Skip to content
This repository has been archived by the owner on Oct 18, 2024. It is now read-only.

SSL warnings #735

Closed
chris3ware opened this issue Jun 3, 2020 · 2 comments
Closed

SSL warnings #735

chris3ware opened this issue Jun 3, 2020 · 2 comments

Comments

@chris3ware
Copy link

Hi, my sonar and radar refiner API-s are accessible via HTTPS. I run a CA internally and I have imported my root CA is installed on my Centos 7 server.

However, I see the following traceback in the subzero logs:

2020-06-03 09:48:45,743 (7f5fd8ca8700) : DEBUG (sandbox:19) - Radarr: NOT WORKING - Traceback (most recent call last):
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Code/interface/menu.py", line 240, in check_connections
status = cls(**config.refiner_settings[key]).status(timeout=5)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/subliminal_patch/refiners/drone.py", line 83, in status
return self.get("system/status", requests_kwargs=kwargs)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/subliminal_patch/refiners/drone.py", line 71, in get
r = self.session.get(url, params=params, **(requests_kwargs or {}))
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/requests/sessions.py", line 546, in get
return self.request('GET', url, **kwargs)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/subliminal_patch/http.py", line 57, in request
return super(TimeoutSession, self).request(method, url, *args, **kwargs)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
SSLError: HTTPSConnectionPool(host='radarr.example.com, port=xxxx): Max retries exceeded with url: /api/system/status (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)'),))

I updated the advanced_settings.json to "true" and the connection succeeds, however another message is logged warning of Insecure requests:

/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)

I've read the urllib3 docs, I'm just not sure where I would either:

disable warnings or
specify to use OS certs

Cheers
Chris

@pannal
Copy link
Owner

pannal commented Jun 6, 2020

I'll look into it, thanks for reporting.

@chris3ware
Copy link
Author

Hi, thanks for this fix, however I'm still having trouble with this. My advanced settings look like this:

"refiners": {
    "sonarr": {
        // don't verify HTTPS certificates? Set to True for self-signed certificates
        "ssl_no_verify": false,
    // custom path to certificate pem file
        "pem_file": "/etc/pki/ca-trust/source/anchors/cacert.pem",
    },
    "radarr": {
        "ssl_no_verify": false,
    // custom path to certificate pem file
    "pem_file": "/etc/pki/ca-trust/source/anchors/cacert.pem",

I'm getting the following traceback when subzero starts:

2020-08-07 11:29:32,782 (7f0932b72700) : DEBUG (sandbox:19) - Sonarr: NOT WORKING - Traceback (most recent call last):
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Code/interface/menu.py", line 240, in check_connections
status = cls(**config.refiner_settings[key]).status(timeout=5)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/subliminal_patch/refiners/drone.py", line 83, in status
return self.get("system/status", requests_kwargs=kwargs)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/subliminal_patch/refiners/drone.py", line 71, in get
r = self.session.get(url, params=params, **(requests_kwargs or {}))
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/requests/sessions.py", line 546, in get
return self.request('GET', url, **kwargs)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/subliminal_patch/http.py", line 53, in request
return super(TimeoutSession, self).request(method, url, *args, **kwargs)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/requests/adapters.py", line 416, in send
self.cert_verify(conn, request.url, verify, cert)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/requests/adapters.py", line 228, in cert_verify
"invalid path: {}".format(cert_loc))
IOError: Could not find a suitable TLS CA certificate bundle, invalid path: /etc/pki/ca-trust/source/anchors/cacert.pem

2020-08-07 11:29:32,782 (7f096e1f5700) : DEBUG (menu:368) - PLEXLOCALAPPDATA: /config/Library/Application Support
2020-08-07 11:29:32,782 (7f0932b72700) : DEBUG (sandbox:19) - Radarr: NOT WORKING - Traceback (most recent call last):
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Code/interface/menu.py", line 240, in check_connections
status = cls(**config.refiner_settings[key]).status(timeout=5)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/subliminal_patch/refiners/drone.py", line 83, in status
return self.get("system/status", requests_kwargs=kwargs)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/subliminal_patch/refiners/drone.py", line 71, in get
r = self.session.get(url, params=params, **(requests_kwargs or {}))
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/requests/sessions.py", line 546, in get
return self.request('GET', url, **kwargs)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/subliminal_patch/http.py", line 53, in request
return super(TimeoutSession, self).request(method, url, *args, **kwargs)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/requests/adapters.py", line 416, in send
self.cert_verify(conn, request.url, verify, cert)
File "/config/Library/Application Support/Plex Media Server/Plug-ins/Sub-Zero.bundle/Contents/Libraries/Shared/requests/adapters.py", line 228, in cert_verify
"invalid path: {}".format(cert_loc))
IOError: Could not find a suitable TLS CA certificate bundle, invalid path: /etc/pki/ca-trust/source/anchors/cacert.pem

I've checked that the file can be read - by everyone, and is a valid pem file using openssl.

Cheers
Chris

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants