Comments (5)
Interesting - is this happening in ClientBuilder.construct
? grpc.ssl_channel_credentials
expects None
to any of those args, uncertain the conditions which cause this.
from cisco-gnmi-python.
Yes, construct, but, really the crash happens initializing the "grpc._channel.Channel" class.
Here are the 3 parameters (certificate chain is None).
(Pdb) pp channel_creds._credentials._channel_credentials._certificate_chain
None
(Pdb) pp channel_creds._credentials._channel_credentials._pem_root_certificates
(b'-----BEGIN CERTIFICATE-----\nMIICnjCCAYYCCQDnpKTY6UDltDANBgkqhkiG9w0BAQsF'
b'ADARMQ8wDQYDVQQDDAZy\nb290Q0EwHhcNMjAwMjEwMTU0MzQwWhcNNDcwNjI3MTU0MzQwWjA'
b'RMQ8wDQYDVQQD\nDAZyb290Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGgC'
b'aEVfyd\nQMcBxXbtAEOSEJXchEfM5GAL1b8aTVLKInZkHuenbNgFWJNElYaXsdpSgnkMft9P\n'
b'IaGyEeaXvq78ZC7MXy1OKT58xG0LwBYsNeztEBxpge5djsEItb98TVEbrhPceuyi\nDLuse7O'
b'mfe5vSPtTSzbgmB+7hRzJjgcsWt/LTp0r3m3jf8/tQ+OEJlF7TyN7Teo1\nGTsgoLcaIXAhs4'
b'EV4B50PjvMxpkO7CDnNSCoD5K9VTme72wcXPv0BykK3LSUVWta\nWSxp6tCdxHvabocdiBfTN'
b'PkWctRc37uBSa2D/7AgUBfE48opk0922O74YHm8PMw2\n5yjBOdhonFvpAgMBAAEwDQYJKoZI'
b'hvcNAQELBQADggEBAJ0pgvK21GTq0RkgYe/c\n/db4YDM1StsNW/q+67eCMliZrNJfGjlacs8'
b'uaY6+PwPCxY+CehJY0T2NpNlQuAhr\n+Fy6WUR+8FEFOSihPqN11EQPgyKsFt1F6FET1mTgBm'
b'w2+3dnHSlJ3wAnW4IrH8Jw\nTqi3+KRzrDOqj3uX3CZZqFcwdweTiF2yu7TurNDSXky4RTIuo'
b'pLehkN7oTo0TeWD\n5anQLPaNG6ifLwt1lISbLFaeKISnD5hha/ifvprmp0hOmKBT61L3TpYz'
b'5nJ8jQwx\nLuteBmVTq6SaiQvcE2kzCFB2KBciCAstt2bF3u5V0DDEOQv1iQla2ULYF7EzKz5'
b'F\nalU=\n-----END CERTIFICATE-----\n')
(Pdb) pp channel_creds._credentials._channel_credentials._private_key
(b'-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA34Qlyxw+reu4//nIYa6+dDUM'
b'A1wyyANb5FEAPXdiGN+nraQm\n8Y/mo2R4LiRDp6i2MIR+Kzfptctc1SKJ3QFUrje8VjuqRzW'
b'gcERBU7Ujfjonpwmj\nlshYkST304cEPX4S/ys4eFT2aunBZvR+CJxhxBQNO7ROx3QvKFYHhL'
b'YU8AQDW5XN\nIpCKVFQbtuZK4KdoL8MKaJ8bJ5SMnCGHmrXAhv1/xJb5c4QYwLG0hpzpM+WU8'
b'Rm9\no2mi5w0Y0w/ziOd4tu58OOpF9PVp6CyqPFdQHZcPe1lQty6FdG4y0cn162BuCRfI\nHu6'
b'Ab6gtcV3GwP38uJHyRU/6lxce3JYpZaOtXwIDAQABAoIBAQChQcPKf7ww2ioE\nc39ACkRZrp'
b'PWMMRqTRIU7OORdPoPG/zrZ8y45qrtIuUZ1QwCf9PBuTUVlSdGA0wc\ncOipy/X+IzP7utwkt'
b'+niVTwUWlEbFnXZKzkc5boQLW2m7HgArV6jPdll51ZI2BCy\naJ4tNDXMsvLBKlrTx1zmavrN'
b'olgEuGcANJBoUHwdCil3s8Z6X/MDcJIC8knkkxYn\nQCb7PY9tKUQF4ks8OJHmOLxcvNSwUZB'
b'H3iXUicbmotne4MSTaiJc4LqsS13EzrD8\nAODW8xVsjd6OhV0HKQpJIvXiZhGSkZv/pdtWcA'
b'7X9CdNN4IuPsniSdqKFdFgf5OY\n2YFde9DBAoGBAPnG5kPVetqyMn2e/YDkJBLCv3D2auIlv'
b'UaX0eajUhxwHpUi69Sv\nfK/UVHv/WD+iUk+O8J5KOIa15x6X0TwbTwalVRGCXA+KUShU4EzG'
b'ZFmpEodNEviP\nlMQo7mzDhyw9oGMzNxJH9xkm0e2D1lbaK2j4SNkgH5SW92jNq0IEuTIvAoG'
