-
Notifications
You must be signed in to change notification settings - Fork 6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error: SecureChannelFailure (The authentication or decryption has failed.) #3505
Comments
From @loretoparisi on August 2, 2016 15:19 Adding here, that from the client point of view (the auto generated client), it could be a System.Net.ServicePointManager.ServerCertificateValidationCallback +=
delegate (object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return true; // **** Always accept
};
ServicePointManager.ServerCertificateValidationCallback = MyRemoteCertificateValidationCallback; where public bool MyRemoteCertificateValidationCallback(System.Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
bool isOk = true;
// If there are errors in the certificate chain, look at each error to determine the cause.
if (sslPolicyErrors != SslPolicyErrors.None)
{
for (int i = 0; i < chain.ChainStatus.Length; i++)
{
if (chain.ChainStatus[i].Status != X509ChainStatusFlags.RevocationStatusUnknown)
{
chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 0);
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;
bool chainIsValid = chain.Build((X509Certificate2)certificate);
if (!chainIsValid)
{
isOk = false;
}
}
}
}
return isOk;
} should bypass the problem, while it does not solve it. See here for more details about it. |
It seems I came to the same error generating the Exception when calling DefaultApi->album_get_get: API Exception(500): Can't verify SSL peers without knowing which Certificate Authorities to trust
Can't verify SSL peers without knowing which Certificate Authorities to trust
This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE
envirionment variable or by installing the Mozilla::CA module.
To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME
envirionment variable to 0. If you do this you can't be sure that you
communicate with the expected peer.
at ../../build/perl-client/lib/WWW/SwaggerClient/DefaultApi.pm line 160. In this case I solved the SSL issue as recommended installing the $ sudo cpan
cpan[1]> install Mozilla::CA
Running make install
Installing /Library/Perl/5.18/Mozilla/CA.pm
Installing /Library/Perl/5.18/Mozilla/mk-ca-bundle.pl
Installing /Library/Perl/5.18/Mozilla/CA/cacert.pem
Installing /usr/local/share/man/man3/Mozilla::CA.3pm
Appending installation info to /Library/Perl/Updates/5.18.2/darwin-thread-multi-2level/perllocal.pod
ABH/Mozilla-CA-20160104.tar.gz
/usr/bin/make install -- OK By the ways it seems some problem is still there since I get Exception when calling DefaultApi->album_get_get: Can't call method "from_hash" on an undefined value at ../../build/perl-client/lib/WWW/SwaggerClient/Object/InlineResponse200.pm line 157 The swagger definition is ok, I have the |
@loretoparisi thanks for reporting the issue. Is it correct to say that the problem is due to incorrect cert installed in the REST API server and you're looking for a way to turn off certificate validation in the API client? |
@wing328 So this was my first thought but I have verified that: $ openssl s_client -showcerts -connect mydomain.com:443
CONNECTED(00000003)
...
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 so the api certificate handshake it's ok. What it seems to me is that the client library fails to verify those certs. |
@loretoparisi for C# API client, it's using restsharp and you may want to try this solution in SO: http://stackoverflow.com/a/17234955/677735 |
@wing328 ok and what about |
[UPDATE]
and still getting the
Regarding the use Mozilla::CA in my Then I get the problem I have mentioned above:
that happens in the deserialize method of the hash backing the result data: # deserialize non-array data
sub _deserialize {
my ($self, $type, $data) = @_;
$log->debugf("deserializing %s with %s",Dumper($data), $type);
if ($type eq 'DateTime') {
return DateTime->from_epoch(epoch => str2time($data));
} elsif ( grep( /^$type$/, ('int', 'double', 'string', 'boolean'))) {
return $data;
} else { # hash(model)
my $_instance = eval "WWW::SwaggerClient::Object::$type->new()";
# dump the result to look into
print Dumper(\$data);
return $_instance->from_hash($data);
}
} Here I did a data dump just to check if the http stack worked and it did: the the problem here seems to be that |
@loretoparisi is there by any chance your API is publicly accessible? if yes, can you please share the spec so that we (the community) can also run some tests? |
@wing328 Hello! well it's not completely done, by the way I have a beta version of the playground thanks to the amazing |
[UPDATE] I get some more debugging info here
this doing print Dumper(\$_instance); in So the model in
Not sure if I have also tried to link the
so importing with use lib 'lib'; # use the parent directory but that seems not to be the issue. |
I noticed that there's an object named "InlineResponse200Message", which means you've defined a model inline in the response. I would suggest you to define it properly like this one: https://github.com/swagger-api/swagger-codegen/blob/master/modules/swagger-codegen/src/test/resources/2_0/petstore.yaml#L177 It seems like the following line fails to create an object:
Please check to ensure you've the model |
Hello, /album.get:
get:
security:
- key: []
tags:
- Album
summary: ''
description: ''
parameters:
- name: format
type: string
in: query
description: 'output format: json, jsonp, xml.'
default: json
required: false
- name: callback
type: string
in: query
description: jsonp callback
required: false
- name: album_id
type: string
in: query
description: The musiXmatch album id
required: true
responses:
'200':
description: ''
schema:
type: object
properties:
message:
type: object
properties:
header:
type: object
properties:
status_code:
type: number
description: ''
execute_time:
type: number
description: ''
body:
type: object
properties:
album:
type: object
properties:
album_coverart_500x500:
type: string
description: ''
restricted:
type: number
description: ''
artist_id:
type: number
description: ''
album_name:
type: string
description: ''
album_coverart_800x800:
type: string
description: ''
album_copyright:
type: string
description: ''
album_coverart_350x350:
type: string
description: ''
artist_name:
type: string
description: ''
primary_genres:
type: object
properties:
music_genre_list:
type: array
items:
type: object
properties:
music_genre:
type: object
properties:
music_genre_name_extended:
type: string
description: ''
music_genre_vanity:
type: string
description: ''
music_genre_parent_id:
type: number
description: ''
music_genre_id:
type: number
description: ''
music_genre_name:
type: string
description: ''
album_id:
type: number
description: ''
album_rating:
type: number
description: ''
album_pline:
type: string
description: ''
album_track_count:
type: number
description: ''
album_release_type:
type: string
description: ''
album_release_date:
type: string
description: ''
album_edit_url:
type: string
description: ''
updated_time:
type: string
description: ''
secondary_genres:
type: object
properties:
music_genre_list:
type: array
items:
type: string
description: ''
album_mbid:
type: string
description: ''
album_vanity_id:
type: string
description: ''
album_coverart_100x100:
type: string
description: ''
album_label:
type: string
description: '' the This is my definition file: https://playground.musixmatch.com/swagger.json I have my
so for each api I reference them as
|
You've many inline objects defined:
instead you can define the object in the |
Ok I got it, you meant definitions:
Track:
title: a Track object
description: Track info from our database: title, artist, instrumental flag and cover art.
type: object
properties:
message:
type: object
properties:
header:
type: object
properties:
status_code:
type: number
description: ''
execute_time:
type: number
description: ''
body:
type: object
properties:
snippet:
type: object
properties:
html_tracking_url:
type: string
description: ''
instrumental:
type: number
description: ''
restricted:
type: number
description: ''
updated_time:
type: string
description: ''
snippet_body:
type: string
description: ''
pixel_tracking_url:
type: string
description: ''
snippet_id:
type: number
description: ''
script_tracking_url:
type: string
description: ''
snippet_language:
type: string
description: '' Thank you, going to update my swagger. |
Hey @wing328 is it possibile to have a schema:
type: object
properties:
message:
type: object
properties:
header:
type: object
properties:
status_code:
type: number
description: ''
execute_time:
type: number
description: ''
body:
type: object
properties:
track:
type: object
items:
$ref: '#/definitions/Track' since my response is like message : {
header : {},
body : {
track : {
}
}
} And I would like to model Thank you |
@wing328 thanks for your support, solved with body:
type: object
properties:
track:
$ref: '#/definitions/Track' I have updated the |
I'm getting same error on CsharpDotNet2 Api when start using https connection, is this a RestSharp issue? |
@chenditc could be. Have you tried the solution mentioned in http://stackoverflow.com/a/17234955/677735 ? |
For Perl client, there're some enhancements so please pull the latest master to give it a try. For C# .net 2.0, if http://stackoverflow.com/a/17234955/677735 does not help, please open a new issue for tracking. |
I'm having this issue when using the csharp generated client inside Unity. I am using a self-signed certificate, for which the CA has been trusted in the Windows Trusted Certicate Authority Store. All other software is happy with the connection (Chrome, Postman, Powershell, Firefox... etc). I have tried the solutions posted above, plus others I have found online. For example, I have tried to |
@Kallb123 we're experience this in the recent versions of Unity with a regular |
From @loretoparisi on August 2, 2016 15:12
I have generated the
C#
and theC# .NET 2.0
clients, the I did the build to get thedll
in the bin folder.As soon as I put this in a Xamarin Android example project and I do a
http
call I get this error:I'm not sure if this is related to
mono
or to the way the swagger auto generated client is usingTLS
in the http module, since the calls are overhttps
.Copied from original issue: swagger-api/swagger-editor#1034
The text was updated successfully, but these errors were encountered: