search

zivillian / ism7mqtt

GNU General Public License v3.0
56 stars 10 forks source link

SSL | Authentication failed #45

Closed dev-da77 closed 1 year ago

dev-da77 commented 1 year ago

I run the following command on an ARCHLINUXARM device:

./ism7mqtt -m <homeassistant ip> -i <ism7 ip> -p <ism7 password> -t ../parameter.json --mqttuser=<homeassistant mqtt user> --mqttpass=<homeassistant mqtt password>

My MQTT server is at my homeassistant device (mosquitto broker).

And I have trouble with SSL:

System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
 ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
 ---> Interop+Crypto+OpenSslCryptographicException: error:0A000152:SSL routines::unsafe legacy renegotiation disabled
   --- End of inner exception stack trace ---
   at Interop.OpenSsl.DoSslHandshake(SafeSslHandle , ReadOnlySpan`1 , Byte[]& , Int32& )
   at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials , SafeDeleteSslContext& , ReadOnlySpan`1 , Byte[]& , SslAuthenticationOptions )
   --- End of inner exception stack trace ---
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter , Boolean , Byte[] , Boolean )
   at ism7mqtt.Ism7Client.ConnectAsync(CancellationToken cancellationToken) in /home/runner/work/ism7mqtt/ism7mqtt/src/ism7mqtt/ISM7/Ism7Client.cs:line 87
   at ism7mqtt.Ism7Client.RunAsync(String password, CancellationToken cancellationToken) in /home/runner/work/ism7mqtt/ism7mqtt/src/ism7mqtt/ISM7/Ism7Client.cs:line 51
   at ism7mqtt.Program.Main(String[] args) in /home/runner/work/ism7mqtt/ism7mqtt/src/ism7mqtt/Program.cs:line 131
Unhandled exception. System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
 ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
 ---> Interop+Crypto+OpenSslCryptographicException: error:0A000152:SSL routines::unsafe legacy renegotiation disabled
   --- End of inner exception stack trace ---
   at Interop.OpenSsl.DoSslHandshake(SafeSslHandle , ReadOnlySpan`1 , Byte[]& , Int32& )
   at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials , SafeDeleteSslContext& , ReadOnlySpan`1 , Byte[]& , SslAuthenticationOptions )
   --- End of inner exception stack trace ---
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter , Boolean , Byte[] , Boolean )
   at ism7mqtt.Ism7Client.ConnectAsync(CancellationToken cancellationToken) in /home/runner/work/ism7mqtt/ism7mqtt/src/ism7mqtt/ISM7/Ism7Client.cs:line 87
   at ism7mqtt.Ism7Client.RunAsync(String password, CancellationToken cancellationToken) in /home/runner/work/ism7mqtt/ism7mqtt/src/ism7mqtt/ISM7/Ism7Client.cs:line 51
   at ism7mqtt.Program.Main(String[] args) in /home/runner/work/ism7mqtt/ism7mqtt/src/ism7mqtt/Program.cs:line 131
   at ism7mqtt.Program.<Main>(String[] args)
Abgebrochen (Speicherabzug geschrieben)

*.crt of HOMEASSISTANT (self-signed) is known by ARCHLINUXARM device (sudo trust anchor --store <***>.crt)

zivillian commented 1 year ago

You need to enable unsafe legacy renegotiation. You need to create an openssl.cnf file and either set an env variable (e.g. in your ism7mqtt.service) OPENSSL_CONF=/path/to/your/openssl.cnf or prefix your command with

$ OPENSSL_CONF=/path/to/your/openssl.cnf ./ism7mqtt -m <homeassistant ip> ...
dev-da77 commented 1 year ago

That's it. Thank you. I receive data now :-)