search

demisto / vscode-extension

MIT License
12 stars 3 forks source link

Add possibility to ignore SSL issues for instances with self signed certificates. #38

Closed ichhabkeinbock closed 1 year ago

ichhabkeinbock commented 2 years ago

Is there any chance, that a new value in the settings will be implemented, to set verify_ssl=False / verify_ssl=True for ignoring SSL issues in requests being made to XSOAR? Instances with a self signed certificate cannot be used with this VSCode extension at the moment. Or is there any workaround?

This is the VSCode version. image

We're trying to get this work on Windows 10. The newest Demisto SDK (1.6.7) is installed via current Pip version (Python 3.10) in a virtual environment.

This is the traceback if we're trying to connect to XSOAR via demisto-sdk.exe upload.

You are using demisto-sdk 1.6.7.
Please run demisto-sdk in content repository - Aborting!
2022-06-01 10:50:07,882 WARNING Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)'))': //about
WARNING:urllib3.connectionpool:Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)'))': //about
2022-06-01 10:50:07,949 WARNING Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)'))': //about
WARNING:urllib3.connectionpool:Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)'))': //about
2022-06-01 10:50:08,014 WARNING Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)'))': //about
WARNING:urllib3.connectionpool:Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)'))': //about
Could not connect to XSOAR server. Try checking your connection configurations.

Similar errors were returned when trying to requests.get(url) where url is the XSOAR base URL (!GetServerURL in the XSOAR playground). When adding verify=False to the request, it works.

The demisto-sdk already has features in its code to ignore SSL issues, but it's not controllable via command line args and thus not controllable by this plugin. The corresponding commit to demisto/demisto-sdk is this I guess?

ichhabkeinbock commented 1 year ago

Latest release of this plugin solved the issue. But I had to add _DEMISTO_VERIFYSSL=no to my system variables.

But there are a bunch of other issues in this plugin as well as the SDK...