You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
leveraging the nipyapi.security.set_service_ssl_context() method, an absent client_key_password will interrupt asking for a string via cli. Some keys may not be encrypted and thus have no need of a string.
As well, if the client_key_password field is fat-fingered, or pasted wrong, we end up with a generic ssl.SSLError
What I Did
nipyapi.security.set_service_ssl_context(
service='nifi',
ca_file = "REDACTED", #REDACTED line is file path of pem formatted file
client_cert_file = "REDACTED", #REDACTED line is file path of pem formatted file
client_key_file = "REDACTED", #REDACTED line is file path of pem formatted file
client_key_password = "" #Was accidentally left blank
)
I then traced the error back to the python SSL docs exceptions to discover that SSLError was a subexception under OSError.
I modified security.py beginning at line 739, to include at line 755 a new exception which accounts for SSLError, and then included e.errno in the output - which turned out to be errno: 9.
assert service in ['nifi', 'registry']
if client_key_file is None:
ssl_context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
else:
ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
try:
ssl_context.load_cert_chain(
certfile=client_cert_file,
keyfile=client_key_file,
password=client_key_password
)
except FileNotFoundError as e:
_raise(
FileNotFoundError(
"Unable to read keyfile {0} or certfile {1}"
.format(client_key_file, client_cert_file)), e)
except ssl.SSLError as e:
if e.errno == 9:
_raise(
ssl.SSLError(
f"This error probably pertains to a mis-typed or incorrect key password"
), e
)
Within the exception I modified the raised error to include a side note that it may pertain to a malformed client_key_password parameter
Urgency
Not very urgent at all - It's mostly resolved, just a bit of touch up that I'll go ahead and submit to the repo shortly.
The text was updated successfully, but these errors were encountered:
Description
leveraging the nipyapi.security.set_service_ssl_context() method, an absent client_key_password will interrupt asking for a string via cli. Some keys may not be encrypted and thus have no need of a string.
As well, if the client_key_password field is fat-fingered, or pasted wrong, we end up with a generic ssl.SSLError
What I Did
nipyapi.security.set_service_ssl_context(
service='nifi',
ca_file = "REDACTED", #REDACTED line is file path of pem formatted file
client_cert_file = "REDACTED", #REDACTED line is file path of pem formatted file
client_key_file = "REDACTED", #REDACTED line is file path of pem formatted file
client_key_password = "" #Was accidentally left blank
)
I then traced the error back to the python SSL docs exceptions to discover that SSLError was a subexception under OSError.
I modified security.py beginning at line 739, to include at line 755 a new exception which accounts for SSLError, and then included e.errno in the output - which turned out to be errno: 9.
Within the exception I modified the raised error to include a side note that it may pertain to a malformed client_key_password parameter
Urgency
Not very urgent at all - It's mostly resolved, just a bit of touch up that I'll go ahead and submit to the repo shortly.
The text was updated successfully, but these errors were encountered: