mvdwetering / aiohuesyncbox

Asyncio package to communicate with Philips Hue Play HDMI Sync Box.
Apache License 2.0
4 stars 0 forks source link

Hue sync box 8k cert seems has changed #5

Closed bishengliu7 closed 1 month ago

bishengliu7 commented 1 month ago

aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host 192.168.31.183:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)')] 2024-09-19 21:34:49.028 DEBUG (MainThread) [custom_components.huesyncbox.config_flow] async_step_link, ConnectionInfo(host='192.168.31.183', unique_id='C4299600EBDA', access_token=None, registration_id=None, port=443, path='/api') 2024-09-19 21:34:49.028 DEBUG (MainThread) [custom_components.huesyncbox.config_flow] async_step_link, asyncio.async_show_progress_done registered=False 2024-09-19 21:34:49.033 DEBUG (MainThread) [custom_components.huesyncbox.config_flow] async_step_abort, None

Connecting to 192.168.31.183
CONNECTED(00000003)
depth=0 C=NL, O=Philips Hue, CN=C4299600EBDA, OU=HSB2
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C=NL, O=Philips Hue, CN=C4299600EBDA, OU=HSB2
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 C=NL, O=Philips Hue, CN=C4299600EBDA, OU=HSB2
verify return:1
---
Certificate chain
 0 s:C=NL, O=Philips Hue, CN=C4299600EBDA, OU=HSB2
   i:C=NL, O=Philips Hue, CN=root-hsb
   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA256
   v:NotBefore: Oct 29 01:44:39 2022 GMT; NotAfter: Dec 31 23:59:59 9999 GMT
-----BEGIN CERTIFICATE-----
MIICLjCCAdSgAwIBAgIHAMQplgDr2jAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJO
TDEUMBIGA1UECgwLUGhpbGlwcyBIdWUxETAPBgNVBAMMCHJvb3QtaHNiMCIYDzIw
MjIxMDI5MDE0NDM5WhgPOTk5OTEyMzEyMzU5NTlaMEkxCzAJBgNVBAYTAk5MMRQw
EgYDVQQKDAtQaGlsaXBzIEh1ZTEVMBMGA1UEAwwMQzQyOTk2MDBFQkRBMQ0wCwYD
VQQLDARIU0IyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDohDNNRKkJ//VHOj
lgh98m0cg9OtrOzwIsS61rr1qvCqkeSewfa06nXxmVQ2IHTCJW5yUJ8reL2bQh+v
Inu3EKOBtTCBsjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE
DDAKBggrBgEFBQcDATAdBgNVHQ4EFgQU+buvop3oH0aSEL1bk0UHkEU8i18wXgYD
VR0jBFcwVYAUyAWBz+c8UzPFUYPqvasLnVexjdqhOqQ4MDYxCzAJBgNVBAYTAk5M
MRQwEgYDVQQKDAtQaGlsaXBzIEh1ZTERMA8GA1UEAwwIcm9vdC1oc2KCAQEwCgYI
KoZIzj0EAwIDSAAwRQIgeacEPD4F5PHZGBF0ugJNiJpSVWq+UEiC7HaNq290xV4C
IQDWqEDItEGKIiul+epmFBg1Ft1MPdTbhwLDm8Nwx7clbA==
-----END CERTIFICATE-----
mvdwetering commented 1 month ago

That is weird my 8K box works fine. Was already happy that it just worked.

After a bit of searching it seems like the output is generated by OpenSSL. The Syncbox needs/uses a custom cert file and servername to make it validate. I am not really familiar with OpenSSL commandline, but when using the parameters below it gives similar output to what you posted (and more), but does not seem to give verify errors.

Could you try it on your setup with the additional options? It should be copy-pastable for your setup. Pem file is attached with txt extension because Github would not let me add it otherwise.

If you used another command that is better I would be interested to learn about that.

openssl s_client -connect 192.168.31.183:443 -servername C4299600EBDA -CAfile hsb_cacert.pem.txt

hsb_cacert.pem.txt

bishengliu7 commented 1 month ago

Closing this and let's keep the discussion at https://github.com/mvdwetering/huesyncbox/issues/128, Thanks!