Tranquil IT Forum

Contact us
at https://forum.tranquil.it/

[RESOLVED] SSL Error

https://forum.tranquil.it/viewtopic.php?t=3119

Page 1 of 1

[RESOLVED] SSL Error

Published: July 4, 2022 - 1:27 PM
by PatrickW
Hello,
I just upgraded to WAPT 2.2 Discovery from version 1.8. The server is running Debian and the client machines are running Windows 10.
One of my packages uses the script "Encryption of sensitive data contained in a WAPT package" which is in the documentation.
When I try to update it, I get an "SSL: CERTIFICATE_VERIFY_FAILED" error.
Could you give me some pointers on how to get my package working again?
Thank you in advance,
Have a good day
, P. Perrier

Re: SSL Error

Published: July 4, 2022 - 1:29 PM
by sfonteneau
Hello,

the easiest way is to provide the package's setup.py file to help you...

as well as the exit error.

Simon Fonteneau

Re: SSL Error

Published: July 4, 2022 - 3:11 PM
by PatrickW
Here is the package code:

Code: Select all

# -*- coding: utf-8 -*-
from setuphelpers import *
import json
from waptcrypto import SSLCertificate
import waptguihelper
import base64

uninstallkey = []

def install():
    encryptlist = json.loads(open('encrypt-txt.json','r').read())
    if WAPT.host_uuid in encryptlist:
        host_key = WAPT.get_host_key()
        v=base64.b64decode(encryptlist[WAPT.host_uuid])
        encrypttxt = host_key.decrypt(v).decode('utf-8')
        #print( ur'Here is the deciphered text :  %s' % encrypttxt)
        print("changement compte secondaire")
        run(r'net user USERDS /add',accept_returncodes=[0,2])
        run(r'net user USERDS %s' % encrypttxt ,accept_returncodes=[0,2])
        run(r'net localgroup Administrateurs /add USERDS',accept_returncodes=[0,2])
    else:
        error('%s not found in encrypt-txt.json' % WAPT.host_uuid)

def update_package():
    urlserver = inifile_readstring(makepath(install_location('WAPT_is1'),'wapt-get.ini'),'global','wapt_server').replace('https://','')
    encrypttxt = input('Enter the text to be encrypted :')
    encryptlist = {}
    credentials_url = waptguihelper.login_password_dialog('Credentials for wapt server',urlserver,'admin','')
    data = json.loads(wgets('https://%s:%s@%s/api/v1/hosts?columns=host_certificate&limit=10000' % (credentials_url['user'],credentials_url['password'],urlserver)))
    for value in data['result']:
        if value['host_certificate']:
            host_cert=SSLCertificate(crt_string=value['host_certificate'])
            encryptlist[value['uuid']]=base64.b64encode(host_cert.encrypt(encrypttxt.encode('utf-8'))).decode('utf-8')
            print(value['computer_fqdn'] + ':' + value['uuid'] + ':' + encryptlist[value['uuid']])
    open('encrypt-txt.json','w').write(json.dumps(encryptlist))

if __name__ == '__main__':
    update_package()
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

And here is the error message:

Code: Select all

C:\waptdev>wapt-get update-package-sources odg-chgmtuserds_0.0.0-46_PROD-wapt
Using config file: C:\Users\admin\AppData\Local\waptconsole\waptconsole.ini
Enter the text to be encrypted :mon_mot_de_passe
2022-07-04 10:58:21,560 CRITICAL Fatal error in update_package function: None : None:
Traceback (most recent call last):
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 699, in urlopen
    httplib_response = self._make_request(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 382, in _make_request
    self._validate_conn(conn)
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 1010, in _validate_conn
    conn.connect()
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connection.py", line 411, in connect
    self.sock = ssl_wrap_socket(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\util\ssl_.py", line 449, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\util\ssl_.py", line 493, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
  File "ssl.py", line 500, in wrap_socket
  File "ssl.py", line 1040, in _create
  File "ssl.py", line 1309, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1131)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\adapters.py", line 439, in send
    resp = conn.urlopen(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 755, in urlopen
    retries = retries.increment(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\util\retry.py", line 574, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='serveur.peda.clg', port=443): Max retries exceeded with url: /api/v1/hosts?columns=host_certificate&limit=10000 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1131)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Program Files (x86)\wapt\waptpackage.py", line 2974, in call_setup_hook
    hookdata = hook_func()
  File "C:\waptdev\odg-chgmtuserds_0.0.0-46_PROD-wapt\setup.py", line 29, in update_package
    data = json.loads(wgets('https://%s:%s@%s/api/v1/hosts?columns=host_certificate&limit=10000' % (credentials_url['user'],credentials_url['password'],urlserver)))
  File "C:\Program Files (x86)\wapt\waptutils.py", line 1130, in wgets
    r = session.get(url, timeout=timeout, allow_redirects=True)
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\sessions.py", line 555, in get
    return self.request('GET', url, **kwargs)
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\sessions.py", line 542, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\sessions.py", line 655, in send
    r = adapter.send(request, **kwargs)
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='serveur.peda.clg', port=443): Max retries exceeded with url: /api/v1/hosts?columns=host_certificate&limit=10000 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1131)')))

FATAL ERROR : None : None
Thank you for your help

Re: SSL Error

Published: July 5, 2022 - 10:38 PM
by sfonteneau
Indeed, we should improve the example a little

Quickly, wgets checks the https certificate but the certificate of your wapt server is clearly not ok.

If you add the `verify_cert` option as an argument to the `wgets` function, you will be able to specify:

Code: Select all

verify_cert=False
or:

Code: Select all

verify_cert=r'C:\Program Files (x86)\wapt\ssl\server\server.crt'
If you have a valid bundle in the wapt server folder

Re: SSL Error

Published: July 6, 2022 - 4:04 PM
by PatrickW
Thanks for the reply.
I used `verify_cert=False` and it works.

Since the directory `C:\Program Files (x86)\wapt\ssl\server\` was empty, I added the `server.peda.clg.crt` file just in case.

Have a good day

Re: [RESOLVED] SSL Error

Published: August 30, 2022 - 5:04 PM
by jpele
Hello,
The example has been updated.
Please refer to the package at https://store.wapt.fr/store/tis-encrypt-sample.

Regards,
Jimmy
Time zone set to UTC+02:00
Page 1 of 1

Developed by phpBB® Forum Software © phpBB Limited

Official French translation © Qiaeru