Yeah, what Samuel has said - Libcloud is working as intended. It's notifying you that you are being MITMed, in your case by a corporate proxy.
On Sat, Jul 30, 2016 at 12:19 PM, Samuel Marks <[email protected]> wrote: > It is being proxied through your company's network. What are your > HTTP_PROXY/HTTPS_PROXY environment variables set to? - It might be > happening at a different layer, but just checking. > > Regardless libcloud is correct to not verify that hostname, as it clearly > isn't Amazon. If you can't disable the proxy but it still goes through to > AWS, then just disable verification like you've done. > > > Samuel Marks > http://linkedin.com/in/samuelmarks > > On Sat, Jul 30, 2016 at 5:41 AM, Troy Cauble <[email protected]> wrote: > > > I'm using libcloud 1.1.0 on python 2.7.10 and > > ubuntu 15.10. > > > > Here's hoping this is a mismatched package > > > > $ pip list > > apache-libcloud (1.1.0) > > argparse (1.2.1) > > boto (2.42.0) > > certifi (2016.2.28) > > cffi (1.7.0) > > cryptography (1.4) > > docopt (0.6.2) > > enum34 (1.1.6) > > idna (2.1) > > ipaddress (1.0.16) > > paramiko (2.0.2) > > pip (1.5.6) > > pyasn1 (0.1.9) > > pycparser (2.14) > > setuptools (18.4) > > six (1.10.0) > > wsgiref (0.1.2) > > > > > > When I don't set > > libcloud.security.VERIFY_SSL_CERT = False > > I see the following exception using the proxy at work. > > > > ... > > sg = driver.ex_get_security_groups(group_names=[sg_nm]) > > File > > > > > "/home/troy/B2/local/lib/python2.7/site-packages/libcloud/compute/drivers/ec2.py", > > line 3818, in ex_get_security_groups > > response = self.connection.request(self.path, params=params) > > File > > > "/home/troy/B2/local/lib/python2.7/site-packages/libcloud/common/base.py", > > line 851, in request > > raise ssl.SSLError(str(e)) > > ssl.SSLError: ('("Failed to verify hostname: hostname \'proxy. > > <http://proxy.proxy.alcatel-lucent.com/>MYCOMPANY.com\' doesn\'t match > > either of \'us-west-2.ec2.amazonaws.com\', \'ec2.us-west-2.amazonaws.com > > \'",)',) > > > > > > > > It's complaining that the company proxy FQDN doesn't match > > the amazonaws FQDNs. > > > > At first I thought it might be a man-in-the-middle style corporate proxy > > cert issue. > > But then I replicated it using polipo. > > > > Any ideas? > > Thanks, > > -troy > > > > -troy > > >
