iCloud SSL issue again

I had installed the new JAR file with the updated certificate about 1 or 2 weeks ago and it worked for me too. However, suddenly it dropped back to not working again and keeps throwing this error every 5 minutes again. This happens without me having re-installed or rebooted anything. How is this possible?

Error message:
Unable to refresh device data

java.io.IOException: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at org.eclipse.smarthome.io.net.http.HttpUtil.executeUrlAndGetReponse(HttpUtil.java:259) ~[?:?]

at org.eclipse.smarthome.io.net.http.HttpUtil.executeUrl(HttpUtil.java:156) ~[?:?]

at org.eclipse.smarthome.io.net.http.HttpUtil.executeUrl(HttpUtil.java:131) ~[?:?]

at org.eclipse.smarthome.io.net.http.HttpRequestBuilder.getContentAsString(HttpRequestBuilder.java:135) ~[?:?]

at org.openhab.binding.icloud.internal.ICloudConnection.callApi(ICloudConnection.java:91) ~[?:?]

at org.openhab.binding.icloud.internal.ICloudConnection.requestDeviceStatusJSON(ICloudConnection.java:72) ~[?:?]

at org.openhab.binding.icloud.internal.handler.ICloudAccountBridgeHandler.lambda$0(ICloudAccountBridgeHandler.java:95) ~[?:?]

at org.eclipse.smarthome.core.cache.ExpiringCache.refreshValue(ExpiringCache.java:101) ~[?:?]

at org.eclipse.smarthome.core.cache.ExpiringCache.getValue(ExpiringCache.java:72) ~[?:?]

at org.openhab.binding.icloud.internal.handler.ICloudAccountBridgeHandler.refreshData(ICloudAccountBridgeHandler.java:152) ~[?:?]

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_222]

at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [?:1.8.0_222]

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_222]

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [?:1.8.0_222]

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_222]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_222]

at java.lang.Thread.run(Thread.java:748) [?:1.8.0_222]

Caused by: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at org.eclipse.jetty.client.util.FutureResponseListener.getResult(FutureResponseListener.java:118) ~[?:?]

at org.eclipse.jetty.client.util.FutureResponseListener.get(FutureResponseListener.java:101) ~[?:?]

at org.eclipse.jetty.client.HttpRequest.send(HttpRequest.java:685) ~[?:?]

at org.eclipse.smarthome.io.net.http.HttpUtil.executeUrlAndGetReponse(HttpUtil.java:250) ~[?:?]

... 16 more

Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521) ~[?:1.8.0_222]

at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528) ~[?:1.8.0_222]

at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197) ~[?:1.8.0_222]

at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1165) ~[?:1.8.0_222]

at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:509) ~[?:1.8.0_222]

at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.flush(SslConnection.java:891) ~[?:?]

at org.eclipse.jetty.io.WriteFlusher.flush(WriteFlusher.java:422) ~[?:?]

at org.eclipse.jetty.io.WriteFlusher.completeWrite(WriteFlusher.java:378) ~[?:?]

at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.lambda$fill$1(SslConnection.java:669) ~[?:?]

at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782) ~[?:?]

at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918) ~[?:?]

... 1 more

Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_222]

at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1709) ~[?:1.8.0_222]

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:318) ~[?:1.8.0_222]

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) ~[?:1.8.0_222]

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1654) ~[?:1.8.0_222]

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:233) ~[?:1.8.0_222]

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) ~[?:1.8.0_222]

at sun.security.ssl.Handshaker$1.run(Handshaker.java:970) ~[?:1.8.0_222]

at sun.security.ssl.Handshaker$1.run(Handshaker.java:967) ~[?:1.8.0_222]

at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_222]

at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459) ~[?:1.8.0_222]

at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:526) ~[?:?]

at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:128) ~[?:?]

at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:73) ~[?:?]

at org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:133) ~[?:?]

at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:154) ~[?:?]

at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) ~[?:?]

at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) ~[?:?]

at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:426) ~[?:?]

at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:320) ~[?:?]

at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:158) ~[?:?]

at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) ~[?:?]

at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) ~[?:?]

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) ~[?:?]

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) ~[?:?]

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) ~[?:?]

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) ~[?:?]

at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:367) ~[?:?]

at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782) ~[?:?]

at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918) ~[?:?]

... 1 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) ~[?:1.8.0_222]

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[?:1.8.0_222]

at sun.security.validator.Validator.validate(Validator.java:262) ~[?:1.8.0_222]

at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:327) ~[?:1.8.0_222]

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:279) ~[?:1.8.0_222]

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:1.8.0_222]

at org.eclipse.smarthome.io.net.http.internal.ExtensibleTrustManagerImpl.checkServerTrusted(ExtensibleTrustManagerImpl.java:121) ~[?:?]

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1636) ~[?:1.8.0_222]

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:233) ~[?:1.8.0_222]

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) ~[?:1.8.0_222]

at sun.security.ssl.Handshaker$1.run(Handshaker.java:970) ~[?:1.8.0_222]

at sun.security.ssl.Handshaker$1.run(Handshaker.java:967) ~[?:1.8.0_222]

at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_222]

at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459) ~[?:1.8.0_222]

at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:526) ~[?:?]

at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:128) ~[?:?]

at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:73) ~[?:?]

at org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:133) ~[?:?]

at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:154) ~[?:?]

at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) ~[?:?]

at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) ~[?:?]

at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:426) ~[?:?]

at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:320) ~[?:?]

at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:158) ~[?:?]

at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) ~[?:?]

at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) ~[?:?]

