[RESOLVED] SSL Error

Questions about WAPT Packaging / Requests and help regarding Wapt packages.
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
PatrickW
Messages: 3
Registration: July 5, 2017 - 3:46 PM

July 4, 2022 - 1:27 PM

Hello,
I just upgraded to WAPT 2.2 Discovery from version 1.8. The server is running Debian and the client machines are running Windows 10.
One of my packages uses the script "Encryption of sensitive data contained in a WAPT package" which is in the documentation.
When I try to update it, I get an "SSL: CERTIFICATE_VERIFY_FAILED" error.
Could you give me some pointers on how to get my package working again?
Thank you in advance,
Have a good day
, P. Perrier
Last edited by PatrickW on 06 Jul 2022 - 16:17, edited 1 time.
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

July 4, 2022 - 1:29 PM

Hello,

the easiest way is to provide the package's setup.py file to help you...

as well as the exit error.

Simon Fonteneau
High
PatrickW
Messages: 3
Registration: July 5, 2017 - 3:46 PM

July 4, 2022 - 3:11 PM

Here is the package code:

Code: Select all

# -*- coding: utf-8 -*-
from setuphelpers import *
import json
from waptcrypto import SSLCertificate
import waptguihelper
import base64

uninstallkey = []

def install():
    encryptlist = json.loads(open('encrypt-txt.json','r').read())
    if WAPT.host_uuid in encryptlist:
        host_key = WAPT.get_host_key()
        v=base64.b64decode(encryptlist[WAPT.host_uuid])
        encrypttxt = host_key.decrypt(v).decode('utf-8')
        #print( ur'Here is the deciphered text :  %s' % encrypttxt)
        print("changement compte secondaire")
        run(r'net user USERDS /add',accept_returncodes=[0,2])
        run(r'net user USERDS %s' % encrypttxt ,accept_returncodes=[0,2])
        run(r'net localgroup Administrateurs /add USERDS',accept_returncodes=[0,2])
    else:
        error('%s not found in encrypt-txt.json' % WAPT.host_uuid)

def update_package():
    urlserver = inifile_readstring(makepath(install_location('WAPT_is1'),'wapt-get.ini'),'global','wapt_server').replace('https://','')
    encrypttxt = input('Enter the text to be encrypted :')
    encryptlist = {}
    credentials_url = waptguihelper.login_password_dialog('Credentials for wapt server',urlserver,'admin','')
    data = json.loads(wgets('https://%s:%s@%s/api/v1/hosts?columns=host_certificate&limit=10000' % (credentials_url['user'],credentials_url['password'],urlserver)))
    for value in data['result']:
        if value['host_certificate']:
            host_cert=SSLCertificate(crt_string=value['host_certificate'])
            encryptlist[value['uuid']]=base64.b64encode(host_cert.encrypt(encrypttxt.encode('utf-8'))).decode('utf-8')
            print(value['computer_fqdn'] + ':' + value['uuid'] + ':' + encryptlist[value['uuid']])
    open('encrypt-txt.json','w').write(json.dumps(encryptlist))

if __name__ == '__main__':
    update_package()
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

And here is the error message:

Code: Select all

C:\waptdev>wapt-get update-package-sources odg-chgmtuserds_0.0.0-46_PROD-wapt
Using config file: C:\Users\admin\AppData\Local\waptconsole\waptconsole.ini
Enter the text to be encrypted :mon_mot_de_passe
2022-07-04 10:58:21,560 CRITICAL Fatal error in update_package function: None : None:
Traceback (most recent call last):
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 699, in urlopen
    httplib_response = self._make_request(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 382, in _make_request
    self._validate_conn(conn)
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 1010, in _validate_conn
    conn.connect()
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connection.py", line 411, in connect
    self.sock = ssl_wrap_socket(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\util\ssl_.py", line 449, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\util\ssl_.py", line 493, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
  File "ssl.py", line 500, in wrap_socket
  File "ssl.py", line 1040, in _create
  File "ssl.py", line 1309, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1131)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\adapters.py", line 439, in send
    resp = conn.urlopen(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 755, in urlopen
    retries = retries.increment(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\util\retry.py", line 574, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='serveur.peda.clg', port=443): Max retries exceeded with url: /api/v1/hosts?columns=host_certificate&limit=10000 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1131)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Program Files (x86)\wapt\waptpackage.py", line 2974, in call_setup_hook
    hookdata = hook_func()
  File "C:\waptdev\odg-chgmtuserds_0.0.0-46_PROD-wapt\setup.py", line 29, in update_package
    data = json.loads(wgets('https://%s:%s@%s/api/v1/hosts?columns=host_certificate&limit=10000' % (credentials_url['user'],credentials_url['password'],urlserver)))
  File "C:\Program Files (x86)\wapt\waptutils.py", line 1130, in wgets
    r = session.get(url, timeout=timeout, allow_redirects=True)
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\sessions.py", line 555, in get
    return self.request('GET', url, **kwargs)
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\sessions.py", line 542, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\sessions.py", line 655, in send
    r = adapter.send(request, **kwargs)
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='serveur.peda.clg', port=443): Max retries exceeded with url: /api/v1/hosts?columns=host_certificate&limit=10000 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1131)')))

FATAL ERROR : None : None
Thank you for your help
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

July 5, 2022 - 10:38 PM

Indeed, we should improve the example a little

Quickly, wgets checks the https certificate but the certificate of your wapt server is clearly not ok.

If you add the `verify_cert` option as an argument to the `wgets` function, you will be able to specify:

Code: Select all

verify_cert=False
or:

Code: Select all

verify_cert=r'C:\Program Files (x86)\wapt\ssl\server\server.crt'
If you have a valid bundle in the wapt server folder
High
PatrickW
Messages: 3
Registration: July 5, 2017 - 3:46 PM

July 6, 2022 - 4:04 PM

Thanks for the reply.
I used `verify_cert=False` and it works.

Since the directory `C:\Program Files (x86)\wapt\ssl\server\` was empty, I added the `server.peda.clg.crt` file just in case.

Have a good day
High
User avatar
jpele
Messages: 156
Registration: March 4, 2019 - 12:01
Location: Nantes

August 30, 2022 - 5:04 PM

Hello,
The example has been updated.
Please refer to the package at https://store.wapt.fr/store/tis-encrypt-sample.

Regards,
Jimmy
High
Locked

Return to “WAPT Packages”


  • To go further with WAPT