Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add option to disable TLS certificate validation of Onvif connection #7944

Closed
andornaut opened this issue Sep 25, 2023 · 18 comments · Fixed by #15603
Closed

Add option to disable TLS certificate validation of Onvif connection #7944

andornaut opened this issue Sep 25, 2023 · 18 comments · Fixed by #15603
Labels
enhancement New feature or request pinned

Comments

@andornaut
Copy link

Describe what you are trying to accomplish and why in non technical terms
I'd like to disable TLS certificate validation of Onvif connections to a PTZ camera that has HTTPS enabled, but does not have a valid certificate installed.

Describe the solution you'd like
I'd like there to be an option, such as onvif.tls_insecure:true to disable certificate validation.

Environment

Deployment method: Docker
Version: 0.13.0-0858859 (0.13.0 Beta 2)
Logs:

2023-09-25 11:44:43.958023107  [2023-09-25 11:44:43] frigate.ptz.onvif ERROR : 
Unable to connect to camera: REDACTED: Unknown error: 
HTTPSConnectionPool(host='REDACTED', port=443):
Max retries exceeded with url: /onvif/media_service (Caused by 
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
unable to get local issuer certificate (_ssl.c:1123)')))
2023-0
@andornaut andornaut added the enhancement New feature or request label Sep 25, 2023
@github-actions
Copy link

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale label Oct 26, 2023
@andornaut
Copy link
Author

Bumping to prevent the bot from closing this issue.

@github-actions github-actions bot removed the stale label Oct 27, 2023
Copy link

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale label Nov 26, 2023
@andornaut
Copy link
Author

Bumping to prevent the bot from closing this issue.

@NickM-27 NickM-27 removed the stale label Nov 26, 2023
Copy link

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale label Dec 27, 2023
@andornaut
Copy link
Author

Bumping to prevent the bot from closing this issue.

@github-actions github-actions bot removed the stale label Dec 28, 2023
Copy link

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale label Jan 28, 2024
@andornaut
Copy link
Author

Bump for the stale bot

@github-actions github-actions bot removed the stale label Jan 29, 2024
@Szewcson
Copy link

I also encountered that problem. Other way to solve it will be scripting adding selfsigned rootcert to the frigate container. Unfortunately I'm not figured out yet how I can run update-ca-certificates from compose yaml.

@Szewcson
Copy link

I see that is more important to fix it here, since according to that issue moby/moby#44849 appending something to entrypoint/command in docker compose is not possible at all.

Copy link

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale label Mar 30, 2024
@andornaut
Copy link
Author

Bump for the stale bot

@NickM-27 NickM-27 added pinned and removed stale labels Mar 30, 2024
@edestecd
Copy link

Same issue here. Is there any workaround?

@edestecd
Copy link

This code would prob work: FalkTannhaeuser/python-onvif-zeep#85

@edestecd
Copy link

from onvif import ONVIFCamera
from requests import Session
from zeep.transports import Transport

session = Session()
session.verify = False # Only if you need to not validate certificates, not recommended for production
transport = Transport(session=session)

# You have to specify https in the hostname for it to work properly
mycam = ONVIFCamera('https://1.1.1.1', 443, 'admin', '1234', transport=transport)

@edestecd
Copy link

IT prob needs to go in here:

class OnvifController:

I might try to edit it in my running container this evening

@scottshanafelt
Copy link

Just adding that I'm having this issue as well

@alexanderek
Copy link

Same issue

NickM-27 pushed a commit that referenced this issue Dec 19, 2024
* Adds tls_insecure to the onvif configuration

* reformat using ruff
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request pinned
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants