[英]Hashicorp python client hvac issue:- "bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed'
我正在為我的 Hashicorp 服務器使用以下 config.hcl,
disable_mlock = true
storage "file" {
path = "/etc/secrets"
}
listener "tcp" {
address = "10.xx.xx.xx:8200"
tls_cert_file = "/etc/certs/selfsigned.crt"
tls_key_file = "/etc/certs/selfsigned.key"
}
當我執行保險庫操作時它工作正常,但是當我嘗試使用 hvac python 庫訪問它時,我收到 SSL 錯誤。 我用來從python連接到hashicorp服務器的代碼是,
import hvac
client = hvac.Client(url='https://10.xx.xx.xx:8200', cert=('/etc/certs/selfsigned.crt', '/etc/certs/selfsigned.key'))
client.token = 'd460cb82-08aa-4b97-8655-19b6593b262d'
client.is_authenticated()
我得到的完整錯誤跟蹤如下:-
回溯(最近通話最后一個):文件“”,1號線,在文件“/usr/local/lib/python2.7/dist-packages/hvac/v1/初始化的.py”,線路552,在is_authenticated self.lookup_token () File "/usr/local/lib/python2.7/dist-packages/hvac/v1/ init .py", line 460, in lookup_token return self._get('/v1/auth/token/lookup-self' ,wrap_ttl = wrap_ttl)上傳.json()文件“/usr/local/lib/python2.7/dist-packages/hvac/v1/ INIT py”為,線1236,在返回_GET自我。 request('get', url, **kwargs) 文件 "/usr/local/lib/python2.7/dist-packages/hvac/v1/__init .py", line 1264, in __request allow_redirects=False, **_kwargs ) 文件“/usr/local/lib/python2.7/dist-packages/requests/sessions.py”,第 512 行,請求 resp = self.send(prep, **send_kwargs) 文件“/usr/local/lib /python2.7/dist-packages/requests/sessions.py", line 622, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python2.7/dist-packages/ requests/adapters.py", line 511, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='10.xx.xx.xx', port=8200): Max retries exceeded with url: /v1/auth/token/lookup-self (由 SSLError(SSLError("bad handshake: Error([('SSLroutines', 'tls_process_server_certificate', 'certificate verify failed')],)",),) )
根據 hvac 文檔Using TLS with client-side certificate authentication ,您需要指定verify=server_cert_path參數。
測試如下,我可以得到預期的結果。 順便說一句,無論有沒有token參數,它都可以成功運行。
import hvac
client = hvac.Client(url='https://127.0.0.1:8200',
token='xxxxxxxx',
cert=('server.crt',
'server.key'),
verify='ca.crt')
res = client.is_authenticated()
print("res:", res)
Django paypalrestsdk錯誤-OpenSSL.SSL.Error:[(“ SSL例程”,“ tls_process_server_certificate”,“證書驗證失敗”))
[英]Django paypalrestsdk error - OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]
python請求模塊中的tls_process_server_certificate
[英]tls_process_server_certificate in python request module
在python中抑制'SSL例程:SSL3_GET_SERVER_CERTIFICATE:證書驗證失敗'錯誤
[英]Suppress 'SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed' errors in python
SSL錯誤:例程:SSL3_GET_SERVER_CERTIFICATE:證書驗證失敗
[英]SSL error : routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
SSLError(“不好的握手:錯誤([(''SSL例程','tls_process_ske_dhe','dh密鑰太小',在Python中
[英]SSLError("bad handshake: Error([('SSL routines', 'tls_process_ske_dhe', 'dh key too small' in Python
身份驗證失敗:[Errno 1] _ssl.c:510:錯誤:14090086:SSL例程:SSL3_GET_SERVER_CERTIFICATE:證書驗證失敗
[英]Authentication failed: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
SSLError:[Errno 1] _ssl.c:510:錯誤:14090086:SSL例程:SSL3_GET_SERVER_CERTIFICATE:證書驗證失敗
[英]SSLError: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
如何允許 python 信任我服務器的 TLS 自簽名證書:ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] 證書驗證失敗
[英]How to allow python to trust my server's TLS self-signed certificate: ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.