Python throwing an SSL certificate validation error w/o consulting system CA bundles? -


with 2 largely identical systems (both running fedora 25, both similar package versions installed), 1 system failing ssl certicate verification error while not. is, if run:

import requests r = requests.get('https://insidehost.corp.example.com')

one 1 system works, while on other fails:

requests.exceptions.sslerror: ("bad handshake: error([('ssl routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)

at first figure missing necessary ca certificates, running python under strace reveals on failing system, python never attempting open ca bundle. is, on system works:

strace -e trace=open,stat python testscript.py |& grep /etc/pki

yields only:

open("/etc/pki/tls/legacy-settings", o_rdonly) = -1 enoent (no such file or directory) stat("/etc/pki/tls/certs/ca-bundle.crt", {st_mode=s_ifreg|0444, st_size=257079, ...}) = 0 open("/etc/pki/tls/certs/ca-bundle.crt", o_rdonly) = 4

but on failing system yields:

open("/etc/pki/tls/legacy-settings", o_rdonly) = -1 enoent (no such file or directory)

furthermore, running same test script python3 on failing system...works!

in both cases, python /usr/bin/python python-2.7.13-1.fc25.x86_64. neither system setting *_ca_bundle environment variable.

after additional investigation i've figured out, , thought post solution here because it's not obvious.

the requests module includes own certificate bundle, , fall on if can't find 1 use. way looks certificate bundle this, in requests/certs.py:

try:     certifi import except importerror:     def where():         """return preferred certificate bundle."""         # vendored bundle inside requests         return os.path.join(os.path.dirname(__file__), 'cacert.pem')

you can see result of running:

$ python -m requests.certs /etc/pki/tls/certs/ca-bundle.crt

as can see above code, requests uses certifi module locate appropriate bundle. on failing system, certifi module had been installed via pip rather using system package, meant lacking appropriate configuration.

the solution yum install python2-certifi.


Comments

Post a Comment

Popular posts from this blog

How to understand 2 main() functions after using uftrace to profile the C++ program? -

i trying uftrace profile following simple c++ program: #include <iostream> class { public: a() {std::cout << "a created" << std::endl;} ~a() {std::cout << "a destroyed" << std::endl;} }; int main() { a; return 0; } the profile result this: # uftrace a.out created destroyed # duration tid function 2.026 [ 4828] | __cxa_atexit(); [ 4828] | main() { [ 4828] | __static_initialization_and_destruction_0() { 89.397 [ 4828] | std::ios_base::init::init(); 0.768 [ 4828] | __cxa_atexit(); 93.029 [ 4828] | } /* __static_initialization_and_destruction_0 */ 94.425 [ 4828] | } /* main */ [ 4828] | main() { [ 4828] | a::a() { 11.104 [ 4828] | std::operator <<(); 10.825 [ 4828] | std::basic_ostream::operator <<(); 24.514 [ 4828] | } /* a::a */ [ 4828] | a::~a() { 0.978 [ 4828] | ...
Read more

c# - Update a combobox from a presenter (MVP) -

i using mvp in project, new in mvp. have 2 comboboxes. when select option in combobox, combobox should filled new data. this action in presenter. view 'view1' in presenter, , introduced combobox1 , combobox2 properties in 'view1', because need 'datasource', 'displaymember', 'valuemember' , 'refresh()' in method below. but, when using pattern, enough send property like public string combobox2 { { return combobox1.selectedvalue.tosstring(); } } into presenter not whole combobox. how can solve problem? public void onselectedindexchangedcombobox1() { if (view1.combobox1.selectedindex == -1) { return; } datatable dt = tools.getdatatable("a path"); var query = (from o in dt.asenumerable() o.field<string>("afield") == farmerview.combobox1.selectedvalue.tostring() orderby o.field<string>("anotherfield") select...
Read more

How to put a lock and transaction on table using spring 4 or above using jdbcTemplate and annotations like @Transactional? -

i trying put lock on table while writing on table , if happened in between roll-back . trying convert below code lock table test_g1 read; lock table test_g write; -- begin; start transaction; insert test_g1 values(143); insert test_g values(145); select * test_g1; select * test_g; rollback; select * test_g; unlock tables; how convert above code @transactional spring jdbctemplate code? @transactional(rollbackfor={dataaccessexception.class}) public void test(){ jdbctemplate.execute("insert test1 (id, nam) values (4, 'a')"); throw new dataaccessexception("error") { }; } here trying throw error, insert statement should rollback it's not happening . thanks edit-1 attaching code , doing in jdbcdaoimpl.java , mentioned problem comment above test() . app.java package com.cgiri.javabrains.spring4; import org.springframework.beans.factory.annotation.autowired; import org.springframework.context.applic...
Read more