yeti-platform / yeti

Your Everyday Threat Intelligence
https://yeti-platform.io/
Apache License 2.0
1.73k stars 287 forks source link

Fix error SSL: CERTIFICATE_VERIFY_FAILED when adding a MISP feed. #1046

Closed shannaniggans closed 7 months ago

shannaniggans commented 7 months ago

Needed to add in the ssl cert verify to be able to connect to a MISP instance over SSL with a self signed cert.

Error previously:

yeti-tasks     | [2024-03-21 04:16:44,631: INFO/MainProcess] Task core.taskscheduler.run_task[84b04add-de62-461a-8a79-ba39b675ea13] received
yeti-tasks     | [2024-03-21 04:16:44,636: INFO/MainProcess] Running task MispFeed (TaskType.feed)
yeti-tasks     | [2024-03-21 04:16:44,680: ERROR/MainProcess] Traceback (most recent call last):
yeti-tasks     |   File "/root/.cache/pypoetry/virtualenvs/yeti-9TtSrW0h-py3.10/lib/python3.10/site-packages/urllib3/connectionpool.py", line 467, in _make_request
yeti-tasks     |     self._validate_conn(conn)
yeti-tasks     |   File "/root/.cache/pypoetry/virtualenvs/yeti-9TtSrW0h-py3.10/lib/python3.10/site-packages/urllib3/connectionpool.py", line 1099, in _validate_conn
yeti-tasks     |     conn.connect()
yeti-tasks     |   File "/root/.cache/pypoetry/virtualenvs/yeti-9TtSrW0h-py3.10/lib/python3.10/site-packages/urllib3/connection.py", line 653, in connect
yeti-tasks     |     sock_and_verified = _ssl_wrap_socket_and_match_hostname(
yeti-tasks     |   File "/root/.cache/pypoetry/virtualenvs/yeti-9TtSrW0h-py3.10/lib/python3.10/site-packages/urllib3/connection.py", line 806, in _ssl_wrap_socket_and_match_hostname
yeti-tasks     |     ssl_sock = ssl_wrap_socket(
yeti-tasks     |   File "/root/.cache/pypoetry/virtualenvs/yeti-9TtSrW0h-py3.10/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 465, in ssl_wrap_socket
yeti-tasks     |     ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
yeti-tasks     |   File "/root/.cache/pypoetry/virtualenvs/yeti-9TtSrW0h-py3.10/lib/python3.10/site-packages/urllib3/util/ssl_.py", line 509, in _ssl_wrap_socket_impl
yeti-tasks     |     return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
yeti-tasks     |   File "/usr/local/lib/python3.10/ssl.py", line 513, in wrap_socket
yeti-tasks     |     return self.sslsocket_class._create(
yeti-tasks     |   File "/usr/local/lib/python3.10/ssl.py", line 1104, in _create
yeti-tasks     |     self.do_handshake()
yeti-tasks     |   File "/usr/local/lib/python3.10/ssl.py", line 1375, in do_handshake
yeti-tasks     |     self._sslobj.do_handshake()
yeti-tasks     | ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1007)
yeti-tasks     |
yeti-tasks     | During handling of the above exception, another exception occurred:
yeti-tasks     |
yeti-tasks     | Traceback (most recent call last):
yeti-tasks     |   File "/root/.cache/pypoetry/virtualenvs/yeti-9TtSrW0h-py3.10/lib/python3.10/site-packages/urllib3/connectionpool.py", line 793, in urlopen
yeti-tasks     |     response = self._make_request(
yeti-tasks     |   File "/root/.cache/pypoetry/virtualenvs/yeti-9TtSrW0h-py3.10/lib/python3.10/site-packages/urllib3/connectionpool.py", line 491, in _make_request
yeti-tasks     |     raise new_e
yeti-tasks     | urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1007)
yeti-tasks     |
yeti-tasks     | The above exception was the direct cause of the following exception:
yeti-tasks     |
yeti-tasks     | Traceback (most recent call last):
yeti-tasks     |   File "/root/.cache/pypoetry/virtualenvs/yeti-9TtSrW0h-py3.10/lib/python3.10/site-packages/requests/adapters.py", line 486, in send
yeti-tasks     |     resp = conn.urlopen(
