Can't get it to work properly

[InventoCasa]

Hi there,

there seems to be something wrong with how the config of the MQTT Bridge is done. Everything works for me for approx. 2 minutes and I can control the TV during that time, but after that it doesn't work anymore and when I look into the log of my MQTT broker, it shows constant restarts (which are only there if I have the MQTT bridge to the Hisense TV defined):

Nov 05 14:58:40 homeassistant systemd[1]: mosquitto.service: Scheduled restart job, restart counter is at 68.
Nov 05 14:58:40 homeassistant systemd[1]: Stopped Mosquitto MQTT v3.1/v3.1.1 Broker.
Nov 05 14:58:40 homeassistant systemd[1]: Starting Mosquitto MQTT v3.1/v3.1.1 Broker...
Nov 05 14:58:40 homeassistant mosquitto[1183]: 1604584720: Loading config file /etc/mosquitto/conf.d/hisense.conf
Nov 05 14:58:40 homeassistant mosquitto[1183]: 1604584720: Warning: Bridge hisensemqtt using insecure mode.
Nov 05 14:58:40 homeassistant mosquitto[1183]: [397911.383058]~DLT~ 1183~INFO     ~FIFO /tmp/dlt cannot be opened. Retrying later...
Nov 05 14:58:40 homeassistant systemd[1]: Started Mosquitto MQTT v3.1/v3.1.1 Broker.
Nov 05 14:59:11 homeassistant systemd[1]: mosquitto.service: Main process exited, code=killed, status=11/SEGV
Nov 05 14:59:11 homeassistant systemd[1]: mosquitto.service: Failed with result 'signal'.
Nov 05 14:59:11 homeassistant systemd[1]: mosquitto.service: Scheduled restart job, restart counter is at 69.
Nov 05 14:59:11 homeassistant systemd[1]: Stopped Mosquitto MQTT v3.1/v3.1.1 Broker.
Nov 05 14:59:11 homeassistant systemd[1]: Starting Mosquitto MQTT v3.1/v3.1.1 Broker...
Nov 05 14:59:11 homeassistant mosquitto[1192]: 1604584751: Loading config file /etc/mosquitto/conf.d/hisense.conf
Nov 05 14:59:11 homeassistant mosquitto[1192]: 1604584751: Warning: Bridge hisensemqtt using insecure mode.
Nov 05 14:59:11 homeassistant mosquitto[1192]: [397942.882920]~DLT~ 1192~INFO     ~FIFO /tmp/dlt cannot be opened. Retrying later...
Nov 05 14:59:11 homeassistant systemd[1]: Started Mosquitto MQTT v3.1/v3.1.1 Broker.
Nov 05 14:59:43 homeassistant systemd[1]: mosquitto.service: Main process exited, code=killed, status=11/SEGV
Nov 05 14:59:43 homeassistant systemd[1]: mosquitto.service: Failed with result 'signal'.
Nov 05 14:59:43 homeassistant systemd[1]: mosquitto.service: Scheduled restart job, restart counter is at 70.
Nov 05 14:59:43 homeassistant systemd[1]: Stopped Mosquitto MQTT v3.1/v3.1.1 Broker.
Nov 05 14:59:43 homeassistant systemd[1]: Starting Mosquitto MQTT v3.1/v3.1.1 Broker...
Nov 05 14:59:43 homeassistant mosquitto[1201]: 1604584783: Loading config file /etc/mosquitto/conf.d/hisense.conf
Nov 05 14:59:43 homeassistant mosquitto[1201]: 1604584783: Warning: Bridge hisensemqtt using insecure mode.
Nov 05 14:59:43 homeassistant mosquitto[1201]: [397974.380772]~DLT~ 1201~INFO     ~FIFO /tmp/dlt cannot be opened. Retrying later...
Nov 05 14:59:43 homeassistant systemd[1]: Started Mosquitto MQTT v3.1/v3.1.1 Broker.

