Python requests not working with HTTPS

3,484 views
Skip to first unread message

pavan kumar s

unread,
Jul 27, 2015, 7:46:42 PM7/27/15
to Vault
Hi,

I have a vault server setup with TLS enabled. And on my client machine the curl command works : 


output:
{"initialized":true,"sealed":true,"standby":true}

But I am not able to get the same output with Python requests. I have the openssl 1.0.1g and compiled python 3.4 with that. 

the code is simple:

import requests
requests.get('https://serverIP:8200/v1/sys/health', verify=False)

output:
/usr/local/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py:768: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)
<Response [500]>

I have setup the vault with self signed certificate and key. So I am using the verify=False parameter in case of python requests, it still does not work.

Any help is appreciated.

Thanks,
Pavan

pavan kumar s

unread,
Jul 27, 2015, 8:13:43 PM7/27/15
to Vault, pavanku...@gmail.com
I get the correct output in the 'text' field of the response. but I am wondering why is it throwing 500 error. Is it because Vault enforces the client to use a certificate , else throw a 500 error ?

-Pavan

Jeromy Labit

unread,
Jul 28, 2015, 1:08:04 PM7/28/15
to Vault, pavanku...@gmail.com
Pavan,

  I think your issues are more specific to Python (requests and urllib3), than to Vault. I would look at the advanced section of the requests documentation. There are a few relevant sections... Including specifying SSL version (Vault only works with TLSv1.2), and how to capture and handle that specific warning.

  I haven't tested it, but you could also pass a certificate bundle (or that certificate) as an argument to verify so that requests will trust it... that should resolve the warning and allow you to verify the certificate.

Jeromy

benjamen...@dollarshaveclub.com

unread,
Sep 22, 2015, 9:31:37 PM9/22/15
to Vault
Vault requests a client certificate (https://github.com/hashicorp/vault/blob/master/command/server/listener.go#L75) which in my experience causes issues with Python clients (httpie particularly).


On Monday, July 27, 2015 at 4:46:42 PM UTC-7, pavan kumar s wrote:
Reply all
Reply to author
Forward
0 new messages