Use a specific Root CA

[graelo]

Hi, thanks for this project!

I could not yet find how to connect to my home-assistant instance which is served via nginx with my own Root CA. My PKI works great, I don't think it's the issue here.

• I use async-std-runtime
• My local client knows about my certificate chain file (SSL_CERT_FILE, implemented by rustls-native-certs)
• I pass the wss://... url to connect_to_url()

but I still get this error:

Can't connect to gateway: TungsteniteError(Io(Custom { kind: InvalidData, error: WebPKIError(UnknownIssuer) }))

I'm happy to change a bit the code if needed and even open a PR. However note that I'm not familiar with TLS in Rust, so I'm a bit lost with the stack hass-rs/async-std/async-tls/rustls

Thanks in advance for your help!

---

Example code:

use hass_rs::client;
use url::Url;

const TOKEN: &str = "xxx";

#[async_std::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let url = Url::parse("wss://home-assistant.xxx:443/api/websocket").unwrap();
    let mut client = client::connect_to_url(url).await?;
    client.auth_with_longlivedtoken(TOKEN).await?;

    println!("Get Hass Config");
    match client.get_config().await {
        Ok(v) => println!("{:?}", v),
        Err(err) => println!("Oh no, an error: {}", err),
    }
    Ok(())
}

[danrusei]

Hi graelo,

I'm aware that this issue is old, apologies for the late reply, it was a busy period for me.
Recently I redesigned / simplify the library API, due to several issues observed with the previous version.
The main change is that the web socket connection is moved to user responsibility, instead of managing by the library, therefore you should be able to connect now without being restricted by the library.
You can check the latest version 0.3.0, and the examples provided in the Example folder, and see if it suits you.
If you still see the issue by using the new version or missing features please raise an issue.

[graelo]

Thanks a lot Dan, no worries at all.

I'll look into it for my use case, I think your refactor will indeed completely work around my issue.

[graelo]

Dan, would you consider re-introducing support for async-std? In client.rs, the Receiver and Sender are tokio::mpsc::{Receiver, Sender} only.

In the meantime, I updated client.rs in 0.3.0 and the example to work with async-std, and I can confirm I can now use my specific Root CA.

I think this issue can now be closed, the adaptation of 0.3.0 to async-std is another topic.

Thanks again.

[danrusei]

Thank you for confirming !
Meantime I have added support for async_std channels, let me know please if it works for you.
I have created also a new example using async_std runtime:
cargo run --example get_cmds_async_std --features use-async-std --no-default-features

[graelo]

Fantastic, thanks. I'll look into it within a couple of days and report back. Cheers

[graelo]

Many thanks Dan, this works perfectly both in the example and in my code. Would you publish the changes to crates.io?

Great work!!

[danrusei]

thank you graelo, appreciate ! I'll publish early next week in crates.io , as i have to double check the error handling.

[danrusei]

hello again, the new version 0.3.1 has been published. I guess we can close this issue, unless there is anything else from you.

[graelo]

Clockwork! Thanks a lot Dan. Keep up the good work!