b'BAOUV\nwTHNB/mFDg7q8/EInfx+VNE0ll51c/tRq1MRgUZ+UuraSjBOaMUBfMW3EfoCKMoq\n2'
b'HjrU5dw/tF+2wftYWef3DBPBcr+1whleONNwOkjS72TH1TIvcYtfHcj17bdq92Q\nnljXeogK'
b'hgN0CcCWU/fKh+Zevcp9FM5jT2G0VVvRAoGBAJ1Q/eSJh5hIle5y/d15\nU5MRX7xJJ6aJ+H2'
b'Gz6hBA01v/IMX/Ir3gEPKKu/yMmXZ2ZfMQpafzpxh41BsdFc0\nKADajwq5HTyYdGc/lgolBj'
b'1GdKoNDD7LR/qIgSq1t+RQaD0ym6QC+Ym43o2G9K+9\nN4wknNVMGzfeIbO7nfq1uOL3AoGAA'
b'aZeddVcMVfb+g+HIj1FpgPi6H7Qdm2yICU+\nbqK5o6BVSIu57Q8jgge4tlPTNVG+qXYViQlo'
b'2LZfn3KicTQsd2qXU2G+UO/07IKO\nlFSDByrR6NOebiXj+AFr3A/OBesiyb245jrnDwPEY1H'
b'6oAB1KluzDt2v0D2GYNYm\nRDXgR4ECgYEA1/3DArVA8N5hXZSNqwQw7P5gVgdpy/hbtvA61a'
b'oqcBALXKdbWHB0\nv0qZkZlWabYzKLna0IKuOch0ONauLVqm2aG4fx0ZRdJsAdNkChcQcNTT7'
b'9bg2DMj\ni1xPX8YSzZ4M1TglrUl28Xz+Sfghk1Zdp4tc3QXzxQ8SO8aWaJ2tDpw=\n-----EN'
b'D RSA PRIVATE KEY-----\n')
(Pdb)
from cisco-gnmi-python.
Further testing, if either the private key or the client certificate are None, they both have to be None or you get a crash.
from cisco-gnmi-python.
I'm inclined to say that makes sense, but I don't FULLY understand certificates enough to know situations wherein the client key/cert paired wouldn't be necessary. We can add an exception for that condition - in general I usually have a rootCA.pem
for CA, client.key
for client key, and client.crt
for client certificate, and sometimes only the CA. Do you have a use case otherwise?
from cisco-gnmi-python.
NXOS at first only provided the rootCA.pem and host override name. That also connects successfully for XE. From my limited investigation of TLS, I think that works because the actual root authority is the Cisco device itself. If it was a 3rd party, not so sure that would end in a successful connection.
from cisco-gnmi-python.
Related Issues (20)
- Add Subscribe Mode to CLI
- Accomodate double-quotes in keyed XPath parsing
- PR check for version number bump
- Handle empty XPath appropriately
- Add XPath unit tests
- Support to handle data size > 4mb in get responses HOT 2
- Validate deletion of leaflist entry on nxos HOT 2
- Update NX-OS docstring
- Support multiple update/replace Updates
- Simplify data access
- replace issue in client.py
- Need mechanism to update/replace based on xpath HOT 1
- Client initialization needs to be moved ahead for delete_xpath operation HOT 1
- subscription with req_mode POLL not fetching data HOT 3
- Clarify support model
- Clarify Set example as XR in documentation
- Cannot filter based on key in XR
- xr.py check_config() doing a wrong type check
- Error when importing cisco_gnmi in Python 3.9 or 3.11 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cisco-gnmi-python.