Security

4.3 breaks the python api searches

tven
Explorer

We have a python script that calls the splunk api on saved searches and writes data back to a file.

With the 4.3 upgrade from 4.2 i get this error. Anyone know what this error is referring to? I know it has to do with certificates, but what went wrong?

No handlers could be found for logger "splunk.clilib.cli_common"
Traceback (most recent call last):
  File "/home/appsmon/splunk/saved_search/tbb/exceptions/saved_search.py", line 216, in <module>
    headers={}, body=urllib.urlencode({'username':username, 'password':password}))[1]
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 1419, in request
    (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 1171, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 1122, in _conn_request
    conn.connect()
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 890, in connect
    self.disable_ssl_certificate_validation, self.ca_certs)
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 76, in _ssl_wrap_socket
    cert_reqs=cert_reqs, ca_certs=ca_certs)
  File "/opt/splunk/lib/python2.7/ssl.py", line 374, in wrap_socket
    ciphers=ciphers)
  File "/opt/splunk/lib/python2.7/ssl.py", line 134, in __init__
    ciphers)
ssl.SSLError: [Errno 185090050] _ssl.c:341: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
1 Solution

LukeMurphey
Champion

Try disabling SSL certificate checking in your httplib2 calls by setting disable_ssl_certificate_validation=True:

h = httplib2.Http(disable_ssl_certificate_validation=True)
# Instead of calling just httplib2.Http()

Splunk 4.3 ships with a newer version of the httplib2 Python Module, which enables certificate validation by default. Setting disable_ssl_certificate_validation to True makes httplib2 act like it did in Splunk 4.2.

View solution in original post

LukeMurphey
Champion

Try disabling SSL certificate checking in your httplib2 calls by setting disable_ssl_certificate_validation=True:

h = httplib2.Http(disable_ssl_certificate_validation=True)
# Instead of calling just httplib2.Http()

Splunk 4.3 ships with a newer version of the httplib2 Python Module, which enables certificate validation by default. Setting disable_ssl_certificate_validation to True makes httplib2 act like it did in Splunk 4.2.

Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...

span_metrics: The OpenTelemetry-Idiomatic Way to See Inside Your Services

You open a trace in Splunk Observability Cloud and everything looks fine. One root span, order-pipeline, with ...