SSL: CERTIFICATE_VERIFY_FAILED

[ftiff]

It seem that by default SSL is set to verify (contrary to your README):

francoiss-macbook-pro:jss_helper fti$ ./jss_helper policy
Traceback (most recent call last):
  File "./jss_helper", line 107, in <module>
    main()
  File "./jss_helper", line 100, in main
    args.func(args)
  File "/Users/fti/Git/jss_helper/jss_helper_lib/tools.py", line 274, in search_func
    results = search_for_object(obj_method, args.search)
  File "/Users/fti/Git/jss_helper/jss_helper_lib/tools.py", line 127, in search_for_object
    results = obj_method()
  File "/Library/Python/2.7/site-packages/python_jss-1.5.0-py2.7.egg/jss/jamf_software_server.py", line 745, in Policy
    return self.factory.get_object(jssobjects.Policy, data, subset)
  File "/Library/Python/2.7/site-packages/python_jss-1.5.0-py2.7.egg/jss/jamf_software_server.py", line 875, in get_object
    return self.get_list(obj_class, data, subset)
  File "/Library/Python/2.7/site-packages/python_jss-1.5.0-py2.7.egg/jss/jamf_software_server.py", line 901, in get_list
    result = self.jss.get(url)
  File "/Library/Python/2.7/site-packages/python_jss-1.5.0-py2.7.egg/jss/jamf_software_server.py", line 200, in get
    response = self.session.get(request_url)
  File "/Library/Python/2.7/site-packages/requests-2.18.4-py2.7.egg/requests/sessions.py", line 521, in get
    return self.request('GET', url, **kwargs)
  File "/Library/Python/2.7/site-packages/requests-2.18.4-py2.7.egg/requests/sessions.py", line 508, in request
    resp = self.send(prep, **send_kwargs)
  File "/Library/Python/2.7/site-packages/requests-2.18.4-py2.7.egg/requests/sessions.py", line 618, in send
    r = adapter.send(request, **kwargs)
  File "/Library/Python/2.7/site-packages/requests-2.18.4-py2.7.egg/requests/adapters.py", line 506, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='localhost', port=8444): Max retries exceeded with url: /JSSResource/policies (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)'),))
francoiss-macbook-pro:jss_helper fti$

I could disable SSL verify with: $ defaults write ~/Library/Preferences/com.github.sheagcraig.python-jss.plist verify -bool false

[mikevmeyer]

I'm not sure what you're trying to accomplish here, but all I can see is that your syntax doesn't look right. For example, if you're trying to list all the policies in your JSS, I simply type:

jss_helper policy

Some of the other stuff you've got going in your command don't look right for some reason.

[ftiff]

that's what I did, I typed ./jss_helper policy and got the output below :)

[mikevmeyer]

take out the "./" bit.

Does that make a difference?

[badstreff]

I think at some point the requests library switch the default to verify SSL. I wonder if the README should be updated or the code.

[sheagcraig]

jss_helper needs to be verified top to bottom and updated to work with the testing release of python-jss.

There are a lot of legacy unicode and SSL issues that this will resolve. Catching any typos or mistakes in the documentation will also have to happen as well.

So I'll definitely look into this; in terms of timing, since JSSImporter is the biggest "consumer" of python-jss, I'm waiting to get a thumbs up from enough testers that it works for them to release, after which I could begin the process of updating the smaller projects that make use of python-jss.

[krispayne]

Is Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_read_bytes', 'sslv3 alert handshake failure')],)",),) related to this?

I've only recently started seeing this occur. I recently upgraded my JSS to 10.5, so it's possible that something has changed in the JSS with regards to SSL/TLS.

[grahampugh]

Hi all, can you try 2.1.0b1? Note that you should already have JSSImporter set up, because this new version relies on the latest python-jss which is installed by JSSImporter.