iCloud SSL issue again

vossivossi · October 7, 2019, 6:40am

Bredmich · October 7, 2019, 3:09pm

Is this new?
All the other links lead to Jenkis

zuernc · October 13, 2019, 2:30pm

How did you solve this? Stuck with the same error, bundle:list shows everything as Active.

regissg · October 14, 2019, 10:28am

I have updated openhab to 2.5.0.M3 https://openhab.jfrog.io/openhab/libs-milestone-local/org/openhab/distro/openhab/2.5.0.M3/openhab-2.5.0.M3.zip and the issue disapeared

zuernc · October 19, 2019, 8:53pm

Thanks! I guess I’ll have to wait for the Synology distro.

Max_Bec · November 6, 2019, 2:47pm

pauli_anttila:

Install M2 version from openHAB console
bundle:uninstall org.openhab.binding.icloud
bundle:install https://openhab.jfrog.io/openhab/online-repo-milestone/2.5/org/openhab/addons/bundles/org.openhab.binding.icloud/2.5.0.M2/org.openhab.binding.icloud-2.5.0.M2.jar
Or uninstall previous one and download jar directly from link and add it to openHAB addons folder

If gson 2.8.5 lib is not installed on your environment, you can install it by following command
bundle:install http://central.maven.org/maven2/com/google/code/gson/gson/2.8.5/gson-2.8.5.jar

The binding gets uninstalled and the old version installed after reboot. Any idea how to fix this?

Lanovar · November 8, 2019, 2:56pm

MVP, bro!

pr0j3ctx · November 14, 2019, 10:48am

Hello.

I´ve done the steps like pauli_anttila wrote in this post

But I get this error:

236 │ Active │ 80 │ 2.8.5 │ Gson
239 │ Installed │ 80 │ 2.5.0.M2 │ openHAB Add-ons :: Bundles :: iCloud Binding
openhab> bundle:start 239
Error executing command: Error executing command on bundles:
Error starting bundle 239: Could not resolve module: org.openhab.binding.icloud [239]
Unresolved requirement: Import-Package: com.google.gson.annotations; version=“[2.8.0,3.0.0)”

After this I uninstall the old gson and reinstall iCloud again. But nothing help.
Do you have any hints for me to fix the issue?

Greats pr0

friso · November 29, 2019, 12:45pm

same here.

Edit: had to remove Gson 2.7 (was listed in the top of the bundle list). So:

installing GSON 2.8.5 is not enough: you need to uninstall version 2.7 as well.

pr0j3ctx · December 12, 2019, 9:08am

Is it possible that the Certificate changed again?

idkpmiller · December 30, 2019, 7:56pm

I have noticed I am getting the following errors now.

