Security

4.3 breaks the python api searches

tven
Explorer

We have a python script that calls the splunk api on saved searches and writes data back to a file.

With the 4.3 upgrade from 4.2 i get this error. Anyone know what this error is referring to? I know it has to do with certificates, but what went wrong?

No handlers could be found for logger "splunk.clilib.cli_common"
Traceback (most recent call last):
  File "/home/appsmon/splunk/saved_search/tbb/exceptions/saved_search.py", line 216, in <module>
    headers={}, body=urllib.urlencode({'username':username, 'password':password}))[1]
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 1419, in request
    (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 1171, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 1122, in _conn_request
    conn.connect()
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 890, in connect
    self.disable_ssl_certificate_validation, self.ca_certs)
  File "/opt/splunk/lib/python2.7/site-packages/httplib2/__init__.py", line 76, in _ssl_wrap_socket
    cert_reqs=cert_reqs, ca_certs=ca_certs)
  File "/opt/splunk/lib/python2.7/ssl.py", line 374, in wrap_socket
    ciphers=ciphers)
  File "/opt/splunk/lib/python2.7/ssl.py", line 134, in __init__
    ciphers)
ssl.SSLError: [Errno 185090050] _ssl.c:341: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
1 Solution

LukeMurphey
Champion

Try disabling SSL certificate checking in your httplib2 calls by setting disable_ssl_certificate_validation=True:

h = httplib2.Http(disable_ssl_certificate_validation=True)
# Instead of calling just httplib2.Http()

Splunk 4.3 ships with a newer version of the httplib2 Python Module, which enables certificate validation by default. Setting disable_ssl_certificate_validation to True makes httplib2 act like it did in Splunk 4.2.

View solution in original post

LukeMurphey
Champion

Try disabling SSL certificate checking in your httplib2 calls by setting disable_ssl_certificate_validation=True:

h = httplib2.Http(disable_ssl_certificate_validation=True)
# Instead of calling just httplib2.Http()

Splunk 4.3 ships with a newer version of the httplib2 Python Module, which enables certificate validation by default. Setting disable_ssl_certificate_validation to True makes httplib2 act like it did in Splunk 4.2.

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...