Software Development Kit (SDK) and API Discussions

Python HTTPS connection

gasparuben
3,849 Views

Hello,

 

I am having some issues to work with the python API to connect to the controllers. So far I was connecting using a cluster account. I am using Python 3.4 on a CENTOS 7.2 server using 5.4P1 MNSDK. 

While opening a HTTPS connection I get: 

 

Traceback (most recent call last):
File "netappops.py", line 304, in <module>
a.GetSnapshotsList()
File "netappops.py", line 275, in GetSnapshotsList
raise StorageException("query failed: reason %s error number: %s ", resp.results_reason(),resp.results_errno())
__main__.StorageException: ('query failed: reason %s error number: %s ', '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)', 13001)

 

On the controllers I have a self-signed certificate. This error is despite I dont want to do an host or server verification: NaServer methods:

 

def is_server_cert_verification_enabled(self):

def is_hostname_verification_enabled(self):

 

return false.

 

I have solved the first problem adding the selfsigned certificate to my CA chain. 

Now I try to connect to the vserver management IP, and I get:

 

Traceback (most recent call last):
File "netappops.py", line 306, in <module>
a.GetSnapshotsList()
File "netappops.py", line 274, in GetSnapshotsList
resp=self.server_zapi.invoke("snapshot-list-info", "volume", self.volume["name"])
File "/ORA/dbs01/work/storage-api/lib/python/NetApp/NaServer.py", line 542, in invoke
return self.invoke_elem(xi)
File "/ORA/dbs01/work/storage-api/lib/python/NetApp/NaServer.py", line 482, in invoke_elem
connection.endheaders()
File "/usr/lib64/python3.4/http/client.py", line 1084, in endheaders
self._send_output(message_body)
File "/usr/lib64/python3.4/http/client.py", line 922, in _send_output
self.send(msg)
File "/usr/lib64/python3.4/http/client.py", line 857, in send
self.connect()
File "/usr/lib64/python3.4/http/client.py", line 1231, in connect
server_hostname=server_hostname)
File "/usr/lib64/python3.4/ssl.py", line 365, in wrap_socket
_context=self)
File "/usr/lib64/python3.4/ssl.py", line 583, in __init__
self.do_handshake()
File "/usr/lib64/python3.4/ssl.py", line 818, in do_handshake
match_hostname(self.getpeercert(), self.server_hostname)
File "/usr/lib64/python3.4/ssl.py", line 289, in match_hostname
% (hostname, dnsnames[0]))
ssl.CertificateError: hostname 'dbnasc501-mgmt02.cern.ch' doesn't match 'vs2sx50'

 

Again I dont want to do any SSL verification. Is no otherway that to create a certificate (and DNS entry) with the vs2sx50 (this is my vserver name) on it?

 

Thank you.

2 REPLIES 2

acjackson
3,821 Views

Have you tried 

 

import ssl
ssl._create_default_https_context = ssl._create_unverified_context

to disable certificate verification?

gasparuben
3,811 Views

Thank you! Indeed this solves the issue.

 

Public