SSL Error after Providing Login URL during wideq_state.json Generation

[kitt-schlatter]

While following the recommended steps to obtain a refresh_token via wideq, I received the following error after pasting the redirect URL:

Full Error Message

``` Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 600, in urlopen chunked=chunked) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 343, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 841, in _validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 344, in connect ssl_context=context) File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 344, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.7/ssl.py", line 412, in wrap_socket session=session File "/usr/lib/python3.7/ssl.py", line 853, in _create self.do_handshake() File "/usr/lib/python3.7/ssl.py", line 1117, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1056) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/requests/adapters.py", line 449, in send timeout=timeout File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 638, in urlopen _stacktrace=sys.exc_info()[2]) File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 398, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='aic.lgthinq.com', port=46030): Max retries exceeded with url: /api/member/login (Caused by SSLError(SSLError(1, '[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1056)'))) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "example.py", line 176, in example(sys.argv[1:]) File "example.py", line 162, in example example_command(client, args) File "example.py", line 139, in example_command ls(client) File "example.py", line 25, in ls for device in client.devices: File "/home/pi/wideq/wideq.py", line 489, in devices self._devices = self.session.get_devices() File "/home/pi/wideq/wideq.py", line 480, in session self._session, self._devices = self.auth.start_session() File "/home/pi/wideq/wideq.py", line 270, in start_session session_info = login(self.gateway.api_root, self.access_token) File "/home/pi/wideq/wideq.py", line 192, in login return lgedm_post(url, data) File "/home/pi/wideq/wideq.py", line 124, in lgedm_post res = requests.post(url, json={DATA_ROOT: data}, headers=headers) File "/usr/lib/python3/dist-packages/requests/api.py", line 116, in post return request('post', url, data=data, json=json, **kwargs) File "/usr/lib/python3/dist-packages/requests/api.py", line 60, in request return session.request(method=method, url=url, **kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='aic.lgthinq.com', port=46030): Max retries exceeded with url: /api/member/login (Caused by SSLError(SSLError(1, '[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1056)'))) ```

I believe my account is setup as a US/US-en one, so changing the country and language values in wideq.py shouldn't be necessary as others have recommended. Addtionally, the URL I'm passing in is of the format:

https://us.m.lgaccount.com/login/iabClose?access_token=<hexstring>&refresh_token=<hexstring>&oauth2_backend_url=https://us.lgeapi.com/

Which should be correct as I understand?

I even tried taking the refresh_token as it was listed in the URL and using that inside of the configuration.yaml file, but doing so resulted in a token error when I tail the home-assistant.log file after a fresh reboot.

Obviously something is going on with obtaining a proper token, but I'm really not sure what.

Any ideas?

[sampsyo]

That's pretty strange! I'm actually not sure the token is the problem. This error is saying something along the lines of "the low-level SSL communication stack has rejected this server's cipher suite," which is something that happens way before (i.e., lower down in the stack than) exchanging the LG authentication token.

I've verified that the URL I paste to log in is in the same format, and everything's working here (Python 3.7.3, installed from Homebrew).

Errors like this can sometimes be blamed on a weird Python setup or an old SSL library. Any chance you could try from a different system with a different Python library to see if you have more luck?

[kitt-schlatter]

I'm currently running all of this from a stock fresh install of hassbian via ssh. I did an apt-get update and upgrade for good measure, but got the same results; python3 version is 3.7.3rcl and openssl version is 1.1.1b. As far as I can tell, both of these should be sufficiently up to date.

I can try doing a fresh install of a different linux distro on the Pi and running wideq again on that to see if anything different happens. In the meantime, I noticed that each time I log in via the URL provided by wideq, the refresh_token and access_tokens are different. Just to make sure: is that supposed to be the case? Or should they remain the same each time?

[sampsyo]

Yep, those will be different every time.

To avoid reimaging your Pi for nothing, maybe you could try it on your "normal" machine, i.e., a laptop or whatever?

[kitt-schlatter]

An update: I was able to successfully run wideq on my windows machine via powershell without an error. I used that token in my configuration.yaml, which looks like so:

Configuration Section

``` # SmartThinQ climate: - platform: smartthinq refresh_token: '' ```

After rebooting and checking the home-assistant.log file, I see it's attempting to load the smartthinq custom component, but is getting this error:

