Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some bindings give ssl warnings after 3.0.1.M3 (were ok in 3.0.1.M2) #10446

Open
moodyblue opened this issue Apr 3, 2021 · 6 comments
Open

Some bindings give ssl warnings after 3.0.1.M3 (were ok in 3.0.1.M2) #10446

moodyblue opened this issue Apr 3, 2021 · 6 comments
Labels
bug An unexpected problem or unintended behavior of an add-on

Comments

@moodyblue
Copy link

moodyblue commented Apr 3, 2021
edited
Loading

Expected Behavior

Current Behavior

Some bindings produce these warnings in the log

2021-04-02 12:31:57.596 [WARN ] [ty.util.ssl.SslContextFactory.config] - Trusting all certificates configured for Client@7fa5f364[provider=null,keyStore=null,trustStore=null]
2021-04-02 12:31:57.598 [WARN ] [ty.util.ssl.SslContextFactory.config] - No Client EndPointIdentificationAlgorithm configured for Client@7fa5f364[provider=null,keyStore=null,trustStore=null]

Bindings known to produce such messages: Daikin, HTTP, Unifi
Bindings known to not produce such messages: Astro, MQTT, Network, OpenWeatherMap, TP-Link Smart Home, Xiaomi Mi IO

Possible Solution

Steps to Reproduce (for Bugs)

https://community.openhab.org/t/openhab-3-1-milestone-discussion/116025/81?u=moody_blue

Context

Your Environment

  • Version used: 3.0.1.M3
  • Environment name and version (e.g. Chrome 76, Java 8, Node.js 12.9, ...):
  • Operating System and version (desktop or mobile, Windows 10, Raspbian Buster, ...): QTS (QNAP's operating system)
@moodyblue moodyblue added the bug An unexpected problem or unintended behavior of an add-on label Apr 3, 2021
@J-N-K
Copy link
Member

J-N-K commented Apr 3, 2021

This is not a bug. Jetty prints a warning because usually trusting all certificates without verification is a bad thing. Unfortunately this is needed if you connect to servers with self signed certificates. It could be the result of #10349.

Probably these messages should be suppressed from the log.

@Mr-iX
Copy link

Mr-iX commented Jun 28, 2021

I am having the same log messages after the update to openHAB 3.1

@openhab-bot
Copy link
Collaborator

This issue has been mentioned on openHAB Community. There might be relevant details there:

https://community.openhab.org/t/oh3-how-to-setup-http-binding-correct/124309/2

@openhab-bot
Copy link
Collaborator

This issue has been mentioned on openHAB Community. There might be relevant details there:

https://community.openhab.org/t/openhab-3-1-release-discussion/124014/65

@lsiepel
Copy link
Contributor

lsiepel commented Aug 11, 2023

If that has to be adjusted in log4j2.xml this issue should be moved to https://github.com/openhab/openhab-distro @wborn ?

@wborn
Copy link
Member

wborn commented Aug 12, 2023

I wouldn't suppress these messages by default as it is a serious security issue if one day all OH code is configured to always allow all certificates.

It would be better if add-ons can be configured to trust certain self signed certificates. IIRC this is already possible with the MQTT binding. Though it would be better if you can add self signed certificates in the system settings so it can be more easily used with every add-on.

If you know what you are doing you can reconfigure the org.eclipse.jetty.util.ssl.SslContextFactory.config logger manually.

@wborn wborn mentioned this issue Aug 20, 2023
Closed
@jimtng jimtng mentioned this issue Aug 22, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug An unexpected problem or unintended behavior of an add-on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@J-N-K @openhab-bot @moodyblue @wborn @lsiepel @Mr-iX