On Monday, February 22, 2016 at 10:24:56 AM UTC-5, pisymbol wrote:
> I don't agree there is no use for this feature. Minimally, it's good for
>> testing.
>>
>
> Also, what about for internal clouds that only allow https traffic
> through? Does a S3QL client really need to configure certs? Seems a bit
> draconian to me.
>
Sorry for all the chatter. I'm new, can't you tell?
So I added a backend-option just to see this would work and then noticed
that python-dugong doesn't honor it. It seems it always calls
ssl.match_hostname() regardless of the ssl_context passed in (I set
check_hostname = False and verify_mode = CERT_NOINE).
See trace (this is during a mount.s3ql command with my option):
Uncaught top-level exception:
Traceback (most recent call last):
File "/opt/local/lib/python3.4/site-packages/dugong/__init__.py", line
447, in connect
ssl.match_hostname(self._sock.getpeercert(), self.hostname)
File "/opt/local/lib/python3.4/ssl.py", line 261, in match_hostname
raise ValueError("empty or no certificate, match_hostname needs a "
ValueError: empty or no certificate, match_hostname needs a SSL socket or
SSL context with either CERT_OPTIONAL or CERT_REQUIRED
Is this technically a bug Nikolaus? I realize you're not that excited about
it though! :-)
-aps
--
You received this message because you are subscribed to the Google Groups
"s3ql" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
