![](/img/trans.png)
[英]Django paypalrestsdk error - OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]
[英]Hashicorp python client hvac issue:- "bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed'
我正在為我的 Hashicorp 服務器使用以下 config.hcl,
disable_mlock = true
storage "file" {
path = "/etc/secrets"
}
listener "tcp" {
address = "10.xx.xx.xx:8200"
tls_cert_file = "/etc/certs/selfsigned.crt"
tls_key_file = "/etc/certs/selfsigned.key"
}
當我執行保險庫操作時它工作正常,但是當我嘗試使用 hvac python 庫訪問它時,我收到 SSL 錯誤。 我用來從python連接到hashicorp服務器的代碼是,
import hvac
client = hvac.Client(url='https://10.xx.xx.xx:8200', cert=('/etc/certs/selfsigned.crt', '/etc/certs/selfsigned.key'))
client.token = 'd460cb82-08aa-4b97-8655-19b6593b262d'
client.is_authenticated()
我得到的完整錯誤跟蹤如下:-
回溯(最近通話最后一個):文件“”,1號線,在文件“/usr/local/lib/python2.7/dist-packages/hvac/v1/初始化的.py”,線路552,在is_authenticated self.lookup_token () File "/usr/local/lib/python2.7/dist-packages/hvac/v1/ init .py", line 460, in lookup_token return self._get('/v1/auth/token/lookup-self' ,wrap_ttl = wrap_ttl)上傳.json()文件“/usr/local/lib/python2.7/dist-packages/hvac/v1/ INIT py”為,線1236,在返回_GET自我。 request('get', url, **kwargs) 文件 "/usr/local/lib/python2.7/dist-packages/hvac/v1/__init .py", line 1264, in __request allow_redirects=False, **_kwargs ) 文件“/usr/local/lib/python2.7/dist-packages/requests/sessions.py”,第 512 行,請求 resp = self.send(prep, **send_kwargs) 文件“/usr/local/lib /python2.7/dist-packages/requests/sessions.py", line 622, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python2.7/dist-packages/ requests/adapters.py", line 511, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='10.xx.xx.xx', port=8200): Max retries exceeded with url: /v1/auth/token/lookup-self (由 SSLError(SSLError("bad handshake: Error([('SSLroutines', 'tls_process_server_certificate', 'certificate verify failed')],)",),) )
根據 hvac 文檔Using TLS with client-side certificate authentication ,您需要指定verify=server_cert_path
參數。
測試如下,我可以得到預期的結果。 順便說一句,無論有沒有token
參數,它都可以成功運行。
import hvac
client = hvac.Client(url='https://127.0.0.1:8200',
token='xxxxxxxx',
cert=('server.crt',
'server.key'),
verify='ca.crt')
res = client.is_authenticated()
print("res:", res)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.