Well, any HTTP proxy is technically MitM by design ;-) Check if you can configure a SOCKS proxy, that type only forwards tcp connections, leaving TLS intact.
On Sat, Jul 30, 2016, 14:27 Troy Cauble <[email protected]> wrote: > Maybe I wasn't clear. I said I initially *thought* it was a MitM type > proxy > but then I replicated the problem with polipo an open source proxy > that is not MitM. > > Also, ansible and other Python tools get through our corporate proxy > fine, so it may not be MitMing at all. > > -troy > > On Fri, Jul 29, 2016 at 3:41 PM, Troy Cauble <[email protected]> wrote: > > > I'm using libcloud 1.1.0 on python 2.7.10 and > > ubuntu 15.10. > > > > Here's hoping this is a mismatched package > > > > $ pip list > > apache-libcloud (1.1.0) > > argparse (1.2.1) > > boto (2.42.0) > > certifi (2016.2.28) > > cffi (1.7.0) > > cryptography (1.4) > > docopt (0.6.2) > > enum34 (1.1.6) > > idna (2.1) > > ipaddress (1.0.16) > > paramiko (2.0.2) > > pip (1.5.6) > > pyasn1 (0.1.9) > > pycparser (2.14) > > setuptools (18.4) > > six (1.10.0) > > wsgiref (0.1.2) > > > > > > When I don't set > > libcloud.security.VERIFY_SSL_CERT = False > > I see the following exception using the proxy at work. > > > > ... > > sg = driver.ex_get_security_groups(group_names=[sg_nm]) > > File > > > "/home/troy/B2/local/lib/python2.7/site-packages/libcloud/compute/drivers/ec2.py", > > line 3818, in ex_get_security_groups > > response = self.connection.request(self.path, params=params) > > File > > > "/home/troy/B2/local/lib/python2.7/site-packages/libcloud/common/base.py", > > line 851, in request > > raise ssl.SSLError(str(e)) > > ssl.SSLError: ('("Failed to verify hostname: hostname \'proxy. > > <http://proxy.proxy.alcatel-lucent.com/>MYCOMPANY.com\' doesn\'t match > > either of \'us-west-2.ec2.amazonaws.com\', \'ec2.us-west-2.amazonaws.com > > \'",)',) > > > > > > > > It's complaining that the company proxy FQDN doesn't match > > the amazonaws FQDNs. > > > > At first I thought it might be a man-in-the-middle style corporate proxy > > cert issue. > > But then I replicated it using polipo. > > > > Any ideas? > > Thanks, > > -troy > > > > -troy > > >
