Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSLContext.wrap_socket() throws a TypeError when attempting to connect to a switch using transport: https_certs #290

Closed
micabrer-arista opened this issue Oct 25, 2023 · 1 comment
Closed

SSLContext.wrap_socket() throws a TypeError when attempting to connect to a switch using transport: https_certs #290

micabrer-arista opened this issue Oct 25, 2023 · 1 comment

Comments

@micabrer-arista
Copy link

Pyeapi is throwing the following error when attempting to connect to a switch via the https_certs transport type:

  File "/Users/micabrer/.pyenv/versions/3.11.4/lib/python3.11/site-packages/pyeapi/eapilib.py", line 261, in connect
    self.sock = ssl.SSLContext.wrap_socket(sock, self.key_file,
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: SSLContext.wrap_socket() got an unexpected keyword argument 'cert_reqs'

The issue is that ssl.SSLContext.wrap_socket() doesn't accept an argument for cert_reqs. (Reference)

The call that is failing is this one:

255         if self.ca_file:
256             self.sock = ssl.SSLContext.wrap_socket(sock, self.key_file,
257                                                    self.cert_file,
258                                                    ca_certs=self.ca_file,
259                                                    cert_reqs=ssl.CERT_REQUIRED)
260         else:
261             self.sock = ssl.SSLContext.wrap_socket(sock, self.key_file,
262                                                    self.cert_file,
263                                                    cert_reqs=ssl.CERT_NONE)

It looks like this was originally built to be used with ssl.wrap_socket as the arguments match what that function requires. (Reference)

This will likely need to be updated to properly work with the SSLContext.wrap_socket() function, as the ssl.wrap_socket() function is deprecated.
@dlyssenko dlyssenko mentioned this issue Dec 14, 2024
Merged
dlyssenko pushed a commit that referenced this issue Dec 16, 2024
fix for issue #290 - allow passing key and cert file to the connect m…
d9035d3 
…ethod
dlyssenko added a commit that referenced this issue Dec 16, 2024
@dlyssenko
Merge pull request #311 from dlyssenko/fix_issue_#290
c8427cc 
fix for issue #290 - allow passing key and cert file to the connect()
@dlyssenko
Copy link
Contributor

PR #311 fixes this issue, however, passing key/cert to the pyeapi via parameters is deprecated (a respective deprecation message is printed) and will be removed in the future versions.

The newer way of handling this (which is working fine):

  • create an SSL context outside of pyeapi (then key/cert are passed there)
  • then pass SSL context to pyeapi.

That way the SSL context management is entirely in user's hands.

With this comment, I'm closing this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dlyssenko @micabrer-arista