hyperion.ng icon indicating copy to clipboard operation
hyperion.ng copied to clipboard
verified publisher icon hyperion-project

Philips Hue SSL Handshake Fail

Open ShiniGandhi opened this issue 1 year ago • 1 comments

  • [x] I confirm that this is an issue rather than a question.

Bug report

I'm trying to connect my Philips Hue bridge to Hyperion and it keeps waiting for the bridge button press. In the logs, I get the following:

2024-06-21T19:48:57.599Z [LEDDEVICE] (ERROR) 'Trust on first use' - Certificate received does not match pinned certificate
2024-06-21T19:48:57.599Z [LEDDEVICE] (WARNING) philipshue generation of authorization/client key failed with error: 'SSL handshake failed'

Steps to reproduce

Manually type the IP of the bridge and open the wizard.

What is expected?

A user and key need to be created

What is actually happening?

Nothing

System

Hyperion Server:

  • Build: (HEAD detached at a93d79b) (Paulchen-Panther-cb85d2d/a93d79b-1705568419)
  • Build time: Jan 28 2024 10:21:55
  • Git Remote: https://github.com/hyperion-project/hyperion.ng
  • Version: 2.0.16
  • UI Lang: en (BrowserLang: en-US)
  • UI Access: default
  • Avail Screen Cap.: framebuffer,x11,xcb,qt
  • Avail Video Cap.: v4l2
  • Avail Audio Cap.: audio
  • Avail Services: boblight,cec,effectengine,forwarder,flatbuffer,protobuffer,mDNS,SSDP,borderdetection
  • Config path: /root/.hyperion
  • Database: read/write
  • Mode: Non-GUI

Hyperion Server OS:

  • Distribution: Debian GNU/Linux 10 (buster)
  • Architecture: x86_64
  • CPU Model: AMD Ryzen 9 5950X 16-Core Processor
  • CPU Type: 33
  • Kernel: linux (6.1.74-production+truenas (WS: 64))
  • Root/Admin: true
  • Qt Version: 5.11.3
  • Python Version: 3.7.3
  • Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0

ShiniGandhi avatar Jun 21 '24 19:06 ShiniGandhi

@ShiniGandhi

Background to the behaviour... Old Hue Briges and DIYHue use a self-signed certificate. In order to maintain security, the default behaviour is to "pin" the certificate on the first connection. On the other hand, every connections are then checked to ensure that no other self-signed certificates are presented from the site. I assume that you have probably reinstalled DIYHue several times and created new certificates, so the certificate you pinned does not match the current one from the bridge (you can see the errors in the log).

To continue, check for .pem files here:

~/.local/share/Hyperion/certificates

If you find any, remove them with

\rm -rf ~/.local/share/Hyperion/certificates/*.pem

As you running Hyperion under root, the files might sit at a different location. check /root/.local/share/Hyperion/certificates

Lord-Grey avatar Jun 22 '24 16:06 Lord-Grey

would have been nice to add that info to the error log itself. would have save me some time, anger and search <3

keydon avatar Dec 06 '24 18:12 keydon