Security

4.3 breaks the python api searches

tven
Explorer

We have a python script that calls the splunk api on saved searches and writes data back to a file.

With the 4.3 upgrade from 4.2 i get this error. Anyone know what this error is referring to? I know it has to do with certificates, but what went wrong?

No handlers could be found for logger "splunk.clilib.cli_common"
Traceback (most recent call last):
  File "/home/appsmon/splunk/saved_search/tbb/exceptions/saved_search.py", line 216, in <module>
    headers={}, body=urllib.urlencode({'username':username, 'password':password}))[1]
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 1419, in request
    (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 1171, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 1122, in _conn_request
    conn.connect()
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 890, in connect
    self.disable_ssl_certificate_validation, self.ca_certs)
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 76, in _ssl_wrap_socket
    cert_reqs=cert_reqs, ca_certs=ca_certs)
  File "/opt/splunk/lib/python2.7/ssl.py", line 374, in wrap_socket
    ciphers=ciphers)
  File "/opt/splunk/lib/python2.7/ssl.py", line 134, in __init__
    ciphers)
ssl.SSLError: [Errno 185090050] _ssl.c:341: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
1 Solution

LukeMurphey
Champion

Try disabling SSL certificate checking in your httplib2 calls by setting disable_ssl_certificate_validation=True:

h = httplib2.Http(disable_ssl_certificate_validation=True)
# Instead of calling just httplib2.Http()

Splunk 4.3 ships with a newer version of the httplib2 Python Module, which enables certificate validation by default. Setting disable_ssl_certificate_validation to True makes httplib2 act like it did in Splunk 4.2.

View solution in original post

LukeMurphey
Champion

Try disabling SSL certificate checking in your httplib2 calls by setting disable_ssl_certificate_validation=True:

h = httplib2.Http(disable_ssl_certificate_validation=True)
# Instead of calling just httplib2.Http()

Splunk 4.3 ships with a newer version of the httplib2 Python Module, which enables certificate validation by default. Setting disable_ssl_certificate_validation to True makes httplib2 act like it did in Splunk 4.2.

Get Updates on the Splunk Community!

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...