search

marconfus / ha-nefit-ng

Rewrite of the „nefit“ component. Still in development!
11 stars 4 forks source link

SSL error with HA Docker image #21

Open svheel opened 5 years ago

svheel commented 5 years ago

Since upgrading to HA 0.97 I get the following error from the Nefit component:

2019-08-23 17:01:41 DEBUG (MainThread) [aionefit] Initializing XMPP client
2019-08-23 17:01:41 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 774, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1076)
2019-08-23 17:01:41 ERROR (MainThread) [slixmpp.xmlstream.xmlstream] CERT: Invalid certificate trust chain.
2019-08-23 17:01:51 WARNING (MainThread) [homeassistant.components.climate] Setup of platform nefit is taking over 10 seconds.
2019-08-23 17:01:51 WARNING (MainThread) [homeassistant.components.climate] Platform nefit not ready yet. Retrying in 180 seconds.

I'm using the latest Docker image (HA 0.97.2 currently). I'm not sure what's going on here, but have a feeling it is related to the Docker image. Maybe the version of some library used in the Docker image? In the release-notes of HA 0.97 I see that they've upgraded the Docker image to use Debian Buster.

alextud commented 5 years ago

I have same issue, are there any workarounds ?

svheel commented 5 years ago

I have same issue, are there any workarounds ?

I'm afraid I don't have a workaround (I'm not a Python developer) and the component has been broken for some time now for me. That's why I was hoping maybe @marconfus could help.

squindahr commented 5 years ago

Is changing the SSL config a solution? Worked for me in Raspbian, did not try it in Docker.

Edit the file /etc/ssl/openssl.cnf and change the following keys to these values: MinProtocol = None CipherString = DEFAULT

From: https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#openssl-defaults

alextud commented 5 years ago

It also worked for me. Thanks @squindahr

svheel commented 5 years ago

Thanks @squindahr this also works for the Docker image, although you have to override the openssl.cnf file inside the image with one of your own and change the MinProtocol and CipherString settings as you suggested.

So for now there is a workaround to get it to work with the official HA docker image, but it would be great if somehow the component is able to override these openssl.cnf settings (if that's at all possible).

trizz commented 5 years ago

Apperantly my connection issues were also caused by those SSL errors, and after some digging I came to the following conclusions:

I've upgraded my Docker image to the 0.98 version, and the SSL errors are gone.

svheel commented 5 years ago

I tried the new HA Docker image for version 0.98 and you're right @trizz the component works fine now. I still wonder if there's a fix possible in the component to make sure it keeps working regardless of the settings in openssl.cnf.