SamuelHassine
commented
2 years ago Authorize self signed certificate in this connector, as a configuration parameter.
Open lesservehicle opened 2 years ago
SamuelHassine
commented
2 years ago Authorize self signed certificate in this connector, as a configuration parameter.
Description
Behind a corporate proxy, the Virustotal enrichment connector will fail
Environment
OS: RedHat 7, on Docker 1.13.1
OpenCTI version: 5
OpenCTI client: Frontend
Reproducible Steps
Steps to create the smallest reproducible scenario:
Run the Virustotal enrichment connector behind a proxy that intercepts HTTPS
Expected Output
A successful connection to the Virustotal API
Actual Output
WARNING:urllib3.connectionpool:Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)'))': /api/v3/urls/aHR0cDovLzE3NS45OC4yMDAuMjoxOTYxNS8uaQ
ERROR:virustotal.client:[VirusTotal] Error connecting: HTTPSConnectionPool(host='www.virustotal.com', port=443): Max retries exceeded with url: /api/v3/urls/aHR0cDovLzE3NS45OC4yMDAuMjoxOTYxNS8uaQ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)')))
ERROR:root:Error in message processing, reporting error to API
Additional information
The use of Certifi in connectors/internal-enrichment/virustotal/src/virustotal/client.py should rectify this issue, as it will allow the user to load a certificate chain.
Example:
import certifi...requests.get(url=url, cert=certifi.where())