Presently, the requests library is being leveraged for API call functionality. However, in managed environments, this can cause a potential issue with SSL verification as Python does not natively support AIA fetching.
Zscaler is a relatively common offender of this. In my environment, we added the Jamf Pro & Classic API to the global SSL bypass in the Zscaler admin console, and SSL verification still failed.
Proposed
The asyncio library supports asynchronous shell command execution with asyncio.create_subprocess_shell(). This can be leveraged to use /usr/bin/curlwhich does support AIA fetching. Running the command in the linked comment can verify that curl does not mention or reference OpenSSL.
Below is a basic example of how to accomplish this. The headers variable can be formatted/validated properly with use with the SDK, the below use is just a sample.
import asyncio
headers = {"Accept": "application/json", "Authorization": f"Bearer {jamf_token}"}
headers_string = " ".join(
[f'-H "{key}: {value}"' for key, value in headers.items()]
)
command = f"curl -s -X GET {headers_string} {url}"
try:
process = await asyncio.create_subprocess_shell(
command, stdout=subprocess.PIPE, stderr=subprocess.PIPE
)
stdout, stderr = await process.communicate()
except asyncio.TimeoutError as e:
logging.error(f"Request to API timed out: {e}")
raise
System Information
macOS 14.5, Python 3.10, 3.11, 3.12, Jamf Pro version 11.6.1.
Current
Presently, the
requests
library is being leveraged for API call functionality. However, in managed environments, this can cause a potential issue with SSL verification as Python does not natively support AIA fetching.Zscaler is a relatively common offender of this. In my environment, we added the Jamf Pro & Classic API to the global SSL bypass in the Zscaler admin console, and SSL verification still failed.
Proposed
The
asyncio
library supports asynchronous shell command execution withasyncio.create_subprocess_shell()
. This can be leveraged to use/usr/bin/curl
which does support AIA fetching. Running the command in the linked comment can verify that curl does not mention or reference OpenSSL.Below is a basic example of how to accomplish this. The
headers
variable can be formatted/validated properly with use with the SDK, the below use is just a sample.System Information
macOS 14.5, Python 3.10, 3.11, 3.12, Jamf Pro version 11.6.1.