python3.7/site-packages/OpenSSL/SSL.py", line 1915, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "/srv/homeassistant/lib/python3.7/site-packages/OpenSSL/SSL.py", line 1647, in _raise_ssl_error
    _raise_current_error()
  File "/srv/homeassistant/lib/python3.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'tls12_check_peer_sigalg', 'wrong signature type')]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/srv/homeassistant/lib/python3.7/site-packages/urllib3/connectionpool.py", line 603, in urlopen
    chunked=chunked)
  File "/srv/homeassistant/lib/python3.7/site-packages/urllib3/connectionpool.py", line 344, in _make_request
    self._validate_conn(conn)
  File "/srv/homeassistant/lib/python3.7/site-packages/urllib3/connectionpool.py", line 843, in _validate_conn
    conn.connect()
  File "/srv/homeassistant/lib/python3.7/site-packages/urllib3/connection.py", line 370, in connect
    ssl_context=context)
  File "/srv/homeassistant/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 355, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/srv/homeassistant/lib/python3.7/site-packages/urllib3/contrib/pyopenssl.py", line 478, in wrap_socket
    raise ssl.SSLError('bad handshake: %r' % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls12_check_peer_sigalg', 'wrong signature type')])",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/srv/homeassistant/lib/python3.7/site-packages/requests/adapters.py", line 449, in send
    timeout=timeout
  File "/srv/homeassistant/lib/python3.7/site-packages/urllib3/connectionpool.py", line 641, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/srv/homeassistant/lib/python3.7/site-packages/urllib3/util/retry.py", line 399, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='logowanie.tauron-dystrybucja.pl', port=443): Max retries exceeded with url: /login (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls12_check_peer_sigalg', 'wrong signature type')])")))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/srv/homeassistant/lib/python3.7/site-packages/homeassistant/helpers/entity_platform.py", line 126, in _async_setup_platform
    SLOW_SETUP_MAX_WAIT)
  File "/usr/lib/python3.7/asyncio/tasks.py", line 416, in wait_for
    return fut.result()
  File "/usr/lib/python3.7/concurrent/futures/thread.py", line 57, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/home/homeassistant/.homeassistant/custom_components/tauron_amiplus/sensor.py", line 53, in setup_platform
    SENSOR_TYPES[variable][0]))
  File "/home/homeassistant/.homeassistant/custom_components/tauron_amiplus/sensor.py", line 114, in __init__
    configuration = calculate_configuration(username, password, meter_id)
  File "/home/homeassistant/.homeassistant/custom_components/tauron_amiplus/sensor.py", line 66, in calculate_configuration
    headers=TauronAmiplusSensor.headers)
  File "/srv/homeassistant/lib/python3.7/site-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/srv/homeassistant/lib/python3.7/site-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/srv/homeassistant/lib/python3.7/site-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='logowanie.tauron-dystrybucja.pl', port=443): Max retries exceeded with url: /login (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls12_check_peer_sigalg', 'wrong signature type')])")))

Any idea how to resolve it and make it work?

[PiotrMachowski]

Hi @tomasz8w, Can you still log in to eLicznik using website? It seems that you have exceeded maximum number of unsuccessful login attempts.

[tomasz8w]

I can access eLicznik without any trouble..

[PiotrMachowski]

Can you provide your setup specification? (versions of HA, Python and requests library)

[tomasz8w]

Sure, HA: 0.94.4 Python3: 3.7.3rc1 requests: 2.21.0

[tomasz8w]

I found a workaround described here. Changing DEFAULT@SECLEVEL=2 to 1 in /etc/ssl/openssl.cnf resolves the issue.

[lemonka]

Hi Piotr, I dont have such setting in openssl.cnf :) Is there any other workaround available?

Kernel: 5.4.0-62-generic x86_64 bits: 64 Desktop: Cinnamon 4.8.6 Distro: Linux Mint 20.1 Ulyssa

[lemonka]

A workaroud for a workaround -> https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level

[araczkowski]

Hi @PiotrMachowski

I think I have a solution:

1. import

   from requests import adapters
   import ssl
   from urllib3 import poolmanager

2. transport adapter

   class TLSAdapter(adapters.HTTPAdapter):
   def init_poolmanager(self, connections, maxsize, block=False):
       """Create and initialize the urllib3 PoolManager."""
       ctx = ssl.create_default_context()
       ctx.set_ciphers("DEFAULT@SECLEVEL=1")
       ctx.check_hostname = False
       self.poolmanager = poolmanager.PoolManager(
           num_pools=connections,
           maxsize=maxsize,
           block=block,
           ssl_version=ssl.PROTOCOL_TLS,
           ssl_context=ctx,
       )

3. mount the adapter to session before request

   session = requests.session()
   session.mount("https://", TLSAdapter())

If you want I can prepare pull request to fix this this?

PS In AI-Speaker project we have config_flow for this integration, now custom components can implement config_flow too.

If you want I can pull this back too?

Regards :wave:

[PiotrMachowski]

Hi @araczkowski! Thanks for your investigation, I would really appreciate a pull request with these changes (especially config flow)

[araczkowski]

Config flow will be delivered as separate pull, this will be bigger change. In AIS we are using all the automation tools used in HA (black formatter, sorts etc..). That is why all the code in config_flow pull will look little different then your code. It will be up to you to keep this format in your repo or reformat it back to yours.

BTW Please consider to join AIS. I can offer you write access to our repo and free AIS DEV3 gate :) On our forum, if somebody really need some new functionality, he need to sponsor 50% of the developer work, AI-Speaker are offering to pay rest (next 50%). It is win-win deal.

Let me know if you are interested, and you have time for this, and if you will be able to maintain your codes in our repo. I can introduce you, then together we can transfer some of your integrations to our fork of HA Core and add configurations flow for them.

We admire you work :1st_place_medal: Have a good day.

[PiotrMachowski]

This issue should be fixed since v2.0.0