Full Error Message

``` 2019-05-26 22:00:19 WARNING (MainThread) [homeassistant.loader] You are using a custom integration for smartthinq which has not been tested by Home Assistant. This component might cause stability problems, be sure to disable it if you do experience issues with Home Assistant. 2019-05-26 22:00:20 ERROR (MainThread) [homeassistant.components.device_tracker] Unable to load /home/homeassistant/.homeassistant/known_devices.yaml: Config file not found: /home/homeassistant/.homeassistant/known_devices.yaml 2019-05-26 22:00:36 ERROR (MainThread) [homeassistant.components.climate] Error while setting up platform smartthinq Traceback (most recent call last): File "/srv/homeassistant/lib/python3.7/site-packages/urllib3/contrib/pyopenssl.py", line 456, in wrap_socket cnx.do_handshake() File "/srv/homeassistant/lib/python3.7/site-packages/OpenSSL/SSL.py", line 1915, in do_handshake self._raise_ssl_error(self._ssl, result) File "/srv/homeassistant/lib/python3.7/site-packages/OpenSSL/SSL.py", line 1647, in _raise_ssl_error _raise_current_error() File "/srv/homeassistant/lib/python3.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue raise exception_type(errors) OpenSSL.SSL.Error: [('SSL routines', 'ssl_choose_client_version', 'unsupported protocol')] During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/srv/homeassistant/lib/python3.7/site-packages/urllib3/connectionpool.py", line 600, in urlopen chunked=chunked) File "/srv/homeassistant/lib/python3.7/site-packages/urllib3/connectionpool.py", line 343, in _make_request self._validate_conn(conn) File "/srv/homeassistant/lib/python3.7/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn conn.connect() File "/srv/homeassistant/lib/python3.7/site-packages/urllib3/connection.py", line 344, in connect ssl_context=context) File "/srv/homeassistant/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 345, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/srv/homeassistant/lib/python3.7/site-packages/urllib3/contrib/pyopenssl.py", line 462, in wrap_socket raise ssl.SSLError('bad handshake: %r' % e) ssl.SSLError: ("bad handshake: Error([('SSL routines', 'ssl_choose_client_version', 'unsupported protocol')])",) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/srv/homeassistant/lib/python3.7/site-packages/requests/adapters.py", line 449, in send timeout=timeout File "/srv/homeassistant/lib/python3.7/site-packages/urllib3/connectionpool.py", line 638, in urlopen _stacktrace=sys.exc_info()[2]) File "/srv/homeassistant/lib/python3.7/site-packages/urllib3/util/retry.py", line 399, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='aic.lgthinq.com', port=46030): Max retries exceeded with url: /api/member/login (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl_choose_client_version', 'unsupported protocol')])"))) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/srv/homeassistant/lib/python3.7/site-packages/homeassistant/helpers/entity_platform.py", line 126, in _async_setup_platform SLOW_SETUP_MAX_WAIT, loop=hass.loop) File "/usr/lib/python3.7/asyncio/tasks.py", line 416, in wait_for return fut.result() File "/usr/lib/python3.7/concurrent/futures/thread.py", line 57, in run result = self.fn(*self.args, **self.kwargs) File "/home/homeassistant/.homeassistant/custom_components/smartthinq/climate.py", line 41, in setup_platform client = wideq.Client.from_token(refresh_token) File "/srv/homeassistant/lib/python3.7/site-packages/wideq.py", line 570, in from_token client.refresh() File "/srv/homeassistant/lib/python3.7/site-packages/wideq.py", line 557, in refresh self._session, self._devices = self.auth.start_session() File "/srv/homeassistant/lib/python3.7/site-packages/wideq.py", line 270, in start_session session_info = login(self.gateway.api_root, self.access_token) File "/srv/homeassistant/lib/python3.7/site-packages/wideq.py", line 192, in login return lgedm_post(url, data) File "/srv/homeassistant/lib/python3.7/site-packages/wideq.py", line 124, in lgedm_post res = requests.post(url, json={DATA_ROOT: data}, headers=headers) File "/srv/homeassistant/lib/python3.7/site-packages/requests/api.py", line 116, in post return request('post', url, data=data, json=json, **kwargs) File "/srv/homeassistant/lib/python3.7/site-packages/requests/api.py", line 60, in request return session.request(method=method, url=url, **kwargs) File "/srv/homeassistant/lib/python3.7/site-packages/requests/sessions.py", line 533, in request resp = self.send(prep, **send_kwargs) File "/srv/homeassistant/lib/python3.7/site-packages/requests/sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "/srv/homeassistant/lib/python3.7/site-packages/requests/adapters.py", line 514, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='aic.lgthinq.com', port=46030): Max retries exceeded with url: /api/member/login (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl_choose_client_version', 'unsupported protocol')])"))) ```

[sampsyo]

Weird! I think you can indeed blame the Python/SSL/etc. stack on your Pi. Not exactly sure what went wrong, but switching OSes is likely to fix it.

[kitt-schlatter]

Alright, after a bit more investigation (aka, googling =P) I found this stackoverflow thread which solved the issue for me: https://stackoverflow.com/questions/55680224/how-to-fix-requests-exceptions-sslerror

Basically, I had to modify /etc/ssl/openssl.cnf so that the MinProtocol value under the [system_default_sect] section was changed to TLSv1.0. After doing that I was able to run wideq properly.

At this point, where should I be able to see hass-smartthinq to confirm if it's running properly? I don't see anything when I look at the list of integrations, but perhaps I'm looking in the wrong spot. I see some errors in home-assistant.log but I'm not sure they're related to this custom component. What should I be able to see if it's running successfully?

Thanks again for all your help so far.

[sampsyo]

Great! Seems like that would do it.

It should be working if you don't see any errors that aren't explicitly attributed as coming from the SmartThinQ component. If you have an AC unit already associated with your account, it should appear now in HA.

[kitt-schlatter]

Alright, so-very close now. I'm getting the following error both in home-assistant.log and within the alerts section of the Home Assistant UI:

2019-05-27 21:42:07 ERROR (SyncWorker_2) [custom_components.smartthinq.climate] SmartThinQ device not available: AIR CONDITIONER

And that's all the information it gives me. This occurs regardless of whether or not I have the AC unit turned on or off.

Edit: This seems to be a problem with the SmartThinQ app itself, as the device is showing as disconnected even there. I'll go ahead and close this issue as the original problem seems to have been resolved now!

[sampsyo]

That occurs when the LG servers report that the device can't be contacted. It happens for me sometimes when the device seems to lose its WiFi connection. In these cases, I had to remove the little WiFi module and plug it back in to get it to reassociate.