SSL certificate error X509_load_cert_crl_file

Question

I am getting this error, when i am running my python program.

File "get_secure_log.py", line 59, in <module>
    query_sumo_logic()
  File "get_secure_log.py", line 56, in query_sumo_logic
    resp = s.post(api_endpoint)
  File "/usr/lib/python2.6/site-packages/requests/sessions.py", line 349, in post
    return self.request('POST', url, data=data, **kwargs)
  File "/usr/lib/python2.6/site-packages/requests/sessions.py", line 288, in request
    resp = self.send(prep, stream=stream, timeout=timeout, verify=verify, cert=cert, proxies=proxies)
  File "/usr/lib/python2.6/site-packages/requests/sessions.py", line 383, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.6/site-packages/requests/adapters.py", line 213, in send
    raise SSLError(e)
requests.exceptions.SSLError: [Errno 185090050] _ssl.c:330: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib

My Program.

#!/usr/bin/env python

#author : Kumar Shubham

import json
import sys
import requests
import datetime

def query_sumo_logic():
    # Set variables from options.yml file
    query = '_source=secure_logs'
    period = 90
    ldapuser = 'ldapuser'
    ldappass = 'Hldappass'
    sumouser = 'sumouser'
    sumopass = 'sumopass'
    api_endpoint = 'https://api.au.sumologic.com/api/v1/collectors?limit=2'
    proxy = 'https://{user}:{pass}@proxy-url:8080'

    # Replace placeholders in proxy for username/password with
    # LDAP user/pass
    if '{user}' in proxy:
        proxy = proxy.replace('{user}', ldapuser)
    if '{pass}' in proxy:
        proxy = proxy.replace('{pass}', ldappass)

    time_delta = datetime.timedelta(days=period)
    to = datetime.datetime.utcnow().replace(microsecond=0)
    from_ = to - time_delta

    data = {
    'query': query,
    'from': from_.isoformat(),
    'to': to.isoformat(),
    'timeZone': 'UTC'
    }
    headers = {
    'content-type': 'application/json',
    'accept': 'application/json',
    'user-agent': 'curl/7.43.0'
    }
    proxy_dict = {
    'http': proxy.replace('https', 'http'),
    'https': proxy,
    'ftp': proxy.replace('https', 'ftp')
    }

    # Set up session object including auth, proxy and headers
    s = requests.Session()
    s.auth = (sumouser, sumopass)
    s.headers.update(headers)
    s.proxies = proxy_dict

    # Create job
    resp = s.post(api_endpoint)
    print resp

query_sumo_logic()

I am thinking if i can somehow change the default ca_bundle, might work. as python uses it own ca_bundle. but in here i want to provide another ca_bundle. But i cant find a way to provide another ca_bundle to python. — Hackaholic, Aug 26 '16 at 06:20
Possible duplicate of [Adding server certificates to CA\_BUNDLE in python](http://stackoverflow.com/questions/31369633/adding-server-certificates-to-ca-bundle-in-python) — tripleee, Aug 26 '16 at 06:26
@tripleee i cant understand how to make it work, can you elaborate it. hwo can i add in python or use it with pyhton? — Hackaholic, Aug 26 '16 at 06:33
Not really sure what your problem is, but you don't appear to be passing a cert bundle. Did you read "SSL Cert Verification" in the [Requests documentation](http://docs.python-requests.org/en/master/user/advanced/)? Basically, pass a second argument to `get` (or, I guess, in your case, `post`). — tripleee, Aug 26 '16 at 06:37
agree with @tripleee. On a different note if you don't want to verify the certificate you can do the following `resp = s.post(api_endpoint, verify=False)` by default it is set to `True` http://docs.python-requests.org/en/latest/user/advanced/#ssl-cert-verification — redoc, Aug 26 '16 at 07:27

SSL certificate error X509_load_cert_crl_file

0 Answers0