[issue41239] SSL Certificate verify failed in Python3.6/3.7

2020-07-08 Thread Wu Wenyan 


Wu Wenyan  added the comment:

OK. Thanks for your suggestion.

--

___
Python tracker 
<https://bugs.python.org/issue41239>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41239] SSL Certificate verify failed in Python3.6/3.7

2020-07-08 Thread Wu Wenyan 


Wu Wenyan  added the comment:

I tried to print "self.host" which would be passed to wrap_socket().
It seems no problem.
> /usr/local/lib/python3.6/site-packages/pywbem/cim_http.py(616)connect()
-> try:
(Pdb) p self.host
'193.168.11.113'
(Pdb) n
> /usr/local/lib/python3.6/site-packages/pywbem/cim_http.py(617)connect()
-> self.sock = ctx.wrap_socket(sock,
(Pdb)
> /usr/local/lib/python3.6/site-packages/pywbem/cim_http.py(618)connect()
-> server_hostname=self.host)
(Pdb)
> /usr/local/lib/python3.6/site-packages/pywbem/cim_http.py(619)connect()
-> return self.sock.connect((self.host, self.port))
(Pdb)
ValueError: check_hostname needs server_hostname argument
> /usr/local/lib/python3.6/site-packages/pywbem/cim_http.py(619)connect()
-> return self.sock.connect((self.host, self.port))

--

___
Python tracker 
<https://bugs.python.org/issue41239>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41239] SSL Certificate verify failed in Python3.6/3.7

2020-07-08 Thread Wu Wenyan 


Wu Wenyan  added the comment:

You are right. I used openssl.cnf when created a csr, and ignore it when 
created cer.
Now the code works fine with python3.7, but still cannot work in python3.6.
Traceback (most recent call last):
  File "", line 1, in 
  File "/usr/local/lib/python3.6/site-packages/pywbem/cim_operations.py", line 
1919, in EnumerateInstances
**extra)
  File "/usr/local/lib/python3.6/site-packages/pywbem/cim_operations.py", line 
1232, in _imethodcall
conn_id=self.conn_id)
  File "/usr/local/lib/python3.6/site-packages/pywbem/cim_http.py", line 776, 
in wbem_request
client.endheaders()
  File "/usr/lib64/python3.6/http/client.py", line 1234, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1026, in _send_output
self.send(msg)
  File "/usr/local/lib/python3.6/site-packages/pywbem/cim_http.py", line 461, 
in send
self.connect()  # pylint: disable=no-member
  File "/usr/local/lib/python3.6/site-packages/pywbem/cim_http.py", line 619, 
in connect
return self.sock.connect((self.host, self.port))
  File "/usr/lib64/python3.6/ssl.py", line 1064, in connect
self._real_connect(addr, False)
  File "/usr/lib64/python3.6/ssl.py", line 1055, in _real_connect
self.do_handshake()
  File "/usr/lib64/python3.6/ssl.py", line 1032, in do_handshake
self._sslobj.do_handshake()
  File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
raise ValueError("check_hostname needs server_hostname "
ValueError: check_hostname needs server_hostname argument

Could you please check the attached file for me again?

--
Added file: https://bugs.python.org/file49307/server_cer_1.txt

___
Python tracker 
<https://bugs.python.org/issue41239>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41239] SSL Certificate verify failed in Python3.6/3.7

2020-07-08 Thread Wu Wenyan 


Wu Wenyan  added the comment:

I am running Python on Centos7.
See result in attached file.

