Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support for client side certifactes #66

Open
maxandersen opened this issue Dec 12, 2018 · 6 comments
Open

support for client side certifactes #66

maxandersen opened this issue Dec 12, 2018 · 6 comments
Labels
pinned
Projects
next release

Comments

@maxandersen
Copy link
Contributor

those using HA requiring client side certificates should have a way to run.

curl uses --key for the key and --cert for the certificate. i.e.

curl -v \
  --cacert ./ca.pem \
  --key ./admin-key.pem \
  --cert ./admin.pem \
  https://xxxx/api/v1/

requests supports all three as documented at http://docs.python-requests.org/en/master/user/advanced/
idea from this thread: https://www.reddit.com/r/homeassistant/comments/a56qwa/hasscli_new_command_line_tool_for_home_assistant/eblbjjy/?context=3
maxandersen added a commit to maxandersen/home-assistant-cli that referenced this issue Dec 12, 2018
@maxandersen
Add support for client side certificate
c97719e 
Why:

 * Asked by user in home-assistant-ecosystem#66 to have fully secure connection

This change addreses the need by:

 * hass-cli will pass certificate to requests when using `--cert <pathtopem>`
   or HASS_CERT env.
maxandersen added a commit to maxandersen/home-assistant-cli that referenced this issue Dec 12, 2018
@maxandersen
Add support for client side certificate
c5b3c3f 
Why:

 * Asked by user in home-assistant-ecosystem#66 to have fully secure connection

This change addreses the need by:

 * hass-cli will pass certificate to requests when using `--cert <pathtopem>`
   or HASS_CERT env.
maxandersen added a commit that referenced this issue Dec 12, 2018
@maxandersen
Add support for client side certificate
909436a 
Why:

 * Asked by user in #66 to have fully secure connection

This change addreses the need by:

 * hass-cli will pass certificate to requests when using `--cert <pathtopem>`
   or HASS_CERT env.
@maxandersen maxandersen added this to To do in next release Dec 13, 2018
@maxandersen maxandersen moved this from To do to Needs review in next release Dec 13, 2018
maxandersen added a commit that referenced this issue Dec 17, 2018
@maxandersen
Add support for client side certificate
ad6928e 
Why:

 * Asked by user in #66 to have fully secure connection

This change addreses the need by:

 * hass-cli will pass certificate to requests when using `--cert <pathtopem>`
   or HASS_CERT env.
maxandersen added a commit that referenced this issue Dec 17, 2018
@maxandersen
Add support for client side certificate
31c25d0 
Why:

 * Asked by user in #66 to have fully secure connection

This change addreses the need by:

 * hass-cli will pass certificate to requests when using `--cert <pathtopem>`
   or HASS_CERT env.
@stale
Copy link

stale bot commented Feb 10, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Feb 10, 2019
@stale
Copy link

stale bot commented Apr 11, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Apr 11, 2019
@stale stale bot closed this as completed Apr 18, 2019
next release automation moved this from Needs review to Done Apr 18, 2019
@poofyteddy
Copy link

Hello,
I'm running into this issue, python throw me a CERTIFICATE_VERIFY_FAILED, but to my mind it shouldn't since the Cacert who signed the hass cert is in the system catalog. Curl return no issue.
Sadly adding my cacert with the --cert parameter didn't work, and using PYTHONHTTPSVERIFY=0 also failed.
I really need to be able to use this awesome feature in order to cleanly restart zwave from systemd, so How can i help ?

@maxandersen
Copy link
Contributor Author

At the moment im traveling without a laptop so can't try anything - will be back in a week or so.

Until then if you want to try and fix it look at the related commits and see where the certs are passed in and see if you can make it work.

Otherwise if you can provide me with stood on how to reproduce your setup then I can try when I'm back.

@maxandersen maxandersen reopened this Aug 11, 2019
next release automation moved this from Done to In progress Aug 11, 2019
@stale stale bot removed the wontfix label Aug 11, 2019
@poofyteddy
Copy link

poofyteddy commented Aug 13, 2019
edited

so i'm very bad when stuff look like real code, and not simple script.
i didn't manage to understand the way it run, and i will need to draw it out to get it, but i did a bit of googling, and doing this made it work
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
I have 2 issue with it, first it's outside of the code, not inside. i need to browse the doc of the request lib. The second is that I'm pretty sure that some distro save there system bundle at another place ... which don't help compatibility :(
I'll keep looking

EDIT:

it seam that it can be given to requests like this :

s = requests.Session()
s.verify = '/path/to/certfile'

But the issue of what to import stay the same :(
https://gist.github.com/CMCDragonkai/f5f76b8eb13e7579aba3

@stale
Copy link

stale bot commented Oct 12, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Oct 12, 2019
@stale stale bot closed this as completed Oct 19, 2019
next release automation moved this from In progress to Done Oct 19, 2019
@maxandersen maxandersen reopened this Oct 20, 2019
next release automation moved this from Done to In progress Oct 20, 2019
@stale stale bot removed the wontfix label Oct 20, 2019
@s00500 s00500 mentioned this issue Dec 14, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pinned
Projects
next release
  
In progress
Milestone
No milestone
Development

No branches or pull requests
2 participants
@maxandersen @poofyteddy