Security

4.3 breaks the python api searches

tven
Explorer

We have a python script that calls the splunk api on saved searches and writes data back to a file.

With the 4.3 upgrade from 4.2 i get this error. Anyone know what this error is referring to? I know it has to do with certificates, but what went wrong?

No handlers could be found for logger "splunk.clilib.cli_common"
Traceback (most recent call last):
  File "/home/appsmon/splunk/saved_search/tbb/exceptions/saved_search.py", line 216, in <module>
    headers={}, body=urllib.urlencode({'username':username, 'password':password}))[1]
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 1419, in request
    (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 1171, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 1122, in _conn_request
    conn.connect()
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 890, in connect
    self.disable_ssl_certificate_validation, self.ca_certs)
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 76, in _ssl_wrap_socket
    cert_reqs=cert_reqs, ca_certs=ca_certs)
  File "/opt/splunk/lib/python2.7/ssl.py", line 374, in wrap_socket
    ciphers=ciphers)
  File "/opt/splunk/lib/python2.7/ssl.py", line 134, in __init__
    ciphers)
ssl.SSLError: [Errno 185090050] _ssl.c:341: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
1 Solution

LukeMurphey
Champion

Try disabling SSL certificate checking in your httplib2 calls by setting disable_ssl_certificate_validation=True:

h = httplib2.Http(disable_ssl_certificate_validation=True)
# Instead of calling just httplib2.Http()

Splunk 4.3 ships with a newer version of the httplib2 Python Module, which enables certificate validation by default. Setting disable_ssl_certificate_validation to True makes httplib2 act like it did in Splunk 4.2.

View solution in original post

LukeMurphey
Champion

Try disabling SSL certificate checking in your httplib2 calls by setting disable_ssl_certificate_validation=True:

h = httplib2.Http(disable_ssl_certificate_validation=True)
# Instead of calling just httplib2.Http()

Splunk 4.3 ships with a newer version of the httplib2 Python Module, which enables certificate validation by default. Setting disable_ssl_certificate_validation to True makes httplib2 act like it did in Splunk 4.2.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...