--
Added file: https://bugs.python.org/file49306/server_cer.txt

___
Python tracker 
<https://bugs.python.org/issue41239>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41239] SSL Certificate verify failed in Python3.6/3.7

2020-07-08 Thread Wu Wenyan 


New submission from Wu Wenyan :

I am running the following code in python3.6 to connect to a storage.
[root@controller wuwy]# python3
Python 3.6.8 (default, Jan 11 2019, 02:17:16)
[GCC 8.2.1 20180905 (Red Hat 8.2.1-3)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pywbem
>>> ip = '193.168.11.113'
>>> user = '193_160_28_29'
>>> password = '193_160_28_29'
>>> url = 'https://193.168.11.113:5989'
>>> ca_certs = '/home/ca.cer'
>>> conn = pywbem.WBEMConnection(url,(user, 
>>> password),default_namespace='root/example',ca_certs=ca_certs,no_verification=False)
>>> conn.EnumerateInstances('EXAMPLE_StorageProduct')

And I am getting the below error.
Traceback (most recent call last):
  File "", line 1, in 
  File "/usr/local/lib/python3.6/site-packages/pywbem/cim_operations.py", line 
1919, in EnumerateInstances
**extra)
  File "/usr/local/lib/python3.6/site-packages/pywbem/cim_operations.py", line 
1232, in _imethodcall
conn_id=self.conn_id)
  File "/usr/local/lib/python3.6/site-packages/pywbem/cim_http.py", line 776, 
in wbem_request
client.endheaders()
  File "/usr/lib64/python3.6/http/client.py", line 1234, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1026, in _send_output
self.send(msg)
  File "/usr/local/lib/python3.6/site-packages/pywbem/cim_http.py", line 461, 
in send
self.connect()  # pylint: disable=no-member
  File "/usr/local/lib/python3.6/site-packages/pywbem/cim_http.py", line 619, 
in connect
return self.sock.connect((self.host, self.port))
  File "/usr/lib64/python3.6/ssl.py", line 1064, in connect
self._real_connect(addr, False)
  File "/usr/lib64/python3.6/ssl.py", line 1055, in _real_connect
self.do_handshake()
  File "/usr/lib64/python3.6/ssl.py", line 1032, in do_handshake
self._sslobj.do_handshake()
  File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
raise ValueError("check_hostname needs server_hostname "
ValueError: check_hostname needs server_hostname argument

When I am running the same code in python3.7, error changed.
Traceback (most recent call last):
  File "", line 1, in 
  File "/usr/python3/lib/python3.7/site-packages/pywbem/_cim_operations.py", 
line 2494, in EnumerateInstances
**extra)
  File "/usr/python3/lib/python3.7/site-packages/pywbem/_cim_operations.py", 
line 1763, in _imethodcall
conn_id=self.conn_id)
  File "/usr/python3/lib/python3.7/site-packages/pywbem/_cim_http.py", line 
824, in wbem_request
client.endheaders()
  File "/usr/python3/lib/python3.7/http/client.py", line 1224, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/python3/lib/python3.7/http/client.py", line 1016, in _send_output
self.send(msg)
  File "/usr/python3/lib/python3.7/site-packages/pywbem/_cim_http.py", line 
483, in send
self.connect()  # pylint: disable=no-member
  File "/usr/python3/lib/python3.7/site-packages/pywbem/_cim_http.py", line 
661, in connect
conn_id=conn_id)
pywbem._exceptions.ConnectionError: SSL error : [SSL: CERTIFICATE_VERIFY_FAILED] certificate 
verify failed: IP address mismatch, certificate is not valid for 
'193.168.11.113'. (_ssl.c:1045); OpenSSL version: OpenSSL 1.1.1c FIPS  28 May 
2019

This code works fine with python2.7 version.

And I checked the CN and SAN of the certificate, seems no problem here.

So could anyone tell me what's the problem here?

--
assignee: christian.heimes
components: SSL
files: 1931683.crt
messages: 373286
nosy: Chirs, christian.heimes
priority: normal
severity: normal
status: open
title: SSL Certificate verify failed in Python3.6/3.7
type: behavior
versions: Python 3.6
Added file: https://bugs.python.org/file49305/1931683.crt

___
Python tracker 
<https://bugs.python.org/issue41239>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com