SSL error connecting to splunk

[i2sheri]

I am using splunk framework app running in search head. This app connects to splunk and gives a service object if requireClientCertit set to false in splunk server.conf, but fails (App does not open) with below error if requireClientCert=true.

Traceback (most recent call last):
File "/opt/myuser/splunk/etc/apps/framework/server/splunkdj/auth/backends.py", line 70, in get_user
 server_info = service.info
File "/opt/myuser/splunk/etc/apps/framework/contrib/splunk-sdk-python/splunklib/client.py", line 409, in info
 response = self.get("server/info")
File "/opt/myuser/splunk/etc/apps/framework/contrib/splunk-sdk-python/splunklib/binding.py", line 235, in wrapper
 return request_fun(self, *args, **kwargs)
File "/opt/myuser/splunk/etc/apps/framework/contrib/splunk-sdk-python/splunklib/binding.py", line 61, in new_f
 val = f(*args, **kwargs)
File "/opt/myuser/splunk/etc/apps/framework/contrib/splunk-sdk-python/splunklib/binding.py", line 574, in get
 response = self.http.get(path, self._auth_headers, **query)
File "/opt/myuser/splunk/etc/apps/framework/contrib/splunk-sdk-python/splunklib/binding.py", line 1044, in get
 return self.request(url, { 'method': "GET", 'headers': headers })
File "/opt/myuser/splunk/etc/apps/framework/contrib/splunk-sdk-python/splunklib/binding.py", line 1096, in request
 response = self.handler(url, message, **kwargs)
File "/opt/myuser/splunk/etc/apps/framework/contrib/splunk-sdk-python/splunklib/binding.py", line 1195, in request
 connection.request(method, path, body, head)
File "/opt/myuser/splunk/lib/python2.7/httplib.py", line 995, in request
 self._send_request(method, url, body, headers)
File "/opt/myuser/splunk/lib/python2.7/httplib.py", line 1029, in _send_request
 self.endheaders(body)
File "/opt/myuser/splunk/lib/python2.7/httplib.py", line 991, in endheaders
 self._send_output(message_body)
File "/opt/myuser/splunk/lib/python2.7/httplib.py", line 844, in _send_output
 self.send(msg)
File "/opt/myuser/splunk/lib/python2.7/httplib.py", line 806, in send
 self.connect()
File "/opt/myuser/splunk/lib/python2.7/httplib.py", line 1198, in connect
 self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
File "/opt/myuser/splunk/lib/python2.7/ssl.py", line 396, in wrap_socket
 ciphers=ciphers)
File "/opt/myuser/splunk/lib/python2.7/ssl.py", line 152, in __init__
 self.do_handshake()
File "/opt/myuser/splunk/lib/python2.7/ssl.py", line 314, in do_handshake
 self._sslobj.do_handshake()
SSLError: [Errno 1] _ssl.c:533: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

[itay]

Hey @i2sheri - which stanza do you put the requireClientCert value in?

[i2sheri]

Hi @itay
It is in server.conf under sslConfig stanza

[itay]

Thanks for the info - just wanted to doublecheck. Your bug is correct - currently the web framework will not work in this case, as it does not correctly pass in the certificates to the underlying SDK usage. That is a bug on Splunk Enterprise, and should be filed through the normal support channels, as it is not with the SDK itself.

[i2sheri]

Hi @itay
just for confirmation,
We cannot use python sdk to write a script that connects to splunk with requireClientCert=true in sslconfig ?