You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@libcloud.apache.org by "Anthony Shaw (JIRA)" <ji...@apache.org> on 2017/01/18 04:33:27 UTC

[jira] [Resolved] (LIBCLOUD-812) Setting libcloud.security.VERIFY_SSL_CERT = False still results in CERTIFICATE_VERIFY_FAILED errors on python 2.7.11

     [ https://issues.apache.org/jira/browse/LIBCLOUD-812?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Anthony Shaw resolved LIBCLOUD-812.
-----------------------------------
    Resolution: Fixed

> Setting libcloud.security.VERIFY_SSL_CERT = False still results in CERTIFICATE_VERIFY_FAILED errors on python 2.7.11
> --------------------------------------------------------------------------------------------------------------------
>
>                 Key: LIBCLOUD-812
>                 URL: https://issues.apache.org/jira/browse/LIBCLOUD-812
>             Project: Libcloud
>          Issue Type: Bug
>          Components: Compute
>         Environment: python 2.7.11 (likely since 2.7.9 as well when ssl behaviour was updated)
>            Reporter: Michael Bennett
>
> When trying to use the Docker Container API with a docker host running on a local docker-machine managed VM, setting libcloud.security.VERIFY_SSL_CERT = False to allow the use of the self-signed certs generated by docker itself still results in CERTIFICATE_VERIFY_FAILED. This is because when verify is turned off, the base httplib.HTTPSConnection connect() method is used and the behaviour of the default SSL context was changed in python 2.7.9 to use verification by default (which is detailed here https://docs.python.org/2/library/ssl.html#ssl._https_verify_certificates)
> Example:
> # Stack traces removed for brevity. Note get_connection() is my own method which creates a properly instantiated DockerContainerDriver
> In [1]: from cloud.connection import get_connection
> In [2]: import libcloud
> In [3]: conn = get_connection('docker')
> In [4]: conn.list_images()
> ---------------------------------------------------------------------------
> SSLError                                  Traceback (most recent call last)
> <ipython-input-4-47e7225ad5b0> in <module>()
> ----> 1 conn.list_images()
> ...
> SSLError: ('[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)',)
> In [5]: libcloud.security.VERIFY_SSL_CERT
> Out[5]: True
> In [6]: libcloud.security.VERIFY_SSL_CERT = False
> In [7]: conn.list_images()
> UserWarning: SSL certificate verification is disabled, this can pose a security risk. For more information how to enable the SSL certificate verification, please visit the libcloud documentation.
>   warnings.warn(libcloud.security.VERIFY_SSL_DISABLED_MSG)
> ---------------------------------------------------------------------------
> SSLError                                  Traceback (most recent call last)
> <ipython-input-7-47e7225ad5b0> in <module>()
> ----> 1 conn.list_images()
> ...
> SSLError: ('[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)',)
> In [8]: import ssl
> In [9]: ssl._create_default_https_context = ssl._create_unverified_context
> In [10]: conn.list_images()
> Out[10]:
> [<ContainerImage: id=sha256:133ecd49ac99f45856...]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)