New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pass configured host string instead of always forcing an ip-address #23164
Conversation
Pass the configured host (https://www.home-assistant.io/components/homematic/#host) instead of always forcing an ip-address. This is required to get SSL certificate validation working.
Hey there @pvizeli, @danielperna84, mind taking a look at this pull request as its been labeled with a integration ( |
@@ -262,7 +262,7 @@ def setup(hass, config): | |||
# Create hosts-dictionary for pyhomematic | |||
for rname, rconfig in conf[CONF_INTERFACES].items(): | |||
remotes[rname] = { | |||
'ip': socket.gethostbyname(rconfig.get(CONF_HOST)), | |||
'ip': rconfig.get(CONF_HOST), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is only for xmlrpc server they we run. You are sure that you not only mean the settings from hosts part?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry I don't get what you mean. I'm using Home Assistant for three days now and not very familiar with the whole stuff. Without the changes I got the following exception:
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic.connection] HMConnection: Creating server object
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic._hm] ServerThread.__init__
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic._hm] __init__: Creating proxies
2019-04-16 07:58:42 INFO (SyncWorker_19) [pyhomematic._hm] Creating proxy rf. Connecting to 192.168.100.74:42001
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic._hm] LockingServerProxy.__init__: Getting local ip
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic._hm] LockingServerProxy.__init__: Got local ip 192.168.100.2
2019-04-16 07:58:42 INFO (SyncWorker_19) [pyhomematic._hm] Creating proxy ip. Connecting to 192.168.100.74:42010
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic._hm] LockingServerProxy.__init__: Getting local ip
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic._hm] LockingServerProxy.__init__: Got local ip 192.168.100.2
2019-04-16 07:58:42 INFO (SyncWorker_19) [pyhomematic._hm] Creating proxy raspberrymatic. Connecting to 192.168.100.74:2001
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic._hm] LockingServerProxy.__init__: Getting local ip
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic._hm] LockingServerProxy.__init__: Got local ip 192.168.100.2
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic._hm] RPCFunctions.__init__
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic._hm] RPCFunctions.__init__: iterating proxy = homeassistant-rf
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic._hm] RPCFunctions.__init__: iterating proxy = homeassistant-ip
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic._hm] RPCFunctions.__init__: iterating proxy = homeassistant-raspberrymatic
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic._hm] ServerThread.__init__: Setting up server
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic._hm] ServerThread.__init__: Registering RPC functions
2019-04-16 07:58:42 INFO (Thread-3) [pyhomematic._hm] Starting server at http://0.0.0.0:47051
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic._hm] ServerThread.proxyInit: init('http://192.168.100.2:47051', 'homeassistant-rf')
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic._hm] proxyInit: Exception: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: IP address mismatch, certificate is not valid for '192.168.100.74'. (_ssl.c:1056)
2019-04-16 07:58:42 WARNING (SyncWorker_19) [pyhomematic._hm] Failed to initialize proxy
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic._hm] ServerThread.proxyInit: init('http://192.168.100.2:47051', 'homeassistant-ip')
2019-04-16 07:58:42 DEBUG (SyncWorker_19) [pyhomematic._hm] proxyInit: Exception: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: IP address mismatch, certificate is not valid for '192.168.100.74'. (_ssl.c:1056)
2019-04-16 07:58:42 WARNING (SyncWorker_19) [pyhomematic._hm] Failed to initialize proxy
All those created proxies are connecting to an IP address (as previously forced). And as far as I understand the settings used beneath the line pyhomematic/_hm.py#L521 come from remotes
settings.
But maybe I am completely lost at the moment :-/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pvizeli
socket.gethostbyname
turns myhost.local
into 192.168.1.123
. So even with the hostname correctly set in configuration.yaml, the component initializes pyhomematic with the IP addresses. pyhomematic has gained SSL support since the release of the CCU3 (and recent RaspberryMatic releases). Verification of course fails because the IP address never matches the hostname of the certificate.
Codecov Report
@@ Coverage Diff @@
## dev #23164 +/- ##
======================================
Coverage 94.2% 94.2%
======================================
Files 453 453
Lines 36913 36913
======================================
Hits 34773 34773
Misses 2140 2140
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For me is fine. @danielperna84 ?
@pvizeli |
Could this PR be added to the 0.93 milestone? |
Pass the configured host (https://www.home-assistant.io/components/homematic/#host) instead of always forcing an ip-address. This is required to get SSL certificate validation working.
Breaking Change:
Not that I'm aware of
Description:
The current implementation in the component at lines homeassistant/components/homematic/init.py#L265 and homeassistant/components/homematic/init.py#L281 always forces an ip-address passed to pyhomematic. This made it practically impossible to get SSL certificate validation working. With the proposed changes the configured value for host is passed to pyhomematic. If a user wants to pass an ip-address he is free to do.
Talking to @danielperna84 the maintainer of pyhomematic he wasn't even aware of this. I would have renamed the key
'id'
to'host'
but @danielperna84 said it's not worth the effort as pyhomematic has to be adpted than as well.This is my first pull request for Home Assistant so please bear with me if I have forgotten something.
Checklist:
tox
. Your PR cannot be merged unless tests passIf user exposed functionality or configuration variables are added/changed:
If the code communicates with devices, web services, or third-party tools:
requirements
in the manifest (example).requirements_all.txt
by runningscript/gen_requirements_all.py
..coveragerc
.If the code does not interact with devices: