stackoom
  简体   繁体   中英

Hashicorp python client hvac issue:- "bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed'

 原文  2018-10-17 11:09:08       python/ ssl/ tls1.2/ hashicorp-vault

Question

I am using the following config.hcl for my Hashicorp server,

disable_mlock = true

storage "file" {
  path = "/etc/secrets"
}

listener "tcp" {
 address     = "10.xx.xx.xx:8200"
 tls_cert_file = "/etc/certs/selfsigned.crt"
 tls_key_file  = "/etc/certs/selfsigned.key"
}

it is working fine when i perform vault operations, But when i try reach it using hvac python library i am getting SSL error. The code i am using to connect to hashicorp server from python is,

import hvac
client = hvac.Client(url='https://10.xx.xx.xx:8200', cert=('/etc/certs/selfsigned.crt', '/etc/certs/selfsigned.key'))
client.token = 'd460cb82-08aa-4b97-8655-19b6593b262d'
client.is_authenticated()

The full error trace i am getting is as follows:-

Traceback (most recent call last): File "", line 1 , in File "/usr/local/lib/python2.7/dist-packages/hvac/v1/ init .py", line 552, in is_authenticated self.lookup_token() File "/usr/local/lib/python2.7/dist-packages/hvac/v1/ init .py", line 460, in lookup_token return self._get('/v1/auth/token/lookup-self', wrap_ttl=wrap_ttl).json() File "/usr/local/lib/python2.7/dist-packages/hvac/v1/ init .py", line 1236, in _get return self. request('get', url, **kwargs) File "/usr/local/lib/python2.7/dist-packages/hvac/v1/__init .py", line 1264, in __request allow_redirects=False, **_kwargs) File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 512, in request resp = self.send(prep, **send_kwargs) File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 622, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 511, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='10.xx.xx.xx', port=8200): Max retries exceeded with url: /v1/auth/token/lookup-self (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

1 answers

solution1
 1  2020-02-12 07:23:35

According to hvac documentation Using TLS with client-side certificate authentication , you need to specify verify=server_cert_path parameter.

Testing as below, i can get results as expected. btw with or without token parameter, it could run successfully.

import hvac

client = hvac.Client(url='https://127.0.0.1:8200',
                     token='xxxxxxxx',
                     cert=('server.crt',
                           'server.key'),
                     verify='ca.crt')

res = client.is_authenticated()
print("res:", res)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Django paypalrestsdk error - OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')] tls_process_server_certificate in python request module Suppress 'SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed' errors in python SSL error : routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed SSLError("bad handshake: Error([('SSL routines', 'tls_process_ske_dhe', 'dh key too small' in Python Authentication failed: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed SSLError: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Python client - SSL lib - certificate verify failed Python - Issue SSL: CERTIFICATE_VERIFY_FAILED How to allow python to trust my server's TLS self-signed certificate: ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM