Project

General

Profile

Actions
Copy link

Bug #5905

closed

[SDKs] Improve certificate validation in Python SDK

Added by Abram Connelly almost 9 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assigned To:
-
Category:
SDKs
Target version:
-
Story points:
-

Description

Development story

Many users are seeing a warning from urllib3 letting them know that certificates can't actually be verified. Improve our SDK so that we can verify certificates from the system repository if able. Refer to the urllib3 documentation.

Original bug report

0M / 39828M 0.0% /home/abram/.local/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning

The arv-put has not failed but the warnings show up periodically.

Actions
Copy link
 #1

Updated by Tom Clegg almost 9 years ago

I removed this recently (#5562) from source:sdk/python/arvados/keep.py in 7ab494e42b35b3769a326a16b7e90f1d20147ced. Could it be related? The motivation and the ticket where it was added (#5246) suggest probably not, but still.

try:
    # Workaround for urllib3 bug.
    # The 'requests' library enables urllib3's SNI support by default, which uses pyopenssl.
    # However, urllib3 prior to version 1.10 has a major bug in this feature
    # (OpenSSL WantWriteError, https://github.com/shazow/urllib3/issues/412)
    # Unfortunately Debian 8 is stabilizing on urllib3 1.9.1 which means the
    # following workaround is necessary to be able to use
    # the arvados python sdk with the distribution-provided packages.
    import urllib3
    from pkg_resources import parse_version
    if parse_version(urllib3.__version__) < parse_version('1.10'):
        from urllib3.contrib import pyopenssl
        pyopenssl.extract_from_urllib3()
except ImportError:
    pass
Actions
Copy link
 #2

Updated by Brett Smith almost 9 years ago

  • Subject changed from arv-put is giving warnings about my SSL configuration to [SDKs] Improve certificate validation in Python SDK
  • Description updated (diff)
  • Category set to SDKs
  • Target version changed from Bug Triage to Arvados Future Sprints
Actions
Copy link
 #3

Updated by Tom Clegg about 7 years ago

  • Status changed from New to Closed
Actions
Copy link
 #4

Updated by Tom Morris about 5 years ago

  • Target version deleted (Arvados Future Sprints)
Actions
Copy link

Also available in: Atom PDF