[jira] [Created] (LIBCLOUD-812) Setting libcloud.security.VERIFY_SSL_CERT = False still results in CERTIFICATE_VERIFY_FAILED errors on python 2.7.11

Wed, 20 Apr 2016 09:59:40 -0700 

Michael Bennett created LIBCLOUD-812:
----------------------------------------

             Summary: Setting libcloud.security.VERIFY_SSL_CERT = False still 
results in CERTIFICATE_VERIFY_FAILED errors on python 2.7.11
                 Key: LIBCLOUD-812
                 URL: https://issues.apache.org/jira/browse/LIBCLOUD-812
             Project: Libcloud
          Issue Type: Bug
          Components: Compute
         Environment: python 2.7.11 (likely since 2.7.9 as well when ssl 
behaviour was updated)
            Reporter: Michael Bennett


When trying to use the Docker Container API with a docker host running on a 
local docker-machine managed VM, setting libcloud.security.VERIFY_SSL_CERT = 
False to allow the use of the self-signed certs generated by docker itself 
still results in CERTIFICATE_VERIFY_FAILED. This is because when verify is 
turned off, the base httplib.HTTPSConnection connect() method is used and the 
behaviour of the default SSL context was changed in python 2.7.9 to use 
verification by default (which is detailed here 
https://docs.python.org/2/library/ssl.html#ssl._https_verify_certificates)

Example:
# Stack traces removed for brevity. Note get_connection() is my own method 
which creates a properly instantiated DockerContainerDriver

In [1]: from cloud.connection import get_connection
In [2]: import libcloud
In [3]: conn = get_connection('docker')
In [4]: conn.list_images()
---------------------------------------------------------------------------
SSLError                                  Traceback (most recent call last)
<ipython-input-4-47e7225ad5b0> in <module>()
----> 1 conn.list_images()

...

SSLError: ('[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed 
(_ssl.c:590)',)

In [5]: libcloud.security.VERIFY_SSL_CERT
Out[5]: True
In [6]: libcloud.security.VERIFY_SSL_CERT = False
In [7]: conn.list_images()
UserWarning: SSL certificate verification is disabled, this can pose a security 
risk. For more information how to enable the SSL certificate verification, 
please visit the libcloud documentation.
  warnings.warn(libcloud.security.VERIFY_SSL_DISABLED_MSG)
---------------------------------------------------------------------------
SSLError                                  Traceback (most recent call last)
<ipython-input-7-47e7225ad5b0> in <module>()
----> 1 conn.list_images()

...

SSLError: ('[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed 
(_ssl.c:590)',)

In [8]: import ssl
In [9]: ssl._create_default_https_context = ssl._create_unverified_context
In [10]: conn.list_images()
Out[10]:
[<ContainerImage: id=sha256:133ecd49ac99f45856...]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to