MQTT Certificate Pinning


I have a question regarding the configuration of the MQTT binding. I have been using it for quite a while on openHAB 2.x and now 3.x milestone releases. On the openHAB side, I recently made the switch from text to UI-based configuration. During this transition I set the certificatepin and publickeypin flags, which I had disabled before. MQTT connects fine, the Hashes are written to the fields. So far so good.
Unfortunately, after every restart of my openHAB docker container, the MQTT bridge does not reconnect until I manually clear out the certificate hashes. Then it connects again, the calculated hashes are the same as before.

The error shown is: Algorithm is missing

Since the connection works initially and also with other clients (e.g. Tasmota’s Fingerprint calculation), I guess that the MQTT config and certificates should be fine.

Some related discussion, without proper solutions:

proposed solution: disable certificate pinning… well…

only 1 post in thread with otherwise different problem, no solution proposed. Have you figured it out @BundleBee ?

Since this feature adds some level of security to all the MQTT traffic, it would be nice if it was usable. And I guess a lot of people do use it. What am I doing wrong?

I believe I identified the bug and have a workaround at: MQTT TLS certificate pinning - incorrect hashes - #10 by Netboy3