个人中心
gpt4 book ai didi

python - Hashicorp python 客户端 hvac 问题 :- "bad handshake: Error([(' SSL routines', 'tls_process_server_certificate' 、 'certificate verify failed'

转载 作者:太空宇宙 更新时间:2023-11-03 21:41:08 24 4
gpt4 key购买 nike

我正在为我的 Hashicorp 服务器使用以下 config.hcl,

disable_mlock = true

storage "file" {
  path = "/etc/secrets"
}

listener "tcp" {
 address     = "10.xx.xx.xx:8200"
 tls_cert_file = "/etc/certs/selfsigned.crt"
 tls_key_file  = "/etc/certs/selfsigned.key"
}

当我执行保管库操作时它工作正常,但是当我尝试使用 hvac python 库到达它时,我收到 SSL 错误。我用来从 python 连接到 hashcorp 服务器的代码是,

import hvac
client = hvac.Client(url='https://10.xx.xx.xx:8200', cert=('/etc/certs/selfsigned.crt', '/etc/certs/selfsigned.key'))
client.token = 'd460cb82-08aa-4b97-8655-19b6593b262d'
client.is_authenticated()

我得到的完整错误跟踪如下:-

Traceback (most recent call last): File "", line 1 , in File "/usr/local/lib/python2.7/dist-packages/hvac/v1/init.py", line 552, in is_authenticated self.lookup_token() File "/usr/local/lib/python2.7/dist-packages/hvac/v1/init.py", line 460, in lookup_token return self._get('/v1/auth/token/lookup-self', wrap_ttl=wrap_ttl).json() File "/usr/local/lib/python2.7/dist-packages/hvac/v1/init.py", line 1236, in _get return self.request('get', url, **kwargs) File "/usr/local/lib/python2.7/dist-packages/hvac/v1/__init.py", line 1264, in __request allow_redirects=False, **_kwargs) File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 512, in request resp = self.send(prep, **send_kwargs) File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 622, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 511, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='10.xx.xx.xx', port=8200): Max retries exceeded with url: /v1/auth/token/lookup-self (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

最佳答案

根据暖通空调文档 Using TLS with client-side certificate authentication ,您需要指定verify=server_cert_path参数。

测试如下,可以得到预期的结果。顺便说一句,无论有没有 token 参数,它都可以成功运行。 

import hvac

client = hvac.Client(url='https://127.0.0.1:8200',
                     token='xxxxxxxx',
                     cert=('server.crt',
                           'server.key'),
                     verify='ca.crt')

res = client.is_authenticated()
print("res:", res)

关于python - Hashicorp python 客户端 hvac 问题 :- "bad handshake: Error([(' SSL routines', 'tls_process_server_certificate' 、 'certificate verify failed',我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52853451/

24 4 0
文章推荐: c# - 从javascript重置c#变量的值
文章推荐: html - 悬停时 CSS 背景颜色更改不起作用?
文章推荐: javascript - 获取标题的高度并在滚动到标题之外时显示顶部导航
文章推荐: c# - 在包含字典的类上公开 foreach
太空宇宙
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com