Skip to content

openssl and HomeKit

Jump to bottom
Troy Prelog edited this page Sep 23, 2020 · 6 revisions

Thanks goes to @RafalLukawiecki for providing the keys to this solution

HomeKit requires openssl 1.1.0 or later as the HomeKit Accessory Protocol (HAP) uses the ChaCha20 stream cipher and the Poly1305 authenticator. Please beware that the 11.3-RELEASE base only contains openssl 1.0.2.

An 11.3-RELEASE jail, including the FreeNAS 11.3 Community plugin can be updated to use openssl 1.1.1 following these steps. This should allow HomeKit to work again, however using this current approach will break the Z-Wave (1.4) integration. A second workaround will also be required if you want to use both Z-Wave and HomeKit in the same 11.3-RELEASE jail.

To fix or update openssl using the Community Plugin

Connect to the jail's console and install openssl from the FreeBSD package repo

iocage console $_JAIL_NAME
# Press 0 to exit the menu
pkg install -y openssl

Next, set the homeassistant service to use the updated openssl

sysrc homeassistant_openssl="package"

Finally, reinstall Home Assistant

  • This will reinstall the same version of Home Assistant you are currently running
  • When asked, answer yes to clear the pip cache
service homeassistant reinstall

example output from reinstall command

root@homeassistant:~ # service homeassistant reinstall

You are about to recreate the virtualenv: /usr/local/share/homeassistant
The following packages will be reinstalled: homeassistant==0.112.5
 Type 'YES' to continue: yes

Do you want to clear the pip cache?
 Type 'YES' to clear cache: yes

To fix or update openssl in a manually created jail

Connect to the jail console, stop the homeassistant service, then install the updated openssl

iocage console $_JAIL_NAME
service homeassistant stop
pkg install -y openssl

Switch to the user homeassistant (or who ever runs HA) and create a .profile in that user's home directory

su - homeassistant
ee .profile

Add the following lines to .profile

export PATH=/usr/local/sbin:/usr/local/bin:${PATH}
export CPATH=/usr/local/include
export LIBRARY_PATH=/usr/lib:/usr/local/lib

You can source this file to apply the changes

source .profile

Now a quick check to make sure we have the updated openssl

openssl version

## output
OpenSSL 1.1.1g  21 Apr 2020

Next, still as user homeassistant (or who ever runs HA), activate the virtualenv and clear the pip cache

source /usr/local/share/homeassistant/bin/activate
pip cache purge

Finally, reinstall homeassistant using the updated openssl

pip install --force-reinstall homeassistant
deactivate && exit

Start the homeassistant service

service homeassistant start

Try again to use HomeKit!

Wiki Links

Home

Updating Home Assistant

Updating Python

Manually installing packages

Move Config to an External dataset

Access Config using an SMB Share

Attention FreeNAS Users

No More HASS - V5 Breaking Changes

Clone this wiki locally