Actions
Bug #5905
closed[SDKs] Improve certificate validation in Python SDK
Status:
Closed
Priority:
Normal
Assigned To:
-
Category:
SDKs
Target version:
-
Story points:
-
Description
Development story¶
Many users are seeing a warning from urllib3 letting them know that certificates can't actually be verified. Improve our SDK so that we can verify certificates from the system repository if able. Refer to the urllib3 documentation.
Original bug report¶
0M / 39828M 0.0% /home/abram/.local/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning. InsecurePlatformWarning
The arv-put has not failed but the warnings show up periodically.
Updated by Tom Clegg almost 9 years ago
I removed this recently (#5562) from source:sdk/python/arvados/keep.py in 7ab494e42b35b3769a326a16b7e90f1d20147ced. Could it be related? The motivation and the ticket where it was added (#5246) suggest probably not, but still.
try:
# Workaround for urllib3 bug.
# The 'requests' library enables urllib3's SNI support by default, which uses pyopenssl.
# However, urllib3 prior to version 1.10 has a major bug in this feature
# (OpenSSL WantWriteError, https://github.com/shazow/urllib3/issues/412)
# Unfortunately Debian 8 is stabilizing on urllib3 1.9.1 which means the
# following workaround is necessary to be able to use
# the arvados python sdk with the distribution-provided packages.
import urllib3
from pkg_resources import parse_version
if parse_version(urllib3.__version__) < parse_version('1.10'):
from urllib3.contrib import pyopenssl
pyopenssl.extract_from_urllib3()
except ImportError:
pass
Updated by Brett Smith almost 9 years ago
- Subject changed from arv-put is giving warnings about my SSL configuration to [SDKs] Improve certificate validation in Python SDK
- Description updated (diff)
- Category set to SDKs
- Target version changed from Bug Triage to Arvados Future Sprints
Updated by Tom Morris about 5 years ago
- Target version deleted (
Arvados Future Sprints)
Actions