SSL Context Vertification

Question

SSL Context Vertification

Closed this issue 9 years ago · 5 comments

While trying the basic example (or any other example) in SC4 (https://github.com/SteveMcGrath/pySecurityCenter/tree/master/examples/sc4/basic_example) receving the following error:

Traceback (most recent call last):
File "example.py", line 13, in
sc = SecurityCenter(host,username,password)
File "/opt/python/lib/python2.7/site-packages/securitycenter/sc4.py", line 100, in init
self.system = self._system()
File "/opt/python/lib/python2.7/site-packages/securitycenter/sc4.py", line 914, in _system
return self.raw_query('system', 'init')
File "/opt/python/lib/python2.7/site-packages/securitycenter/sc4.py", line 332, in raw_query
data = self._request(module, action, data, headers, dejson, filename)
File "/opt/python/lib/python2.7/site-packages/securitycenter/sc4.py", line 288, in _request
resp = urlopen(Request(self._url, payload, headers), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1))
File "/opt/python/lib/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/opt/python/lib/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/opt/python/lib/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/opt/python/lib/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/opt/python/lib/python2.7/urllib2.py", line 1240, in https_open
context=self._context)
File "/opt/python/lib/python2.7/urllib2.py", line 1197, in do_open
raise URLError(err)
urllib2.URLError: urlopen error [Errno -2] Name or service not known

I believe this is due to the SSL certificate on our SC instance. For our own scripts we have been using the below to get past the SSL issue:

ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE

An option needs to be present to set the SSL vertification mode in the module.

Answer 1 · 2015-12-08T16:28:49.000Z

Yeah this has all become an issue post 2.7.9. Can you replace the sc4.py file with the one in the commit and let me know if that addresses this? I need to get the sc4 module off of httplib and urllib and on requests...

Answer 2 · 2015-12-08T17:51:15.000Z

Just grabbed the new sc4.py but same error :\

Answer 3 · 2015-12-08T17:51:53.000Z

what version of python?

Answer 4 · 2015-12-08T17:52:44.000Z

Python 2.7.10

Answer 5 · 2015-12-08T18:11:47.000Z

Well, I'll eat some crow on the second portion. I had accidently added in the https:// to the host field. Works like a champ now with the modified ctx portion. Thanks!