search

conjurinc / api-python

A Python client for the Conjur API
http://conjur.net
Apache License 2.0
1 stars 5 forks source link

SSL verify #2

Closed pradeepk7 closed 9 years ago

pradeepk7 commented 10 years ago

Currently, verify_ssl is set to false:

conjur.configure(
        appliance_url='https://my.conjur.master/api',
        account='netflix',
        verify_ssl=False
    )

Without this setting, we get the following error:

2014-04-28 11:20:57,291 [requests.packages.urllib3.connectionpool][INFO    ] Starting new HTTPS connection (1): my.conjur.master
2014-04-28 11:20:57,337 [salt.utils.event ][ERROR   ] Failed to execute runner: <bound method ReactWrap.runner of <salt.utils.event.ReactWrap object at 0x2395a90>>
Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/salt/utils/event.py", line 613, in run
    ret = l_fun(*f_call.get('args', ()), **f_call.get('kwargs', {}))
  File "/usr/lib/pymodules/python2.7/salt/utils/event.py", line 634, in runner
    return runner.low(fun, kwargs)
  File "/usr/lib/pymodules/python2.7/salt/runner.py", line 138, in low
    ret = l_fun(*f_call.get('args', ()), **f_call.get('kwargs', {}))
  File "/srv/runners/bastion_user.py", line 21, in init
    _add_conjur_user(user_id, pubkey)
  File "/srv/runners/bastion_user.py", line 73, in _add_conjur_user
    if not user.exists():
  File "/usr/local/lib/python2.7/dist-packages/Conjur-0.1.0-py2.7.egg/conjur/user.py", line 32, in exists
    resp = self.api.get(self.url(), check_errors=False)
  File "/usr/local/lib/python2.7/dist-packages/Conjur-0.1.0-py2.7.egg/conjur/api.py", line 125, in get
    return self.request('get', url, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/Conjur-0.1.0-py2.7.egg/conjur/api.py", line 104, in request
    headers['Authorization'] = self.auth_header()
  File "/usr/local/lib/python2.7/dist-packages/Conjur-0.1.0-py2.7.egg/conjur/api.py", line 85, in auth_header
    token = self.authenticate()
  File "/usr/local/lib/python2.7/dist-packages/Conjur-0.1.0-py2.7.egg/conjur/api.py", line 74, in authenticate
    response = requests.post(url, self.api_key, verify=self.config.verify_ssl)
  File "/usr/local/lib/python2.7/dist-packages/requests-2.2.1-py2.7.egg/requests/api.py", line 88, in post
    return request('post', url, data=data, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests-2.2.1-py2.7.egg/requests/api.py", line 44, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests-2.2.1-py2.7.egg/requests/sessions.py", line 383, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests-2.2.1-py2.7.egg/requests/sessions.py", line 486, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests-2.2.1-py2.7.egg/requests/adapters.py", line 385, in send
    raise SSLError(e)
SSLError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Certificate validity should be verified.

~PK

dustinmm80 commented 9 years ago

This was fixed in release v0.3.1