LOG

2019-12-31 04:13:20.789 [WARN ] [l.handler.ICloudAccountBridgeHandler] - Unable to refresh device data
java.io.IOException: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at org.eclipse.smarthome.io.net.http.HttpUtil.executeUrlAndGetReponse(HttpUtil.java:259) ~[?:?]
	at org.eclipse.smarthome.io.net.http.HttpUtil.executeUrl(HttpUtil.java:156) ~[?:?]
	at org.eclipse.smarthome.io.net.http.HttpUtil.executeUrl(HttpUtil.java:131) ~[?:?]
	at org.eclipse.smarthome.io.net.http.HttpRequestBuilder.getContentAsString(HttpRequestBuilder.java:135) ~[?:?]
	at org.openhab.binding.icloud.internal.ICloudConnection.callApi(ICloudConnection.java:88) ~[?:?]
	at org.openhab.binding.icloud.internal.ICloudConnection.requestDeviceStatusJSON(ICloudConnection.java:69) ~[?:?]
	at org.openhab.binding.icloud.internal.handler.ICloudAccountBridgeHandler.lambda$0(ICloudAccountBridgeHandler.java:88) ~[?:?]
	at org.eclipse.smarthome.core.cache.ExpiringCache.refreshValue(ExpiringCache.java:101) ~[?:?]
	at org.eclipse.smarthome.core.cache.ExpiringCache.getValue(ExpiringCache.java:72) ~[?:?]
	at org.openhab.binding.icloud.internal.handler.ICloudAccountBridgeHandler.refreshData(ICloudAccountBridgeHandler.java:145) ~[?:?]
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_201]
	at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [?:1.8.0_201]
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_201]
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [?:1.8.0_201]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_201]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_201]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_201]
Caused by: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at org.eclipse.jetty.client.util.FutureResponseListener.getResult(FutureResponseListener.java:118) ~[?:?]
	at org.eclipse.jetty.client.util.FutureResponseListener.get(FutureResponseListener.java:101) ~[?:?]
	at org.eclipse.jetty.client.HttpRequest.send(HttpRequest.java:685) ~[?:?]
	at org.eclipse.smarthome.io.net.http.HttpUtil.executeUrlAndGetReponse(HttpUtil.java:250) ~[?:?]
	... 16 more
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521) ~[?:1.8.0_201]
	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528) ~[?:1.8.0_201]
	at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197) ~[?:1.8.0_201]
	at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1165) ~[?:1.8.0_201]
	at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:509) ~[?:1.8.0_201]
	at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.flush(SslConnection.java:891) ~[?:?]
	at org.eclipse.jetty.io.WriteFlusher.flush(WriteFlusher.java:422) ~[?:?]
	at org.eclipse.jetty.io.WriteFlusher.completeWrite(WriteFlusher.java:378) ~[?:?]
	at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.lambda$fill$1(SslConnection.java:669) ~[?:?]
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782) ~[?:?]
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918) ~[?:?]
	... 1 more
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_201]
	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1709) ~[?:1.8.0_201]
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:318) ~[?:1.8.0_201]
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) ~[?:1.8.0_201]
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) ~[?:1.8.0_201]
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) ~[?:1.8.0_201]
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) ~[?:1.8.0_201]
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:970) ~[?:1.8.0_201]
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:967) ~[?:1.8.0_201]
	at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_201]
	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459) ~[?:1.8.0_201]
	at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:526) ~[?:?]
	at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:128) ~[?:?]
	at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:73) ~[?:?]
	at org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:133) ~[?:?]
	at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:154) ~[?:?]
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) ~[?:?]
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) ~[?:?]
	at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:426) ~[?:?]
	at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:320) ~[?:?]
	at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:158) ~[?:?]
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) ~[?:?]
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) ~[?:?]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) ~[?:?]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) ~[?:?]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) ~[?:?]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) ~[?:?]
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:367) ~[?:?]
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782) ~[?:?]
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918) ~[?:?]
	... 1 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) ~[?:1.8.0_201]
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[?:1.8.0_201]
	at sun.security.validator.Validator.validate(Validator.java:262) ~[?:1.8.0_201]
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_201]
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:1.8.0_201]
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:1.8.0_201]
	at org.eclipse.smarthome.io.net.http.internal.ExtensibleTrustManagerImpl.checkServerTrusted(ExtensibleTrustManagerImpl.java:121) ~[?:?]
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626) ~[?:1.8.0_201]
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) ~[?:1.8.0_201]
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) ~[?:1.8.0_201]
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:970) ~[?:1.8.0_201]
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:967) ~[?:1.8.0_201]
	at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_201]
	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459) ~[?:1.8.0_201]
	at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:526) ~[?:?]
	at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:128) ~[?:?]
	at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:73) ~[?:?]
	at org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:133) ~[?:?]
	at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:154) ~[?:?]
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) ~[?:?]
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) ~[?:?]
	at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:426) ~[?:?]
	at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:320) ~[?:?]
	at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:158) ~[?:?]
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) ~[?:?]
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) ~[?:?]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) ~[?:?]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) ~[?:?]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) ~[?:?]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) ~[?:?]
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:367) ~[?:?]
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782) ~[?:?]
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918) ~[?:?]
	... 1 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:1.8.0_201]
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:1.8.0_201]
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_201]
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) ~[?:1.8.0_201]
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[?:1.8.0_201]
	at sun.security.validator.Validator.validate(Validator.java:262) ~[?:1.8.0_201]
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_201]
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:1.8.0_201]
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:1.8.0_201]
	at org.eclipse.smarthome.io.net.http.internal.ExtensibleTrustManagerImpl.checkServerTrusted(ExtensibleTrustManagerImpl.java:121) ~[?:?]
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626) ~[?:1.8.0_201]
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) ~[?:1.8.0_201]
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) ~[?:1.8.0_201]
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:970) ~[?:1.8.0_201]
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:967) ~[?:1.8.0_201]
	at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_201]
	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459) ~[?:1.8.0_201]
	at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:526) ~[?:?]
	at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.process(HttpReceiverOverHTTP.java:128) ~[?:?]
	at org.eclipse.jetty.client.http.HttpReceiverOverHTTP.receive(HttpReceiverOverHTTP.java:73) ~[?:?]
	at org.eclipse.jetty.client.http.HttpChannelOverHTTP.receive(HttpChannelOverHTTP.java:133) ~[?:?]
	at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.onFillable(HttpConnectionOverHTTP.java:154) ~[?:?]
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) ~[?:?]
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) ~[?:?]
	at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:426) ~[?:?]
	at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:320) ~[?:?]
	at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:158) ~[?:?]
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) ~[?:?]
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) ~[?:?]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) ~[?:?]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) ~[?:?]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) ~[?:?]
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) ~[?:?]
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:367) ~[?:?]
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782) ~[?:?]
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918) ~[?:?]
	... 1 more

