search

beufanet / gazpar

Script to fetch GRDF data and push data to InfluxDB
11 stars 8 forks source link

CERTIFICATE_VERIFY_FAILED #5

Closed philuxe closed 3 years ago

philuxe commented 4 years ago

Bonjour,

Impossible de se connecter à https://monespace.grdf.fr/monespace/particulier

python3 gazinflux.py --days=5

2020-12-04 15:18:35,507 logging in InfluxDB Server Host 192.168.1.87... 2020-12-04 15:18:35,507 logged in InfluxDB Server Host 192.168.1.87 succesfully 2020-12-04 15:18:35,507 logging in GRDF URI https://monespace.grdf.fr/monespace/particulier... Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 600, in urlopen chunked=chunked) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 343, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 841, in _validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 344, in connect sslcontext=context) File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 345, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.7/ssl.py", line 412, in wrap_socket session=session File "/usr/lib/python3.7/ssl.py", line 853, in _create self.do_handshake() File "/usr/lib/python3.7/ssl.py", line 1117, in do_handshake self._sslobj.do_handshake() ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/lib/python3/dist-packages/requests/adapters.py", line 449, in send timeout=timeout File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 638, in urlopen _stacktrace=sys.exc_info()[2]) File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 398, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='monespace.grdf.fr', port=443): Max retries exceeded with url: /web/guest/monespace?p_p_id=EspacePerso_WAR_EPportlet&p_p_lifecycle=2&p_p_state=normal&p_p_mode=view&p_p_cacheability=cacheLevelPage&p_p_col_id=column-2&p_p_col_count=1&_EspacePerso_WAR_EPportlet__jsfBridgeAjax=true&_EspacePerso_WAR_EPportlet__facesViewIdResource=%2Fviews%2FespacePerso%2FseconnecterEspaceViewMode.xhtml (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "gazinflux.py", line 109, in main token = gazpar.login(params['grdf']['username'], params['grdf']['password']) File "/home/pblavier/SCRIPTS/beufanet-gazpar/gazpar.py", line 93, in login session.get(LOGIN_BASE_URI + API_ENDPOINT_LOGIN, data=payload, allow_redirects=False) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 546, in get return self.request('GET', url, kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 533, in request resp = self.send(prep, send_kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='monespace.grdf.fr', port=443): Max retries exceeded with url: /web/guest/monespace?p_p_id=EspacePerso_WAR_EPportlet&p_p_lifecycle=2&p_p_state=normal&p_p_mode=view&p_p_cacheability=cacheLevelPage&p_p_col_id=column-2&p_p_col_count=1&_EspacePerso_WAR_EPportlet__jsfBridgeAjax=true&_EspacePerso_WAR_EPportlet__facesViewIdResource=%2Fviews%2FespacePerso%2FseconnecterEspaceViewMode.xhtml (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "gazinflux.py", line 201, in main() File "gazinflux.py", line 112, in main logging.error("unable to login on %s : %s", gazpar.API_BASE_URI, exc) NameError: name 'exc' is not defined

beufanet commented 3 years ago

Don't know why grdf has an issue with SSL requests. While I found time for debugging, you could use verify=False on some session lines. Yes I know it's bad, but it fix temporary the issue ;) 

diff --git a/gazpar.py b/gazpar.py
index 6c13739..9ada469 100644
--- a/gazpar.py
+++ b/gazpar.py
@@ -90,9 +90,9 @@ def login(username, password):

     session.cookies['KPISavedRef'] ='https://monespace.grdf.fr/monespace/connexion'

-    session.get(LOGIN_BASE_URI + API_ENDPOINT_LOGIN, data=payload, allow_redirects=False)
+    session.get(LOGIN_BASE_URI + API_ENDPOINT_LOGIN, data=payload, allow_redirects=False, verify=False)

-    req = session.post(LOGIN_BASE_URI + API_ENDPOINT_LOGIN, data=payload, allow_redirects=False)
+    req = session.post(LOGIN_BASE_URI + API_ENDPOINT_LOGIN, data=payload, allow_redirects=False, verify=False)

     javaxvs=parse_lxml(req.text)
philuxe commented 3 years ago

sans le check du certificat ca fonctionne, ils sont signés par dhimyotis, ca doit être une autorité FR. Cette CA doit pas être trustée par le store de nos machines (ou le store utilisé par python, je sais pas comment python compare un certificat avec un certificate store)

beufanet commented 3 years ago

C'est fixé en important la CA. C'est pas très propre, mais c'est le seul moyen d'avoir la CA Root depuis python me semble-t-il.