search

blakeblackshear / frigate

NVR with realtime local object detection for IP cameras
https://frigate.video
MIT License
18.07k stars 1.65k forks source link

Add option to disable TLS certificate validation of Onvif connection #7944

Open andornaut opened 11 months ago

andornaut commented 11 months ago

Describe what you are trying to accomplish and why in non technical terms I'd like to disable TLS certificate validation of Onvif connections to a PTZ camera that has HTTPS enabled, but does not have a valid certificate installed.

Describe the solution you'd like I'd like there to be an option, such as onvif.tls_insecure:true to disable certificate validation.

Environment

Deployment method: Docker Version: 0.13.0-0858859 (0.13.0 Beta 2) Logs:

2023-09-25 11:44:43.958023107  [2023-09-25 11:44:43] frigate.ptz.onvif ERROR : 
Unable to connect to camera: REDACTED: Unknown error: 
HTTPSConnectionPool(host='REDACTED', port=443):
Max retries exceeded with url: /onvif/media_service (Caused by 
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
unable to get local issuer certificate (_ssl.c:1123)')))
2023-0
github-actions[bot] commented 10 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

andornaut commented 10 months ago

Bumping to prevent the bot from closing this issue.

github-actions[bot] commented 9 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

andornaut commented 9 months ago

Bumping to prevent the bot from closing this issue.

github-actions[bot] commented 8 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

andornaut commented 8 months ago

Bumping to prevent the bot from closing this issue.

github-actions[bot] commented 7 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

andornaut commented 7 months ago

Bump for the stale bot

Szewcson commented 6 months ago

I also encountered that problem. Other way to solve it will be scripting adding selfsigned rootcert to the frigate container. Unfortunately I'm not figured out yet how I can run update-ca-certificates from compose yaml.

Szewcson commented 6 months ago

I see that is more important to fix it here, since according to that issue https://github.com/moby/moby/issues/44849 appending something to entrypoint/command in docker compose is not possible at all.

github-actions[bot] commented 5 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

andornaut commented 5 months ago

Bump for the stale bot

edestecd commented 2 months ago

Same issue here. Is there any workaround?

edestecd commented 2 months ago

This code would prob work: https://github.com/FalkTannhaeuser/python-onvif-zeep/issues/85

edestecd commented 2 months ago 
from onvif import ONVIFCamera
from requests import Session
from zeep.transports import Transport

session = Session()
session.verify = False # Only if you need to not validate certificates, not recommended for production
transport = Transport(session=session)

# You have to specify https in the hostname for it to work properly
mycam = ONVIFCamera('https://1.1.1.1', 443, 'admin', '1234', transport=transport)
edestecd commented 2 months ago

IT prob needs to go in here: https://github.com/blakeblackshear/frigate/blob/6102e9e5ea7f0df1e0f82317da83fd39d6341180/frigate/ptz/onvif.py#L34

I might try to edit it in my running container this evening

scottshanafelt commented 6 days ago

Just adding that I'm having this issue as well