ATTACK-Python-Client
ATTACK-Python-Client copied to clipboard
SSL certificate problem
Hey Roberto,
I'm currently facing an SSL certificate error while I'm trying to communicate with the TAXII server. Knowing that I encounter this problem when I am behind my corporate proxy, I think this problem could be solved by offering the user the possibility not to block the communication when an insecure certificate is encountered.
For example, I find the following error when I launch a cURL command line on the TAXII server:
curl -H "Accept: application/vnd.oasis.taxii+json" https://cti-taxii.mitre.org/taxii/
curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
If I just add a -k parameter to the same cURL command line:
curl -H "Accept: application/vnd.oasis.taxii+json" https://cti-taxii.mitre.org/taxii/ -k
{"title":"CTI TAXII server","description":"This TAXII server contains a listing of ATT&CK domain collections expressed as STIX, including PRE-ATT&CK, ATT&CK for Enterprise, and ATT&CK Mobile.","contact":"[email protected]","default":"https://cti-taxii.mitre.org/stix/","api_roots":["https://cti-taxii.mitre.org/stix/"]}
I hope that my problem is clear enough, and I hope that a solution can be found. Best regards,
Hello @sheetlaand !
I wonder if the verify
method would work in TAXIIClient . I believe this is the same issue right? https://github.com/oasis-open/cti-taxii-client/issues/24?msclkid=eaba0bb3b03411ecbfe2f4ba2265c1cb
Yeah, probably the same issue.
I tried to add a "verify=False" attribute to the Collection classes in the "attack_api.py" file (line 53 to 56), it works !
However, I think there must be a more conventional way to do this, do you have a coherent solution for me? Maybe since MITRE's attack certificate is issued by MITRE's internal certificate authority (https://github.com/oasis-open/cti-taxii-client/issues/33), I just need to use the "verify=False" setting when I am behind my company's proxy.
Glad to hear the verify=False
thing worked. I believe that should be the way how this should be handled. However, it needs to be added to the library itself so that the parameter can be used across all functions. Would that work?