-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Calculated fingerprint differs from Tasmota autolearned fingerprint #1
Comments
Good catch! It seems related to this patch but I can't find any documentation explaining what exactly was changed (or why, except for comments suggesting the new fingerprint ought to be more secure) However a cursory look at the change suggests that it ought to accept and auto-update old fingerprints. Have you actually tried setting the fingerprint using the tool and seeing if TLS can negotiate? The expectation is that Tasmota will transparent update the certificate fingerprint for you after the first connection is made.... |
No I have not tried so far. But a good hint, I can try this and will give feedback after I had time. But never the less, I think there should be some version of tasmota-fingerprint available fitting to Tasmota v9.2.0. Will you go after this? |
Tasmota behaves like you described it. After setting the fingerprint which was calculated by tasmota-fingerprint, Tasmota learns the same fingerprint automatically which was learned after the fingerprint was set for auto learning to To be sure, that Tasmota does not always learn the MQTT fingerprint if it is not matching, I did following. I set the fingerprint to a altered version of the fingerprint which was calculated by tasmota-fingerprint. I have absolutely how this mechanism in Tasmota is working and why it was designed this way. |
@issacg s-hadinger provided the information why/how this functionality was implemented in the Tasmota discord chat (are you active there?). Here is the explanation: https://threadreaderapp.com/thread/1339101572832382981.html. I think you should consider this for patching tasmota-fingerprint. |
The Tasmota Fingerprint update feature will hopefully be disabled in a future release: arendst/Tasmota#10571 |
This is a valid case for updating tasmota-fingerprint, and I'll certainly do so when I have cycles. In the meantime, patches are welcome. And I hope that the fingerprint update won't be disabled, as it's the only feasible way to live-update existing devices. Not everyone is starting from scratch with a new MQTT server and new Tasmota devices. |
I see in the Tasmota Console: Why do I get other fingerprint values using these commands?
|
Answer from Stefan The fingerprint used in Tasmota is different from the fingerprint of the certificate shown by openssl. Tasmota uses a hash on the Public Key, not on the Certiicate. There are two reasons for this: The problem is that the only way to know your fingerprint is to use Tasmota in auto-learn and write down the fingerprint. |
I've made a pull request to update the fingerprint calculation: #2 |
Fixed in #2 |
Hi all,
I used https://github.com/issacg/tasmota-fingerprint to calculate the fingerprint of my certificate but this calculated fingerprint differs from the MqttFingerprint auto-learned by the Tasmota device. Could it be that there is a miss-alignment between Tasmota SW itself and the tasmota-fingerprint calculator? Has someone tested it with Tasmota v9.2.0 and tasmota-fingerprint v1.0.0?
The text was updated successfully, but these errors were encountered: