Hi all,
CalDav has been a headache for me for quite a while. I think I’ve caught a pertinent error in the logs recently. There is a public calendar feed I’m trying to read, with no authentication required. I can download the feed specified in my settings manually.
The logs show:
2020-07-22 11:32:15.350 [WARN ] [caldav.internal.job.EventReloaderJob] - Error while loading calendar entries: Host name 'recollect.a.ssl.fastly.net' does not match the certificate subject provided by the peer (CN=default.ssl.fastly.net, O="Fastly, Inc.", L=San Francisco, ST=California, C=US)
javax.net.ssl.SSLPeerUnverifiedException: Host name 'recollect.a.ssl.fastly.net' does not match the certificate subject provided by the peer (CN=default.ssl.fastly.net, O="Fastly, Inc.", L=San Francisco, ST=California, C=US)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:465) ~[httpclient-4.4.1.jar:4.4.1]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395) ~[httpclient-4.4.1.jar:4.4.1]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) ~[httpclient-4.4.1.jar:4.4.1]
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) ~[httpclient-4.4.1.jar:4.4.1]
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) ~[httpclient-4.4.1.jar:4.4.1]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) ~[httpclient-4.4.1.jar:4.4.1]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[httpclient-4.4.1.jar:4.4.1]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) ~[httpclient-4.4.1.jar:4.4.1]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) ~[httpclient-4.4.1.jar:4.4.1]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[httpclient-4.4.1.jar:4.4.1]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[httpclient-4.4.1.jar:4.4.1]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:71) ~[httpclient-4.4.1.jar:4.4.1]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:220) ~[httpclient-4.4.1.jar:4.4.1]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:164) ~[httpclient-4.4.1.jar:4.4.1]
at com.github.sardine.impl.SardineImpl.execute(SardineImpl.java:962) ~[sardine-5.6.jar:5.6]
at com.github.sardine.impl.SardineImpl.list(SardineImpl.java:417) ~[sardine-5.6.jar:5.6]
at com.github.sardine.impl.SardineImpl.list(SardineImpl.java:409) ~[sardine-5.6.jar:5.6]
at com.github.sardine.impl.SardineImpl.list(SardineImpl.java:386) ~[sardine-5.6.jar:5.6]
at org.openhab.io.caldav.internal.job.EventReloaderJob.loadEvents(EventReloaderJob.java:250) ~[bundleFile:?]
at org.openhab.io.caldav.internal.job.EventReloaderJob.execute(EventReloaderJob.java:141) [bundleFile:?]
at org.quartz.core.JobRunShell.run(JobRunShell.java:202) [bundleFile:?]
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) [bundleFile:?]
2020-07-22 11:32:15.353 [INFO ] [org.quartz.core.JobRunShell ] - Job event-reloader.GarbagePickup threw a JobExecutionException:
org.quartz.JobExecutionException: Error while loading calendar entries
at org.openhab.io.caldav.internal.job.EventReloaderJob.execute(EventReloaderJob.java:181) ~[?:?]
at org.quartz.core.JobRunShell.run(JobRunShell.java:202) [bundleFile:?]
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) [bundleFile:?]
Caused by: javax.net.ssl.SSLPeerUnverifiedException: Host name 'recollect.a.ssl.fastly.net' does not match the certificate subject provided by the peer (CN=default.ssl.fastly.net, O="Fastly, Inc.", L=San Francisco, ST=California, C=US)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:465) ~[?:?]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395) ~[?:?]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) ~[?:?]
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) ~[?:?]
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) ~[?:?]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) ~[?:?]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[?:?]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) ~[?:?]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) ~[?:?]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[?:?]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[?:?]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:71) ~[?:?]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:220) ~[?:?]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:164) ~[?:?]
at com.github.sardine.impl.SardineImpl.execute(SardineImpl.java:962) ~[?:?]
at com.github.sardine.impl.SardineImpl.list(SardineImpl.java:417) ~[?:?]
at com.github.sardine.impl.SardineImpl.list(SardineImpl.java:409) ~[?:?]
at com.github.sardine.impl.SardineImpl.list(SardineImpl.java:386) ~[?:?]
at org.openhab.io.caldav.internal.job.EventReloaderJob.loadEvents(EventReloaderJob.java:250) ~[?:?]
at org.openhab.io.caldav.internal.job.EventReloaderJob.execute(EventReloaderJob.java:141) ~[?:?]
As a wild shot, to see if the default.ssl.fastly.net = recollect.a.ssl.fastly.net, I tried pasting default.ssl.fastly.net/[snip], and the calendar file wouldn’t download. The original address does work.
As I can’t control their certificates, and in this case I don’t really care if they are insecure/hacked, is there any way in CalDav to disable certificate checking? Does this occur at the level of a dependency where I can ignore this? Chrone doesn’t throw any certificate error when I paste the address in and download the file.
I’d appreciate any direction
edit:
from the config file:
caldavio:GarbagePickup:url=https://recollect.a.ssl.fastly.net/api/places/[snip]
with no specified user name or passwords, just reload interval and preload time.
Thanks!