[RISOLTO] Errore SSL

[PatrickW]

Salve,
ho appena aggiornato WAPT Discovery dalla versione 1.8 alla 2.2. Il server utilizza Debian e i client Windows 10.
Uno dei miei pacchetti utilizza lo script "Crittografia dei dati sensibili contenuti in un pacchetto WAPT", presente nella documentazione.
Quando provo ad aggiornarlo, ricevo l'errore "SSL: CERTIFICATE_VERIFY_FAILED".
Potreste darmi qualche indicazione su come far funzionare di nuovo il mio pacchetto?
Grazie in anticipo,
buona giornata
, P. Perrier

[sfontenau]

Ciao,

il modo più semplice è fornirti il ​​file setup.py del pacchetto per aiutarti...

così come l'errore di uscita.

Simon Fonteneau

[PatrickW]

Ecco il codice del pacchetto:

Codice: Seleziona tutto

# -*- coding: utf-8 -*-
from setuphelpers import *
import json
from waptcrypto import SSLCertificate
import waptguihelper
import base64

uninstallkey = []

def install():
    encryptlist = json.loads(open('encrypt-txt.json','r').read())
    if WAPT.host_uuid in encryptlist:
        host_key = WAPT.get_host_key()
        v=base64.b64decode(encryptlist[WAPT.host_uuid])
        encrypttxt = host_key.decrypt(v).decode('utf-8')
        #print( ur'Here is the deciphered text :  %s' % encrypttxt)
        print("changement compte secondaire")
        run(r'net user USERDS /add',accept_returncodes=[0,2])
        run(r'net user USERDS %s' % encrypttxt ,accept_returncodes=[0,2])
        run(r'net localgroup Administrateurs /add USERDS',accept_returncodes=[0,2])
    else:
        error('%s not found in encrypt-txt.json' % WAPT.host_uuid)

def update_package():
    urlserver = inifile_readstring(makepath(install_location('WAPT_is1'),'wapt-get.ini'),'global','wapt_server').replace('https://','')
    encrypttxt = input('Enter the text to be encrypted :')
    encryptlist = {}
    credentials_url = waptguihelper.login_password_dialog('Credentials for wapt server',urlserver,'admin','')
    data = json.loads(wgets('https://%s:%s@%s/api/v1/hosts?columns=host_certificate&limit=10000' % (credentials_url['user'],credentials_url['password'],urlserver)))
    for value in data['result']:
        if value['host_certificate']:
            host_cert=SSLCertificate(crt_string=value['host_certificate'])
            encryptlist[value['uuid']]=base64.b64encode(host_cert.encrypt(encrypttxt.encode('utf-8'))).decode('utf-8')
            print(value['computer_fqdn'] + ':' + value['uuid'] + ':' + encryptlist[value['uuid']])
    open('encrypt-txt.json','w').write(json.dumps(encryptlist))

if __name__ == '__main__':
    update_package()

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Ed ecco il messaggio di errore:

Codice: Seleziona tutto

C:\waptdev>wapt-get update-package-sources odg-chgmtuserds_0.0.0-46_PROD-wapt
Using config file: C:\Users\admin\AppData\Local\waptconsole\waptconsole.ini
Enter the text to be encrypted :mon_mot_de_passe
2022-07-04 10:58:21,560 CRITICAL Fatal error in update_package function: None : None:
Traceback (most recent call last):
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 699, in urlopen
    httplib_response = self._make_request(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 382, in _make_request
    self._validate_conn(conn)
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 1010, in _validate_conn
    conn.connect()
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connection.py", line 411, in connect
    self.sock = ssl_wrap_socket(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\util\ssl_.py", line 449, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\util\ssl_.py", line 493, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
  File "ssl.py", line 500, in wrap_socket
  File "ssl.py", line 1040, in _create
  File "ssl.py", line 1309, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1131)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\adapters.py", line 439, in send
    resp = conn.urlopen(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\connectionpool.py", line 755, in urlopen
    retries = retries.increment(
  File "C:\Program Files (x86)\wapt\lib\site-packages\urllib3\util\retry.py", line 574, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='serveur.peda.clg', port=443): Max retries exceeded with url: /api/v1/hosts?columns=host_certificate&limit=10000 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1131)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Program Files (x86)\wapt\waptpackage.py", line 2974, in call_setup_hook
    hookdata = hook_func()
  File "C:\waptdev\odg-chgmtuserds_0.0.0-46_PROD-wapt\setup.py", line 29, in update_package
    data = json.loads(wgets('https://%s:%s@%s/api/v1/hosts?columns=host_certificate&limit=10000' % (credentials_url['user'],credentials_url['password'],urlserver)))
  File "C:\Program Files (x86)\wapt\waptutils.py", line 1130, in wgets
    r = session.get(url, timeout=timeout, allow_redirects=True)
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\sessions.py", line 555, in get
    return self.request('GET', url, **kwargs)
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\sessions.py", line 542, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\sessions.py", line 655, in send
    r = adapter.send(request, **kwargs)
  File "C:\Program Files (x86)\wapt\lib\site-packages\requests\adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='serveur.peda.clg', port=443): Max retries exceeded with url: /api/v1/hosts?columns=host_certificate&limit=10000 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1131)')))

FATAL ERROR : None : None

Grazie per l'aiuto

[sfontenau]

In effetti, dovremmo migliorare un po' l'esempio

Rapidamente, wgets controlla il certificato https, ma il certificato del tuo server wapt è chiaramente non corretto.

Se aggiungi l'opzione `verify_cert` come argomento alla funzione `wgets`, potrai specificare:

Codice: Seleziona tutto

verify_cert=False

O:

Codice: Seleziona tutto

verify_cert=r'C:\Program Files (x86)\wapt\ssl\server\server.crt'

Se hai un bundle valido nella cartella del server wapt

[PatrickW]

Grazie per la risposta.
Ho usato `verify_cert=False` e ​​funziona.

Dato che la directory `C:\Program Files (x86)\wapt\ssl\server\` era vuota, ho aggiunto il file `server.peda.clg.crt` per sicurezza.

Buona giornata

[jpele]

Ciao,
l'esempio è stato aggiornato.
Puoi consultare il pacchetto all'indirizzo https://store.wapt.fr/store/tis-encrypt-sample.

Cordiali saluti,
Jimmy