A closer look into /var/log/mosquitto shows the following:

1604586572: Connecting bridge (step 1) hisensemqtt (192.168.1.203:36669)
1604586572: Connecting bridge (step 2) hisensemqtt (192.168.1.203:36669)
1604586572: Error: Unable to load CA certificates, check bridge_cafile "/etc/mosquitto/conf.d/ca_certificates/hisense.crt".
1604586572: OpenSSL Error[0]: error:02001002:system library:fopen:No such file or directory
1604586572: OpenSSL Error[1]: error:2006D080:BIO routines:BIO_new_file:no such file
1604586572: OpenSSL Error[2]: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib

Apparently there is something wrong with my hisense.crt file. However, I created it according to your instructions and the file looks like this:

-----BEGIN CERTIFICATE-----
MIIDtDCCApygAwIBAgIBAj...
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIDoTCCAomgAwIB..........
-----END CERTIFICATE-----

Here is my hisense.conf file:

connection hisensemqtt
address 192.168.1.203:36669
username hisenseservice
password multimqttservice
clientid HomeAssistant
bridge_cafile /etc/mosquitto/conf.d/ca_certificates/hisense.crt
bridge_insecure true
bridge_tls_version tlsv1.2
try_private false
start_type automatic
topic +/remoteapp/# both

Hmmmmm... I tried to manually verify the hisense.crt file and the output is ok:
openssl s_client -host 192.168.1.203 -port 36669 -CAfile ../ca_certificates/hisense.crt

CONNECTED(00000003)
Can't use SSL_get_servername
depth=1 C = CN, ST = shandong, L = qingdao, O = hh, OU = multimedia, CN = RemoteCA
verify return:1
depth=0 C = CN, ST = shandong, O = hh, OU = multiscreen, CN = 127.0.0.1
verify return:1
[...]
Server certificate
-----BEGIN CERTIFICATE-----
[...]
subject=C = CN, ST = shandong, O = hh, OU = multiscreen, CN = 127.0.0.1

issuer=C = CN, ST = shandong, L = qingdao, O = hh, OU = multimedia, CN = RemoteCA

---
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2558 bytes and written 409 bytes
Verification: OK
[...]

[tiagofreire-pt]

Can you make sure you are using the latest version of Mosquitto?

Put the CA file in another folder, such as your home directory, since you are not using the Home Assistant Mosquitto addon.

Further debug the issue, through this: https://github.com/tiagofreire-pt/Home_Assistant_Hisense_TV#further-debugging-or-exploring-the-mqtt-broker-inside-the-tv (the bottom)

[InventoCasa]

Damn, I really thought I had it. Moving the CA file to another folder worked at first, but as soon as the TV is switched off, the Mosquitto broker is stuck in a restart loop again. Here's the message:

Nov 08 21:47:13 homeassistant systemd[1]: Started Mosquitto MQTT v3.1/v3.1.1 Broker.
Nov 08 21:47:18 homeassistant mosquitto[1021]: mosquitto: /build/mosquitto-kshoW_/mosquitto-1.6.9/src/loop.c:730: loop_handle_reads_writes: Assertion `pollfds[context->pollfd_index].fd == context->sock' failed.
Nov 08 21:47:18 homeassistant systemd[1]: mosquitto.service: Main process exited, code=killed, status=6/ABRT
Nov 08 21:47:18 homeassistant systemd[1]: mosquitto.service: Failed with result 'signal'.
Nov 08 21:47:18 homeassistant systemd[1]: mosquitto.service: Scheduled restart job, restart counter is at 6.
Nov 08 21:47:18 homeassistant systemd[1]: Stopped Mosquitto MQTT v3.1/v3.1.1 Broker.
Nov 08 21:47:18 homeassistant systemd[1]: Starting Mosquitto MQTT v3.1/v3.1.1 Broker...
Nov 08 21:47:18 homeassistant mosquitto[1030]: 1604868438: Loading config file /etc/mosquitto/conf.d/hisense.conf
Nov 08 21:47:18 homeassistant mosquitto[1030]: 1604868438: Warning: Bridge hisensemqtt using insecure mode.

This only happens when the TV is off. When it is on again, the restart loop stops.

[InventoCasa]

It works now!
I needed to upgrade mosquitto from 1.6.9-1 to 1.6.12-0 via the mosquitto dev branch which can be added via sudo apt-add-repository ppa:mosquitto-dev/mosquitto-ppa.

You may include this in your instructions, because I have the feeling I will not be the only one who

1. puts the CA file in the "default" folder under /etc/mosquitto/ca_certificates
2. does not have the newest version of mosquitto because he is using the standard apt repositories and not the dev branch of the mosquitto repo.

[tiagofreire-pt]

Thanks for posting your solution!