yeti-tasks     |   File "/root/.cache/pypoetry/virtualenvs/yeti-9TtSrW0h-py3.10/lib/python3.10/site-packages/urllib3/connectionpool.py", line 847, in urlopen
yeti-tasks     |     retries = retries.increment(
yeti-tasks     |   File "/root/.cache/pypoetry/virtualenvs/yeti-9TtSrW0h-py3.10/lib/python3.10/site-packages/urllib3/util/retry.py", line 515, in increment
yeti-tasks     |     raise MaxRetryError(_pool, url, reason) from reason  # type: ignore[arg-type]
yeti-tasks     | urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='192.168.50.66', port=443): Max retries exceeded with url: /servers/getVersion (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1007)')))
yeti-tasks     |
yeti-tasks     | During handling of the above exception, another exception occurred:
yeti-tasks     |
yeti-tasks     | Traceback (most recent call last):
yeti-tasks     |   File "/root/.cache/pypoetry/virtualenvs/yeti-9TtSrW0h-py3.10/lib/python3.10/site-packages/pymisp/api.py", line 202, in __init__
yeti-tasks     |     response = self.recommended_pymisp_version
yeti-tasks     |   File "/root/.cache/pypoetry/virtualenvs/yeti-9TtSrW0h-py3.10/lib/python3.10/site-packages/pymisp/api.py", line 270, in recommended_pymisp_version
yeti-tasks     |     misp_version = self.misp_instance_version
yeti-tasks     |   File "/usr/local/lib/python3.10/functools.py", line 981, in __get__
yeti-tasks     |     val = self.func(instance)
yeti-tasks     |   File "/root/.cache/pypoetry/virtualenvs/yeti-9TtSrW0h-py3.10/lib/python3.10/site-packages/pymisp/api.py", line 299, in misp_instance_version
yeti-tasks     |     response = self._prepare_request('GET', 'servers/getVersion')
yeti-tasks     |   File "/root/.cache/pypoetry/virtualenvs/yeti-9TtSrW0h-py3.10/lib/python3.10/site-packages/pymisp/api.py", line 3792, in _prepare_request
yeti-tasks     |     return self.__session.send(prepped, timeout=self.timeout, **settings)
yeti-tasks     |   File "/root/.cache/pypoetry/virtualenvs/yeti-9TtSrW0h-py3.10/lib/python3.10/site-packages/requests/sessions.py", line 703, in send
yeti-tasks     |     r = adapter.send(request, **kwargs)
yeti-tasks     |   File "/root/.cache/pypoetry/virtualenvs/yeti-9TtSrW0h-py3.10/lib/python3.10/site-packages/requests/adapters.py", line 517, in send
yeti-tasks     |     raise SSLError(e, request=request)
yeti-tasks     | requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.50.66', port=443): Max retries exceeded with url: /servers/getVersion (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1007)')))
yeti-tasks     |
yeti-tasks     | During handling of the above exception, another exception occurred:
yeti-tasks     |
yeti-tasks     | Traceback (most recent call last):
yeti-tasks     |   File "/app/core/taskmanager.py", line 79, in run_task
yeti-tasks     |     task.run()
yeti-tasks     |   File "/app/plugins/feeds/public/misp.py", line 89, in run
yeti-tasks     |     self.get_organisations(instance)
yeti-tasks     |   File "/app/plugins/feeds/public/misp.py", line 39, in get_organisations
yeti-tasks     |     misp_client = PyMISP(url=instance["url"], key=instance["key"])
yeti-tasks     |   File "/root/.cache/pypoetry/virtualenvs/yeti-9TtSrW0h-py3.10/lib/python3.10/site-packages/pymisp/api.py", line 234, in __init__
yeti-tasks     |     raise PyMISPError(f'Unable to connect to MISP ({self.root_url}). Please make sure the API key and the URL are correct (http/https is required): {e}')
yeti-tasks     | pymisp.exceptions.PyMISPError: Unable to connect to MISP (https://x.x.x.x/). Please make sure the API key and the URL are correct (http/https is required): HTTPSConnectionPool(host='x.x.x.x', port=443): Max retries exceeded with url: /servers/getVersion (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1007)')))