[jira] [Resolved] (LIBCLOUD-812) Setting libcloud.security.VERIFY_SSL_CERT = False still results in CERTIFICATE_VERIFY_FAILED errors on python 2.7.11

Tue, 17 Jan 2017 20:34:28 -0800 

     [ 
https://issues.apache.org/jira/browse/LIBCLOUD-812?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Anthony Shaw resolved LIBCLOUD-812.
-----------------------------------
    Resolution: Fixed

> Setting libcloud.security.VERIFY_SSL_CERT = False still results in 
> CERTIFICATE_VERIFY_FAILED errors on python 2.7.11
> --------------------------------------------------------------------------------------------------------------------
>
>                 Key: LIBCLOUD-812
>                 URL: https://issues.apache.org/jira/browse/LIBCLOUD-812
>             Project: Libcloud
>          Issue Type: Bug
>          Components: Compute
>         Environment: python 2.7.11 (likely since 2.7.9 as well when ssl 
> behaviour was updated)
>            Reporter: Michael Bennett
>
> When trying to use the Docker Container API with a docker host running on a 
> local docker-machine managed VM, setting libcloud.security.VERIFY_SSL_CERT = 
> False to allow the use of the self-signed certs generated by docker itself 
> still results in CERTIFICATE_VERIFY_FAILED. This is because when verify is 
> turned off, the base httplib.HTTPSConnection connect() method is used and the 
> behaviour of the default SSL context was changed in python 2.7.9 to use 
> verification by default (which is detailed here 
> https://docs.python.org/2/library/ssl.html#ssl._https_verify_certificates)
> Example:
> # Stack traces removed for brevity. Note get_connection() is my own method 
> which creates a properly instantiated DockerContainerDriver
> In [1]: from cloud.connection import get_connection
> In [2]: import libcloud
> In [3]: conn = get_connection('docker')
> In [4]: conn.list_images()
> ---------------------------------------------------------------------------
> SSLError                                  Traceback (most recent call last)
> <ipython-input-4-47e7225ad5b0> in <module>()
> ----> 1 conn.list_images()
> ...
> SSLError: ('[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed 
> (_ssl.c:590)',)
> In [5]: libcloud.security.VERIFY_SSL_CERT
> Out[5]: True
> In [6]: libcloud.security.VERIFY_SSL_CERT = False
> In [7]: conn.list_images()
> UserWarning: SSL certificate verification is disabled, this can pose a 
> security risk. For more information how to enable the SSL certificate 
> verification, please visit the libcloud documentation.
>   warnings.warn(libcloud.security.VERIFY_SSL_DISABLED_MSG)
> ---------------------------------------------------------------------------
> SSLError                                  Traceback (most recent call last)
> <ipython-input-7-47e7225ad5b0> in <module>()
> ----> 1 conn.list_images()
> ...
> SSLError: ('[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed 
> (_ssl.c:590)',)
> In [8]: import ssl
> In [9]: ssl._create_default_https_context = ssl._create_unverified_context
> In [10]: conn.list_images()
> Out[10]:
> [<ContainerImage: id=sha256:133ecd49ac99f45856...]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to