Certificate issues with aiohttp

Question

Certificate issues with aiohttp

Opened this issue 10 months ago · 6 comments

Hey all,
I am using a selfsigned certificate on my homeassistant install.

After installing the satelite on a different Pi I still get
ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)')]

(Something in the likes of what is described here https://raspberrypi.stackexchange.com/questions/76419/entrusted-certificates-installation)

To try to fix then I pretty much took my CA cert and did trust it using the systems ca-certificate config... but that did not change anything for aiohttp unfortunatly...

Any pointers ?

Answer 1 · 2023-10-13T19:37:07.000Z

Interestingly after I started to use my actual hostname (the one used in the certificate) I can get it to give a different error:

aiohttp.client_exceptions.ClientConnectorError: Cannot connect to host homeserver.bachi:8123 ssl:default [Network is unreachable]

Also strange, as I can ping it fine using that hostname. Also I am using this server and its self signed cert fine on my IOS devices (with the root cert installed there)

Answer 2 · 2023-10-13T19:39:37.000Z

It looks like we would need to extend it like this: https://docs.aiohttp.org/en/stable/client_advanced.html#ssl-control-for-tcp-sockets

Answer 3 · 2023-10-13T22:10:29.000Z

Hm another option for a cert? Or one for skip verify?

Answer 4 · 2023-10-14T13:55:08.000Z

Probably skip verification to start.

Answer 5 · 2023-10-22T11:47:52.000Z

My temporary solution for this issue was by changing line 27 in /homeassistant-satellite/homeassistant_satellite/remote.py

from
async with aiohttp.ClientSession() as session:

to

async with aiohttp.ClientSession(connector=aiohttp.TCPConnector(verify_ssl=False)) as session:

Answer 6 · 2023-10-30T22:09:52.000Z

Nice, I added a PR