Unable to retrieve data from AEMET

outon / HomeAssistant-AEMET

AEMET: Home Assistant Custom Weather Component

MIT License

11 stars 7 forks source link

Unable to retrieve data from AEMET #12

Closed obaldius closed 4 years ago

obaldius commented 4 years ago

Hi there, thanks for this great component. I've been finding this issue lately

Unable to retrieve data from AEMET. HTTPSConnectionPool(host='opendata.aemet.es', port=443): Max retries exceeded with url: /opendata/api/observacion/convencional/datos/estacion/1505?api_key=secret (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

what's weird about it is that if I go to opendata.aemet.es/opendata/api/observacion/convencional/datos/estacion/1505?api_key=secret

data shows up as it should

thanks in advanced

barto64 commented 4 years ago

Same in here ... I can see also this error:

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)

It may be related to the latest HA 113 version

Thanks for making this great component for the Spaniards 👍

outon commented 4 years ago

This problem has nothing to do with the component but with the remote server. The best solution is to fix the website. And that's out of my hands.

If a check is made in SSL Labs we can find among the conclusions that: "This server's certificate chain is incomplete"

The opendata.aemet.es web server is apparently incorrectly configured. Precisely the error that is being reported is that the SSL certificate cannot be verified

On our side, we could ignore any certificate error by modifying line 141 of the aemet/aemet.py file

response = requests.get(data_url, params=params, verify=False)

I am wondering whether this would be a final solution or whether it would be irresponsible of me to skip the check.

Maybe you find that I make this change in a future but right now you should modify it by your self in your local copy.

obaldius commented 4 years ago

one last thing, I'm a newbie so.. is this really unsafe to set the verify=False?

outon commented 4 years ago

Si no se verifica la conexión cualquiera puede ponerse en medio de la comunicación y hacer un ataque de MITM.

https://web.archive.org/web/20170829220032/http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

obaldius commented 4 years ago

Muchas gracias :)