cant get token from openvidu-server with flask, SSLError appears - python

class GetTokenApi(Resource):
def get(self):
openvidu = OpenVidu('https://localhost:4443/', 'MY_SECRET')
session = openvidu.create_session()
token = session.generate_token()
return success_result({'token': token}), 200
after call of this api, shows "
requests.exceptions.SSLError: HTTPSConnectionPool(host='localhost', port=4443): Max retries exceeded with url: /api/sessions (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1076)')))"

I could imagine you’re deploying OpenVidu with a self-signed certificate. You need to accept this self-signed certificate of openvidu-server the first time try to join a video-call.
You can read how to start with OpenVidu for more info.

Related

How to skip cert check in python wrapper for Cloudflare?

I am using python wrapper for Cloudflare "python-cloudflare" and getting [SSL: CERTIFICATE_VERIFY_FAILED] error
cf = CloudFlare.CloudFlare(debug=DEBUG, token=configurations["token"])
accounts = cf.accounts.get()
How to skip SSL cert check in python wrapper for Cloudflare ? I would expect param like verify=False, but this is not a valid option
Python Cloudflare API v4 - DEBUG - Call: requests exception! "HTTPSConnectionPool(host='api.cloudflare.com', port=443): Max retries exceeded with url: /client/v4/accounts (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)')))"

requests.Session with client certificates and own CA

Here is my code
os.environ['REQUESTS_CA_BUNDLE'] = os.path.join('/path/to/','ca-own.crt')
s = requests.Session()
s.cert = ('some.crt', 'some.key')
s.get('https://some.site.com')
Last instruction returns:
requests.exceptions.SSLError: HTTPSConnectionPool(host='some.site.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)')))
With curl:
curl --cacert ca-own.crt --key some.key --cert some.crt https://some.site.com
returns normal html code.
How can i make python requests.Session send correct certificates to the endpoint?
P.S. The same situation will be if i add the following
s.verify = 'some.crt'
or
cat some.crt ca-own.crt > res.crt
s.verify = 'res.crt'
P.P.S.
cat some.crt some.key > res.pem
s.cert = "res.pem"
requests.exceptions.SSLError: HTTPSConnectionPool(host='some.site.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)')))
cat ca-own.crt some.crt some.key > res.pem
s.cert = "res.pem"
requests.exceptions.SSLError: HTTPSConnectionPool(host='some.site.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(116, '[X509: KEY_VALUES_MISMATCH] key values mismatch (_ssl.c:4067)')))
Above code will work if you put verify=False in the GET request, but it's not ideal security wise(Man in the middle attacks) thus you need to add the CA certificate(issuer's certificate) file to the verify parameter. More info here
session = requests.Session()
session.verify = "/path/to/issuer's certificate"(CA certificate)
session.get('https://some.site.com')
you can try this -
session = requests.Session()
session.verify = "your CA cert"
response = session.get(url, cert=('path of client cert','path of client key'))
session.close()

Verify SSL certificate with Requests

I'm trying to verify SSL but it doesn't work.
I went on the confidential website I wanna get, on my browser.
On Chrome I've clicked on the locker > certificates > Details > copy in a file > base 64 > certif.cer
My code is :
test = requests.get('https://confidential.xx/', verify='certif.cer')
And the error is :
File
"C:\Users\xxxxx\Downloads\WinPython\WPy64-3850\python-3.8.5.amd64\lib\site-packages\requests\adapters.py",
line 514, in send
raise SSLError(e, request=request)
SSLError: HTTPSConnectionPool(host='xxxxx',
port=443): Max retries exceeded with url: / (Caused by
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: self signed certificate in certificate
chain (_ssl.c:1123)')))
I don't wanna use verify=False which works but not securised.
I have tried with and without the proxies, same error...
I need to make this working, how make this code working please ?
To make requests not complain about valid certificate, the certificate supplied to verify= must contain any intermediate certificates. To download full chain, you can use Firefox (screenshots):
Click on page info:
Then download full PEM chain:

Requests library return HTTPSConnectionPool

I test webscraping on localhost using requests library to open and get website content. When I test on my localhost some website it's work perfectly.
But the same script, the same tested URL on producetion server return:
HTTPSConnectionPool(host='example.com', port=443): Max retries
exceeded with url: /somewhere.html (Caused by
SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate
verify failed (_ssl.c:852)'),))
Anybody know what is the difference?
Give this a try: (See here for more)
requests.get('your_url_here', verify=False)

How to ignore an SSL: CERTIFICATE_VERIFY_FAILED error?

How do I keep my script running after encountering this error?
requests.exceptions.SSLError:
HTTPSConnectionPool(host='www.funcate.org.br', port=443): Max retries
exceeded with url: /pt/portal-de-compras?file=../../../index.php%250A
(Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed (_ssl.c:718)'),))
You can switch off SSL certificate verification by passing verify=False as an extra argument to the requests.get() function:
response = requests.get('https://foobar.com.br/', verify=False)
Be advised that this will make you susceptible to all sorts of man in the middle attacks. SSL certificates are used for a reason :-) Although I realize that you are not necessarily in a position to enforce this.

Categories

Resources