libcloud-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Bennett (JIRA)" <j...@apache.org>
Subject [jira] [Created] (LIBCLOUD-812) Setting libcloud.security.VERIFY_SSL_CERT = False still results in CERTIFICATE_VERIFY_FAILED errors on python 2.7.11
Date Wed, 20 Apr 2016 16:59:25 GMT
Michael Bennett created LIBCLOUD-812:
----------------------------------------

             Summary: Setting libcloud.security.VERIFY_SSL_CERT = False still results in CERTIFICATE_VERIFY_FAILED
errors on python 2.7.11
                 Key: LIBCLOUD-812
                 URL: https://issues.apache.org/jira/browse/LIBCLOUD-812
             Project: Libcloud
          Issue Type: Bug
          Components: Compute
         Environment: python 2.7.11 (likely since 2.7.9 as well when ssl behaviour was updated)
            Reporter: Michael Bennett


When trying to use the Docker Container API with a docker host running on a local docker-machine
managed VM, setting libcloud.security.VERIFY_SSL_CERT = False to allow the use of the self-signed
certs generated by docker itself still results in CERTIFICATE_VERIFY_FAILED. This is because
when verify is turned off, the base httplib.HTTPSConnection connect() method is used and the
behaviour of the default SSL context was changed in python 2.7.9 to use verification by default
(which is detailed here https://docs.python.org/2/library/ssl.html#ssl._https_verify_certificates)

Example:
# Stack traces removed for brevity. Note get_connection() is my own method which creates a
properly instantiated DockerContainerDriver

In [1]: from cloud.connection import get_connection
In [2]: import libcloud
In [3]: conn = get_connection('docker')
In [4]: conn.list_images()
---------------------------------------------------------------------------
SSLError                                  Traceback (most recent call last)
<ipython-input-4-47e7225ad5b0> in <module>()
----> 1 conn.list_images()

...

SSLError: ('[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)',)

In [5]: libcloud.security.VERIFY_SSL_CERT
Out[5]: True
In [6]: libcloud.security.VERIFY_SSL_CERT = False
In [7]: conn.list_images()
UserWarning: SSL certificate verification is disabled, this can pose a security risk. For
more information how to enable the SSL certificate verification, please visit the libcloud
documentation.
  warnings.warn(libcloud.security.VERIFY_SSL_DISABLED_MSG)
---------------------------------------------------------------------------
SSLError                                  Traceback (most recent call last)
<ipython-input-7-47e7225ad5b0> in <module>()
----> 1 conn.list_images()

...

SSLError: ('[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)',)

In [8]: import ssl
In [9]: ssl._create_default_https_context = ssl._create_unverified_context
In [10]: conn.list_images()
Out[10]:
[<ContainerImage: id=sha256:133ecd49ac99f45856...]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message