I’m trying to configure the MQTT binding on my OpenHAB2 instance to connect to an MQTT broker.
Everything is good after the initial setup, but after I reboot the container I get an ‘java.security.NoSuchAlgorithmException: Algorithm is missing’ error with the binding.
I initially tried Zulu 8, and subsequently found that I had to set the java security policy to unlimited. I did that, but it didn’t work. I then tried upgrading to Zulu 9 (where unlimited is the default), and it still doesn’t work.
The odd thing to me is that it seems to work until I reboot the container. I can delete the broker an re-create it, and it works again until I reboot the container.
I’ve tried both secure and unsecure connections to the broker, and have the same result for each. I am using a login/password on the broker.
Here’s the relevant openhab.log entry:
2019-01-14 11:58:21.835 [ERROR] [core.thing.internal.ThingManagerImpl] - Exception occurred while initializing handler of thing ‘mqtt:broker:c967843e’: java.security.NoSuchAlgorithmException: Algorithm is missing
java.lang.IllegalArgumentException: java.security.NoSuchAlgorithmException: Algorithm is missing
at org.eclipse.smarthome.binding.mqtt.handler.BrokerHandler.assignSSLContextProvider(BrokerHandler.java:151) ~[?:?]
at org.eclipse.smarthome.binding.mqtt.handler.BrokerHandler.initialize(BrokerHandler.java:224) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:564) ~[?:?]
at org.eclipse.smarthome.core.internal.common.AbstractInvocationHandler.invokeDirect(AbstractInvocationHandler.java:153) [102:org.eclipse.smarthome.core:0.10.0.oh240]
at org.eclipse.smarthome.core.internal.common.Invocation.call(Invocation.java:53) [102:org.eclipse.smarthome.core:0.10.0.oh240]
at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641) [?:?]
at java.lang.Thread.run(Thread.java:844) [?:?]
Caused by: java.security.NoSuchAlgorithmException: Algorithm is missing
at org.eclipse.smarthome.binding.mqtt.handler.BrokerHandler.assignSSLContextProvider(BrokerHandler.java:144) ~[?:?]
… 11 more
I fixed it. I had to disable the settings for certificate pinning and public key pinning and clear out the certificate and public key hashes for some reason.
I have never used Zulu, so don’t know how they are packaging the security algorithms.
The java runtime makes guarantees in the documentation for some algorithms and I’m using those. But at the same time those are not part of any standard distribution because of that stupid old 1980’s export law of the US.
I need to test it with Zulu at some point, but have no time at hand right now. I’m not sure if a bug report is the right tool, as not all installations are affected, but at the same time the error should be presented in another way to the user. That is a usability bug at least.
Perhaps not but the docs make it clear that Zulu is the preferred JRE. Zulu is the version of Java that ships with the official openHAB Docker containers. And on RPis, probably our biggest supported hardware platform in terms of number of users Zulu is THE recommended JRE.
If it’s not a bug, it’s still a really big problem.
But the behavior is very odd. It works just fine (connects to the broker, can send and receive messages I think) up until OH is restarted. Only then do we get the errors. So if the problem is a missing algorithm in the library why does it work at first?
I should clarify that it is working for me now with a freshly installed Zulu 8 and the default crypto policy.
The issue for me seems to be related to certificate pinning. If I enable it (the default), I get the error the next time I restart OpenHAB. I have my own MQTT broker in a separate container…I didn’t do anything with certificates in the broker, but I wonder if it’s somehow giving a different certificate on each secure connection.
That would be an incorrect and completely broken behavior. The certificate is a little bit of proof that a server is who it claims to be. If it gave a different certificate every time there would be nothing to base that proof upon. It’d break everything.
I just double-checked my MQTT broker, and I did configure it with a self-signed certificate. My signing CA is loaded in the Ubuntu’s certificate store on the LXC container running OpenHAB. So I’d say the certificates are all good.
So I guess I’m confused on two points.
Why does the connection break when certificate pinning is enabled?
Why does it work when I’m using the default crypto policy in Zulu 8?
jwiseman
(Mr. Wiseman (OH 4.2 Snapshot on Pi4))
11
Hi Fug1,
I have the same MQTT error message in my logs as you did; can you provide the steps in your solution?
2019-09-02 09:17:13.214 [ERROR] [core.thing.internal.ThingManagerImpl] - Exception occurred while initializing handler of thing 'mqtt:broker:roomba': java.security.NoSuchAlgorithmException: Algorithm is missing
java.lang.IllegalArgumentException: java.security.NoSuchAlgorithmException: Algorithm is missing
at org.eclipse.smarthome.binding.mqtt.handler.BrokerHandler.assignSSLContextProvider(BrokerHandler.java:151) ~[?:?]
at org.eclipse.smarthome.binding.mqtt.handler.BrokerHandler.initialize(BrokerHandler.java:224) ~[?:?]
at sun.reflect.GeneratedMethodAccessor91.invoke(Unknown Source) ~[?:?]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:?]
at org.eclipse.smarthome.core.internal.common.AbstractInvocationHandler.invokeDirect(AbstractInvocationHandler.java:153) [102:org.eclipse.smarthome.core:0.10.0.oh240]
at org.eclipse.smarthome.core.internal.common.Invocation.call(Invocation.java:53) [102:org.eclipse.smarthome.core:0.10.0.oh240]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:?]
at java.lang.Thread.run(Thread.java:748) [?:?]
Caused by: java.security.NoSuchAlgorithmException: Algorithm is missing
at org.eclipse.smarthome.binding.mqtt.handler.BrokerHandler.assignSSLContextProvider(BrokerHandler.java:144) ~[?:?]
... 10 more
Running OH2.4 on Synology with these MQTT versions:
204 │ Active │ 80 │ 1.2.1.201809150405 │ org.eclipse.paho.client.mqttv3
205 │ Active │ 80 │ 0.11.0.oh250M1 │ org.eclipse.smarthome.binding.mqtt.generic
213 │ Active │ 80 │ 0.11.0.oh250M1 │ org.eclipse.smarthome.io.transport.mqtt
221 │ Active │ 80 │ 0.11.0.oh250M1 │ org.eclipse.smarthome.io.mqttembeddedbroker
223 │ Active │ 80 │ 0.11.0.oh250M1 │ org.eclipse.smarthome.binding.mqtt
jwiseman
(Mr. Wiseman (OH 4.2 Snapshot on Pi4))
13
Thank you!
I looked around at PaperUI but could NOT find those values anywhere. I defined my THINGS vs. using PaperUI and found the 2 entries and changed them to “false” there.