I have been upgrading my Debian based OS machines over the break so it could be a local OS system update issue as I noted that one of the upgrades mentioned CA certificates being updated.

Anyone throw some light on what the errors are pointing at please?

Thanks
Paul

pr0j3ctx · December 31, 2019, 8:59am

It’s exactly the same issue I had.
After upgrading to 2.5 it works fine.

idkpmiller · January 2, 2020, 7:45pm

I am on version 2.5.
I guess this is not widespread, I will look for a more localised issue.
Paul

maciekish · January 7, 2020, 6:09pm

I tried all the fixes but nothing worked. Eventually i noticed that i actually have TWO icloud bindings active but nothing in the openhab2-addons folder. I have no clue how this happened, but here is how i fixed it:

Uninstall the iCloud binding from PaperUI.
Go to Karaf and bundle:list | grep -i icloud
Make note of the bundle id on the left.
bundle:uninstall XXX and replace XXX with the id of your iCloud Binding bundle.
Install iCloud binding from PaperUI again. My account went online immediately.

theiding · January 20, 2020, 6:49pm

This is failing again for me on 2.5 as of this morning. Anybody else seeing it?

frankie.delure · January 21, 2020, 11:20am

+1 - same here

rkrisi · January 21, 2020, 11:49am

@theiding @frankie.delure
Unfortunately the cert changed again. I have managed to get it working again by a quick fix.
I will provide a link to the updated jar as soon as the build finishes.
This is not really a good thing that the cert is hard coded in the binding, I will try to find a way to get over with it, and manage the cert automatically…

rkrisi · January 21, 2020, 12:54pm

https://openhab.jfrog.io/openhab/libs-pullrequest-local/org/openhab/addons/bundles/org.openhab.binding.icloud/2.5.2-SNAPSHOT/org.openhab.binding.icloud-2.5.2-SNAPSHOT.jar

Try this version

amaino · January 21, 2020, 7:28pm

Try this version

I tried that build and still getting the same error. Is there something else I need to do to get it to work?

rkrisi · January 21, 2020, 7:50pm

What is your error exactly?
If still SSLEngine problem, make sure your previous version uninstalled, restart OH, you might also try clearing the cache…
For me that version works and others also reported that it solved their issue…