Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[tria.ge] certificate verify failed: self-signed certificate #2215

Closed
dominictory opened this issue Jun 17, 2024 · 2 comments
Closed

[tria.ge] certificate verify failed: self-signed certificate #2215

dominictory opened this issue Jun 17, 2024 · 2 comments
Assignees
@helene-nguyen
Labels
bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 6.2.0

Comments

@dominictory
Copy link

dominictory commented Jun 17, 2024
edited
Loading

Description

Hatching Triage Sandbox connector is not working as it seems it doesn't like my self signed certificate. This is a new issue as it used to work fine. Since 6.1.0, I am seeing the below error:

ERROR Error in message processing, reporting error to API | timestamp=2024-06-17T09:04:43.273133Z name=Hatching Triage Sandbox exc_info=Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 467, in _make_request
    self._validate_conn(conn)
  File "/usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 1099, in _validate_conn
    conn.connect()
  File "/usr/local/lib/python3.11/site-packages/urllib3/connection.py", line 653, in connect
    sock_and_verified = _ssl_wrap_socket_and_match_hostname(
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/urllib3/connection.py", line 806, in _ssl_wrap_socket_and_match_hostname
    ssl_sock = ssl_wrap_socket(
               ^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/urllib3/util/ssl_.py", line 465, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/urllib3/util/ssl_.py", line 509, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/ssl.py", line 517, in wrap_socket
    return self.sslsocket_class._create(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/ssl.py", line 1104, in _create
    self.do_handshake()
  File "/usr/local/lib/python3.11/ssl.py", line 1382, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1006)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 793, in urlopen
    response = self._make_request(
               ^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 491, in _make_request
    raise new_e
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1006)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/requests/adapters.py", line 667, in send
    resp = conn.urlopen(
           ^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/urllib3/connectionpool.py", line 847, in urlopen
    retries = retries.increment(
              ^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/urllib3/util/retry.py", line 515, in increment
    raise MaxRetryError(_pool, url, reason) from reason  # type: ignore[arg-type]
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='opencti', port=443): Max retries exceeded with url: /storage/get/import/Artifact/fa5ed86f-c9a6-4cb8-81a1-cdbf5eefd28a/4d2fb9a1f5c25a816a5746d71e4c779077d416a9e0bd59aa1060d593bcd53e0d (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1006)')))

Environment

6.1.10

Reproducible Steps

Implement tria.ge connector with platform self signed certificate, observe errors in logs

Expected Output

Connector accepts certificate or bypasses SSL checks when specified, connector then enriches artifacts

Actual Output

No enrichment due to errors

Additional information

Would it be possible to add some sort of SSL bypass variable for this connector?
@dominictory dominictory added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Jun 17, 2024
@romain-filigran
Copy link
Member

Related to OpenCTI-Platform/client-python#682

@romain-filigran romain-filigran removed the needs triage use to identify issue needing triage from Filigran Product team label Jun 18, 2024
@helene-nguyen helene-nguyen mentioned this issue Jun 19, 2024
Merged
5 tasks
@helene-nguyen helene-nguyen self-assigned this Jun 19, 2024
@helene-nguyen
Copy link
Member

Will be fixed with #684

@helene-nguyen helene-nguyen added the solved use to identify issue that has been solved (must be linked to the solving PR) label Jun 19, 2024
@SamuelHassine SamuelHassine added this to the Release 6.2.0 milestone Jun 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@helene-nguyen helene-nguyen

Labels
bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 6.2.0
Development

No branches or pull requests
4 participants
@SamuelHassine @helene-nguyen @dominictory @romain-filigran