search

diyhue / diyHue

Main diyHue software repo
https://diyhue.org/
Other
1.52k stars 274 forks source link

install.sh: both certificate generation methods fail #966

Open Jokeronomy opened 7 months ago

Jokeronomy commented 7 months ago

Issue does not already exist?

I have searched and found no existing issue

Select Environment

Install Script

Home Assistant related?

No

Description

Both the primary and fallback certificate generation methods fail, for different reasons. Primary method command is this: faketime '2017-01-01 00:00:00' openssl req -new -config openssl.conf -nodes -x509 -newkey ec -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve -subj "/C=NL/O=Philips Hue/CN=$serial" -keyout private.key -out public.crt -set_serial $dec_serial -days 7670 The above command fails because -config openssl.conf is not a valid config file. On my RPI where I have this installed, it was resolved by specifying the full path of the openssl config file. /etc/ssl/openssl.cnf I'm not sure, however, if this solution is portable to other platforms. It was NOT resolved by changing openssl.conf to openssl.cnf in the short manner.

Secondary method is this: curl -k "https://certgen.lightningdark.com/gencert?mac=$mac" > /opt/hue-emulator/cert.pem This method fails because there is no longer a certificate generation service at certgen.lightningdark.com. The domain MAY be parked. The generated 'certificate' is the response page for a 404 error.

Errorlog:

Error output for primary method is below. Secondary method only produces an incorrect file, not an error.

Can't open openssl.conf for reading, No such file or directory
1995925888:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('openssl.conf','r')
1995925888:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
 ERROR!! Local certificate generation failed! Attempting remote server generation

Steps to reproduce

Because I was diagnosing specifically an issue with the certificate not generating, and in an upgraded installation, I manually pulled the certificate generation portion out of the full script and put it into a shortened script. This is my best guess on how the issue would be reproduced in a clean environment: 1) download install.sh 2) run install.sh 3) specify network connection per the script 4) Observe both certificate generation methods fail (I'm not sure if the certificate not generating appropriately is fatal to the main script)

Please enter your operating system details here

Linux 5.10.103-v7+ armv7l

What DiyHue version(branch) are you using?

master (latest)

mariusmotea commented 7 months ago

i fix my local certificate generation service, see #942

Jokeronomy commented 7 months ago

This is not that. If I'm following the automatic setup instructions in the Diyhue documentation, the downloaded script has this line for the failback certificate generation method: curl "https://certgen.lightningdark.com/gencert?mac=$mac" > /opt/hue-emulator/cert.pem So it is not set up to use your certificate generation service. Further, per the original report, the primary cert generation method wont ever succeed (at least on my system)

mariusmotea commented 7 months ago

will update this today

igorcv88 commented 7 months ago

This should've been fixed by #971

Jokeronomy commented 7 months ago

I'll test this soon, based on what I'm reading and seeing it might fix the primary method - the backup method is still set up to use a discontinued service. I can try making a PR for that, seems like that would be a simple change.

Jokeronomy commented 7 months ago

On second glance, I dont think #971 has any bearing on this one. This issue was not with python, it was specifically with the openssl certificate generation. I was able to change the backup method to a working service, I don't know if changing -config openssl.conf to -config /etc/ssl/openssl.cnf is an acceptable and / or portable solution to that issue. if it is I can make that PR too.