ssl - python 2.7.5 requests and certificate verify failed -

i having trouble using python's request package submit request puppet 3.7's rest api. have looked @ documentation here:

http://docs.python-requests.org/en/latest/user/advanced/#ssl-cert-verification

but still having trouble. here script:

[root@ppt-001 restclients]# cat add-group.py #!/usr/bin/env python  import requests  # curl https://ppt-001.example.com:4433/classifier-api/v1/groups \ # -h "content-type: application/json" \ # --cert /etc/puppetlabs/puppet/ssl/certs/ppt-001.example.com.pem \ # --key /etc/puppetlabs/puppet/ssl/private_keys/ppt-001.example.com.pem \ # --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem | python -m json.tool  url='https://ppt-001.example.com:4433/classifier-api/v1/groups' headers = {"content-type": "application/json"} data={} cacert='/etc/puppetlabs/puppet/ssl/certs/ca.pem' key='/etc/puppetlabs/puppet/ssl/private_keys/ppt-001.example.com.pem' cert='/etc/puppetlabs/puppet/ssl/certs/ppt-001.example.com.pem' result = requests.get(url,         data=data, #no data needed request         headers=headers, #dict {"content-type":"application/json"}         cert=(cacert,key), #key/cert pair          verify=cert         ) print result.json()

i using version of python:

[root@ppt-001 restclients]# python -v python 2.7.5

here happens when execute script:

[root@ppt-001 restclients]# ./add-group.py /usr/lib/python2.7/site-packages/requests-2.7.0-py2.7.egg/requests/packages/urllib3/util/ssl_.py:90: insecureplatformwarning: true sslcontext object not available. prevents urllib3 configuring ssl appropriately , may cause ssl connections fail. more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.   insecureplatformwarning traceback (most recent call last):   file "./add-group.py", line 21, in <module>     verify=cert   file "/usr/lib/python2.7/site-packages/requests-2.7.0-py2.7.egg/requests/api.py", line 69, in     return request('get', url, params=params, **kwargs)   file "/usr/lib/python2.7/site-packages/requests-2.7.0-py2.7.egg/requests/api.py", line 50, in request     response = session.request(method=method, url=url, **kwargs)   file "/usr/lib/python2.7/site-packages/requests-2.7.0-py2.7.egg/requests/sessions.py", line 465, in request     resp = self.send(prep, **send_kwargs)   file "/usr/lib/python2.7/site-packages/requests-2.7.0-py2.7.egg/requests/sessions.py", line 573, in send     r = adapter.send(request, **kwargs)   file "/usr/lib/python2.7/site-packages/requests-2.7.0-py2.7.egg/requests/adapters.py", line 431, in send     raise sslerror(e, request=request) requests.exceptions.sslerror: [errno 1] _ssl.c:504: error:14090086:ssl routines:ssl3_get_server_certificate:certificate verify failed [root@ppt-001 restclients]#

i suspect requests not self-signed cert puppet uses, if issue curl command ...

curl https://ppt-001.example.com:4433/classifier-api/v1/groups \ -h "content-type: application/json" \ --cert /etc/puppetlabs/puppet/ssl/certs/ppt-001.example.com.pem \ --key /etc/puppetlabs/puppet/ssl/private_keys/ppt-001.example.com.pem \ --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem | python -m json.tool

... works fine.

update:

i have install requests[security]:

    [root@ppt-001 restclients]# pip install requests[security]     requirement satisfied (use --upgrade upgrade): requests[security] in /usr/lib/python2.7/site-packages/requests-2.7.0-py2.7.egg       installing requirements: 'security'     requirement satisfied (use --upgrade upgrade): pyopenssl in /usr/lib64/python2.7/site-packages (from requests[security])     downloading/unpacking ndg-httpsclient (from requests[security])       downloading ndg_httpsclient-0.4.0.tar.gz       running setup.py egg_info package ndg-httpsclient      downloading/unpacking pyasn1 (from requests[security])       downloading pyasn1-0.1.7.tar.gz (68kb): 68kb downloaded       running setup.py egg_info package pyasn1      installing collected packages: ndg-httpsclient, pyasn1       running setup.py install ndg-httpsclient         skipping installation of /usr/lib/python2.7/site-packages/ndg/__init__.py (namespace package)          installing /usr/lib/python2.7/site-packages/ndg_httpsclient-0.4.0-py2.7-nspkg.pth         installing ndg_httpclient script /usr/bin       running setup.py install pyasn1      installed ndg-httpsclient pyasn1     cleaning up...

but putput when run script:

    [root@ppt-001 restclients]# ./add-group.py     traceback (most recent call last):       file "./add-group.py", line 25, in <module>         verify=cert       file "/usr/lib/python2.7/site-packages/requests-2.7.0-py2.7.egg/requests/api.py", line 69, in         return request('get', url, params=params, **kwargs)       file "/usr/lib/python2.7/site-packages/requests-2.7.0-py2.7.egg/requests/api.py", line 50, in request         response = session.request(method=method, url=url, **kwargs)       file "/usr/lib/python2.7/site-packages/requests-2.7.0-py2.7.egg/requests/sessions.py", line 465, in request         resp = self.send(prep, **send_kwargs)       file "/usr/lib/python2.7/site-packages/requests-2.7.0-py2.7.egg/requests/sessions.py", line 573, in send         r = adapter.send(request, **kwargs)       file "/usr/lib/python2.7/site-packages/requests-2.7.0-py2.7.egg/requests/adapters.py", line 370, in send         timeout=timeout       file "/usr/lib/python2.7/site-packages/requests-2.7.0-py2.7.egg/requests/packages/urllib3/connectionpool.py", line 544, in urlopen         body=body, headers=headers)       file "/usr/lib/python2.7/site-packages/requests-2.7.0-py2.7.egg/requests/packages/urllib3/connectionpool.py", line 341, in _make_request         self._validate_conn(conn)       file "/usr/lib/python2.7/site-packages/requests-2.7.0-py2.7.egg/requests/packages/urllib3/connectionpool.py", line 761, in _validate_conn         conn.connect()       file "/usr/lib/python2.7/site-packages/requests-2.7.0-py2.7.egg/requests/packages/urllib3/connection.py", line 238, in connect         ssl_version=resolved_ssl_version)       file "/usr/lib/python2.7/site-packages/requests-2.7.0-py2.7.egg/requests/packages/urllib3/contrib/pyopenssl.py", line 260, in ssl_wrap_socket         ctx.use_privatekey_file(keyfile)     openssl.ssl.error: [('x509 certificate routines', 'x509_check_private_key', 'key values mismatch')]

    cert=(cacert,key), #key/cert pair      verify=cert .... openssl.ssl.error: [('x509 certificate routines', 'x509_check_private_key', 'key values mismatch')]

i think need use (cert,key) cert , use cacert instead verification:

    cert=(cert,key), #key/cert pair      verify=cacert

Search This Blog

Lix

ssl - python 2.7.5 requests and certificate verify failed -

Comments

Post a Comment

Popular posts from this blog

Email notification in google apps script -

c++ - Difference between pre and post decrement in recursive function argument -

javascript - IE11 incompatibility with jQuery's 'readonly'? -