cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
793
Views
0
Helpful
4
Replies
Beginner

pxGrid bulk ise session downloads in C (with self signed certificates)

Hello everyone,

I've been trying to get bulk session downloads to work in C with self signed certificates. I'm using the sample code with the 1.0.4.19 pxgrid-sdk. The only line of the code that I've changed as 1221 of helper.c  where I changed:


     SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);

to be:

     SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);

I found this change to be necessary to use the C API to subscribe to notifications (which is working). when i try to run session_download though i get the following errors:

*** bulkdownload opened

2017-08-24T09:54:22 [    INFO]: curl_easy_setopt() for CURLOPT_URL: 'https://XXXXXXXXX.XXX:8910/pxgrid/mnt/sd/getSessionListByTime'

2017-08-24T09:54:25 [   ERROR]: startElementHandler - text should have been NULL at file build/gcl/src/pxgrid_bulkdownload_xml_parse.c line 75

2017-08-24T09:54:25 [   ERROR]: startElementHandler - text should have been NULL at file build/gcl/src/pxgrid_bulkdownload_xml_parse.c line 75

2017-08-24T09:54:25 [   ERROR]: XML_Parse() failed at file build/gcl/src/pxgrid_bulkdownload_xml_parse.c line 183

2017-08-24T09:54:25 [   ERROR]: next() failed at file build/gcl/src/pxgrid_bulkdownload.c line 257

After adding some code to dump the "xml" to screen  i'm not actually getting xml but an http 401 error page:

HTTP Status 401 - No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken

I have created java key stores with the same keys I'm trying to use for the bulk download and tested them with the java sample code that does work.

Again i'm presuming this is related to the handling of keys because, that is the only part of the sample code that i changed. Ideally i would proceed to test revert the sample code and test this with a CA signed key but our admin is out until Monday so I'm at a bit of stand still 'til then. I was hoping someone might've come across this in the mean time and could point me in the right direction so i'm not sitting on my hands.

Thank you for your time.

Everyone's tags (3)
4 REPLIES 4
Beginner

Re: pxGrid bulk ise session downloads in C (with self signed certificates)

Having gotten a signed certificate for my client code I'm still seeing the same errors, again with my code and with unmodified sample code. I can't imagine what i'm missing, the ISE end must be configured correctly because the Java samples work. I'm really at a loss for why this isn't working in C.

Cisco Employee

Re: pxGrid bulk ise session downloads in C (with self signed certificates)

What's the ver of ISE, What certificate are you using. I would suggest if ISE version is 2.2+ use internal CA cert.

Please let us know what certificate pxgrid is boud to.

Beginner

Re: pxGrid bulk ise session downloads in C (with self signed certificates)

Solved it. It would seem you *must* link with the libcurl in the SDK other versions don't work.

Highlighted

Re: pxGrid bulk ise session downloads in C (with self signed certificates)

Can you post the solution or workaround please?

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards
This widget could not be displayed.