home-assistant-cli icon indicating copy to clipboard operation
home-assistant-cli copied to clipboard

Published 20 hours ago verified publisher icon home-assistant-ecosystem

support for client side certifactes

Open maxandersen opened this issue 6 years ago • 6 comments

those using HA requiring client side certificates should have a way to run.

curl uses --key for the key and --cert for the certificate. i.e.

curl -v \
  --cacert ./ca.pem \
  --key ./admin-key.pem \
  --cert ./admin.pem \
  https://xxxx/api/v1/

requests supports all three as documented at http://docs.python-requests.org/en/master/user/advanced/ idea from this thread: https://www.reddit.com/r/homeassistant/comments/a56qwa/hasscli_new_command_line_tool_for_home_assistant/eblbjjy/?context=3

maxandersen avatar Dec 12 '18 00:12 maxandersen

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Feb 10 '19 00:02 stale[bot]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Apr 11 '19 09:04 stale[bot]

Hello, I'm running into this issue, python throw me a CERTIFICATE_VERIFY_FAILED, but to my mind it shouldn't since the Cacert who signed the hass cert is in the system catalog. Curl return no issue. Sadly adding my cacert with the --cert parameter didn't work, and using PYTHONHTTPSVERIFY=0 also failed. I really need to be able to use this awesome feature in order to cleanly restart zwave from systemd, so How can i help ?

poofyteddy avatar Aug 11 '19 20:08 poofyteddy

At the moment im traveling without a laptop so can't try anything - will be back in a week or so.

Until then if you want to try and fix it look at the related commits and see where the certs are passed in and see if you can make it work.

Otherwise if you can provide me with stood on how to reproduce your setup then I can try when I'm back.

maxandersen avatar Aug 11 '19 23:08 maxandersen

so i'm very bad when stuff look like real code, and not simple script. i didn't manage to understand the way it run, and i will need to draw it out to get it, but i did a bit of googling, and doing this made it work export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt I have 2 issue with it, first it's outside of the code, not inside. i need to browse the doc of the request lib. The second is that I'm pretty sure that some distro save there system bundle at another place ... which don't help compatibility :( I'll keep looking

EDIT:

it seam that it can be given to requests like this :

s = requests.Session()
s.verify = '/path/to/certfile'

But the issue of what to import stay the same :( https://gist.github.com/CMCDragonkai/f5f76b8eb13e7579aba3

poofyteddy avatar Aug 13 '19 18:08 poofyteddy

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Oct 12 '19 19:10 stale[bot]