Python Version: 3.6
OS: CentOS 7
Python Code
import requests
import json
import logging
proxies = {
"http": None,
"https": None,
}
headers = {
"Content-Type": "application/json",
"accept": "application/json"
}
auth = {
"username": "admin",
"password": "admin",
}
resp = requests.post("https://192.168.99.2:8002/login", headers=headers, proxies=proxies, json=auth)
resp_json = json.loads(resp.content)
logging.info("Response = {}".format(resp_json))
Output:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 710, in urlopen
chunked=chunked,
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 386, in _make_request
self._validate_conn(conn)
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 1040, in _validate_conn
conn.connect()
File "/usr/local/lib/python3.6/site-packages/urllib3/connection.py", line 426, in connect
tls_in_tls=tls_in_tls,
File "/usr/local/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 453, in ssl_wrap_socket
ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls)
File "/usr/local/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 495, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock)
File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket
_context=self, _session=session)
File "/usr/lib64/python3.6/ssl.py", line 773, in __init__
self.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 1033, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 645, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 450, in send
timeout=timeout
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 786, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File "/usr/local/lib/python3.6/site-packages/urllib3/util/retry.py", line 592, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='192.168.99.2', port=8002): Max retries exceeded with url: /login (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "my_script.py", line 20, in <module>
resp = requests.post("https://192.168.99.2:8002/login", headers=headers, proxies=proxies, json=auth)
File "/usr/local/lib/python3.6/site-packages/requests/api.py", line 117, in post
return request('post', url, data=data, json=json, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 529, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 645, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 517, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.99.2', port=8002): Max retries exceeded with url: /login (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))
Process Info:
I have a IoT product KVM (supporting Rest API calls over port 8002 and ip=192.168.99.2) running on same system. I am trying to communicate with the KVM but I am getting this certificate verify failed. I am not sure what is causing this.
When I try normal CURL commands, I am able to successfully communicate with the KVM.
$ wget --no-check-certificate https://192.168.99.2:8002/gateway_ca.crt
$ curl --cacert gateway_ca.crt -X POST "https://192.168.99.2:8002/login" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"username\":\"admin\",\"password\":\"admin\"}"
{"failed_login_attempts":0,"last_login_host":"192.168.99.1","last_login_time":"{\"sec\": 1663328807 , \"nsec\": 149641000 }","message":"","must_change_password":true,"sessions_limit_exceeded":false,"token":"bhD1eagDOpbOkDLpLOD29K3L"}
What has been tried out?
- I have tried adding the gateway_ca.crt in trusted root certificates using following commands:
$ sudo cp gateway_ca.crt /etc/pki/ca-trust/source/anchors/
$ sudo update-ca-trust extract
Tried passing verify='/usr/local/lib/python3.6/site-packages/certifi/cacert.pem' as an argument to requests.post call but still facing same issue.
Donwoloaded gateway_ca.crt and passed it as verify='path-to-gateway_ca.crt' in requests.post call but still facing same error
Tried appending contents of gateway_ca.crt to /usr/local/lib/python3.6/site-packages/certifi/cacert.pem but still system complains of certificate issues.
Tried sourcing REQUESTS_CA_BUNDLE='/etc/ssl/certs/ca-bundle.crt' but it didn't help.
Kindly guide me on what restrictions on python side might be causing this.
