search

abrasive / nxBender

Open source client for netExtender SSL VPNs
BSD 3-Clause "New" or "Revised" License
41 stars 20 forks source link

Unhandled error with self signed certificate, unable to print fingerprint #12

Open ilarrain opened 4 years ago

ilarrain commented 4 years ago

Expected: Connection rejected, fingerprint printed.

Got: Chain of unhandled errors:

System: Ubuntu 20.04 Linux lenovo-ila 5.4.0-34-generic #38-Ubuntu SMP Mon May 25 15:46:55 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux Python 3.8.2

Package                Version      
---------------------- -------------
colorlog               4.1.0        
ConfigArgParse         1.2.3        
ipaddress              1.0.23       
nxBender               0.3.0        
pyroute2               0.5.12       
requests               2.22.0       
urllib3                1.25.8

Error log:

$ nxBender -s 123.123.123.123 -P 4433 -u user -p pass -d localDomain
INFO     Logging in...
ERROR    SSL error: HTTPSConnectionPool(host='123.123.123.123', port=4433): Max retries exceeded with url: /cgi-bin/userLogin (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1108)')))
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen
    httplib_response = self._make_request(
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 352, in connect
    self.sock = ssl_wrap_socket(
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 383, in ssl_wrap_socket
    return context.wrap_socket(sock)
  File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/lib/python3.8/ssl.py", line 1040, in _create
    self.do_handshake()
  File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1108)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
    resp = conn.urlopen(
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen
    retries = retries.increment(
  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='123.123.123.123', port=4433): Max retries exceeded with url: /cgi-bin/userLogin (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1108)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/nxbender/__init__.py", line 66, in main
    sess.run()
  File "/usr/local/lib/python3.8/dist-packages/nxbender/nx.py", line 45, in run
    self.login(
  File "/usr/local/lib/python3.8/dist-packages/nxbender/nx.py", line 58, in login
    resp = self.session.post('https://%s/cgi-bin/userLogin' % self.host,
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 581, in post
    return self.request('POST', url, data=data, json=json, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='123.123.123.123', port=4433): Max retries exceeded with url: /cgi-bin/userLogin (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1108)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/nxBender", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.8/dist-packages/nxbender/__init__.py", line 70, in main
    sslconn.print_fingerprint(args.server)
  File "/usr/local/lib/python3.8/dist-packages/nxbender/sslconn.py", line 33, in print_fingerprint
    conn = SSLConnection(None, host, 443)
  File "/usr/local/lib/python3.8/dist-packages/nxbender/sslconn.py", line 15, in __init__
    sock.connect((host, port))
ConnectionRefusedError: [Errno 111] Connection refused
hmaarrfk commented 2 years ago

Did you ever find a workaround? Just looking for a temporary solution before setting up a real VPN behind this TZ I have.