search

C-RH-C / crhc-cli

C.RH.C API Command Line Tool
GNU General Public License v3.0
18 stars 13 forks source link

exception when there is a proxy server #106

Open waldirio opened 3 years ago

waldirio commented 3 years ago 
./crhc-v1.7.7 login --token ey...fQ
Traceback (most recent call last):
  File "urllib3/connectionpool.py", line 696, in urlopen
  File "urllib3/connectionpool.py", line 964, in _prepare_proxy
  File "urllib3/connection.py", line 421, in connect
  File "urllib3/util/ssl_.py", line 450, in ssl_wrap_socket
  File "urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
  File "ssl.py", line 365, in wrap_socket
  File "ssl.py", line 776, in __init__
  File "ssl.py", line 1036, in do_handshake
  File "ssl.py", line 648, in do_handshake
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "requests/adapters.py", line 449, in send
  File "urllib3/connectionpool.py", line 756, in urlopen
  File "urllib3/util/retry.py", line 574, in increment
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='sso.redhat.com', port=443): Max retries exceeded with url: /auth/realms/redhat-external/protocol/openid-connect/token (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "crhc.py", line 12, in <module>
  File "parse/parse.py", line 430, in main_menu
  File "parse/parse.py", line 264, in login_sub_menu
  File "credential/token.py", line 28, in set_token
  File "requests/api.py", line 117, in post
  File "requests/api.py", line 61, in request
  File "requests/sessions.py", line 542, in request
  File "requests/sessions.py", line 655, in send
  File "requests/adapters.py", line 514, in send
requests.exceptions.SSLError: HTTPSConnectionPool(host='sso.redhat.com', port=443): Max retries exceeded with url: /auth/realms/redhat-external/protocol/openid-connect/token (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))
[1044619] Failed to execute script 'crhc' due to unhandled exception!
sayan3296 commented 3 months ago

We probably need to ask end-users to ensure having the necessary CA certs added to the trust bundle of the system where crhc-cli is present and then we need to improve the binary itself to always use /etc/pki/tls/certs/ca-bundle.crt for SSL verification

sayan3296 commented 3 months ago

Maybe we can pass the verify argument with every requests call being done ?

verify="/etc/pki/tls/certs/ca-bundle.crt"
waldirio commented 3 months ago

Hello @sayan3296

Assuming the proxy variable is set, or that there is no proxy in this scenario, is the app working as expected?

The main point here is the lack of connection

urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='sso.redhat.com', port=443): Max retries exceeded with url: /auth/realms/redhat-external/protocol/openid-connect/token (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))

Not that the cert is correct or not, but that the client has no access to sso.redhat.com via 443.

I can try to break thinks here, just to improve the flow as shared above, but a real scenario would be great. Waldirio