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) ~[?:?]

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) ~[?:?]

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) ~[?:?]

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) ~[?:?]

at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:367) ~[?:?]

at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782) ~[?:?]

at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918) ~[?:?]

... 1 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:1.8.0_222]

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:1.8.0_222]

at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_222]

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) ~[?:1.8.0_222]

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[?:1.8.0_222]

at sun.security.validator.Validator.validate(Validator.java:262) ~[?:1.8.0_222]

at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:327) ~[?:1.8.0_222]

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:279) ~[?:1.8.0_222]

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:1.8.0_222]

at org.eclipse.smarthome.io.net.http.internal.ExtensibleTrustManagerImpl.checkServerTrusted(ExtensibleTrustManagerImpl.java:121) ~[?:?]

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1636) ~[?:1.8.0_222]

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:233) ~[?:1.8.0_222]

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) ~[?:1.8.0_222]

at sun.security.ssl.Handshaker$1.run(Handshaker.java:970) ~[?:1.8.0_222]

at sun.security.ssl.Handshaker$1.run(Handshaker.java:967) ~[?:1.8.0_222]

at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_222]

at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459) ~[?:1.8.0_222]

at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:526) ~[?:?]

at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:128) ~[?:?]

at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:73) ~[?:?]

at org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:133) ~[?:?]

at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:154) ~[?:?]

at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) ~[?:?]

at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) ~[?:?]

at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:426) ~[?:?]

at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:320) ~[?:?]

at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:158) ~[?:?]

at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) ~[?:?]

at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) ~[?:?]

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) ~[?:?]

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) ~[?:?]

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) ~[?:?]

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) ~[?:?]

at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:367) ~[?:?]

at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782) ~[?:?]

at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918) ~[?:?]

... 1 more

The binding version I am using is 2.5.2.202001211144.

There is a newer version of the binding dated 20200201 in post 193: iCloud SSL issue again

The binding that is linked in this post is actually the same version: 2.5.2.202001211144 and throws the same error immediately.

This is the link in this post:

no. use the one @Brody posted. put it in the addons folder and delete the one installed in paperui.

That’s what I did.

  1. I deleted the addon in PaperUI
  2. I removed the old JAR from the folder /usr/share/openhab2/addons
  3. I verified via the karaf console that the iCloud binding is not running anymore after removing the JAR
  4. I copied the JAR from the link above into the addons folder from 2)
  5. immediately in the log the SSL Handshare Exceptions begin to appear again
  6. I checked in the karaf console that the binding is running, but with the same version as before (2.5.2.202001211144)

These are the steps from @Taurus that worked for me

The current version is 2.5.2.202002010827 and can be installed with this jar: https://drive.google.com/file/d/1uevf3Krw_GrNHYd2CmJAbMBkk2-yRUnz/view

You need to delete the old .jar in your addons folder and wait for openHAB to remove the binding.
Just have a look at your logviewer and wait for all iCloud devices to be offline because the handler is missing,
Then place the new .jar file into your addons folder.
The version of the .jar file itself is still 2.5.2, please don´t mix with older builds.

2 Likes

Thank you. It’s working now for me.

1 Like

Works here as well.

Works fine after update to 2.5.2.202002010827. Thanks!

I had another NullPointerException a few days ago, which meant the binding stopped auto-updating locations. I have tried to fix it, the PR is already merged, so it should be available in the next release.

1 Like

Hi guys,

This has been working fine for me for perfectly since I updated to 2.5.2.202002010827 until…I rebooted a few days ago.

Now I’m getting the following error on my account things:

OFFLINE - COMMUNICATION_ERROR java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

and so my actual devices are stuck on initializing.

I’ve rebooted a couple of times since and it worked once for a few minutes then dropped out again…any ideas / thoughts…do I just need to reboot again and crops my fingers or should I uninstall and reinstall the addon etc? Anyone else had anything similar?

EDIT

I downloaded the jar again and reinstalled it… seems to be working again at the moment. Will update if anything changes, perhaps the reboot removed something that I hadn’t committed / saved…

What openHAB version are you running?

I have made some additional changes to the code which is not present here in the jars, but is included in the latest 2.5.3 release.

I’m old school, 2.4.0-1.

I just can’t get myself to upgrade, this build has been rock solid for me for years and I just CBA to risk messing up / losing rules by upgrading my openhabian build…

Then download a newer jar from Jenkins to use in 2.4

That’s exactly what I did earlier, seems to have fixed it, but it also seemed to be the same jar as the one I had…I must have just annoyed something with the reboot…

Thanks

Hi, what version you would recommend downloading when running old stable 2.4 like @MadFrankie ? I have tried several versions but with no luck.

I have resolved the dependencies, binging is listed as Active when running command bundle:list. No errors from the binding in the log and the iCloud Account Thing has status Offline - Communication Error - iCloud response invalid: null.

Thanks

None of these will work on old 2.5 version, because there were several changes in the binding since, which is required to work. That’s why you are getting a null response.

Either upgrade to OH3 or manually add the changes since OH 3 to the binding and build a jar. Nothing special have been changed (like dependecies or anything), you just need to change a few strings (if I remember correctly)