SSL

[Kedrigern]

Je problém s SSL na serveru.

Řešení: http://stackoverflow.com/questions/18999517/python-requests-certificate-verify-failed#comment28068412_18999517

Python 3.4.2 (default, Jul  9 2015, 17:24:30) 
[GCC 5.1.1 20150618 (Red Hat 5.1.1-4)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from redmine import Redmine
>>> red = Redmine('https://redmine.pirati.cz')
>>> red. project.get('Praha')
Traceback (most recent call last):
  File "/usr/lib/python3.4/site-packages/redmine/packages/requests/packages/urllib3/util/ssl_.py", line 272, in ssl_wrap_socket
    context.load_verify_locations(ca_certs, ca_cert_dir)
FileNotFoundError: [Errno 2] No such file or directory

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.4/site-packages/redmine/packages/requests/adapters.py", line 370, in send
    timeout=timeout
  File "/usr/lib/python3.4/site-packages/redmine/packages/requests/packages/urllib3/connectionpool.py", line 559, in urlopen
    body=body, headers=headers)
  File "/usr/lib/python3.4/site-packages/redmine/packages/requests/packages/urllib3/connectionpool.py", line 345, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3.4/site-packages/redmine/packages/requests/packages/urllib3/connectionpool.py", line 782, in _validate_conn
    conn.connect()
  File "/usr/lib/python3.4/site-packages/redmine/packages/requests/packages/urllib3/connection.py", line 250, in connect
    ssl_version=resolved_ssl_version)
  File "/usr/lib/python3.4/site-packages/redmine/packages/requests/packages/urllib3/util/ssl_.py", line 274, in ssl_wrap_socket
    raise SSLError(e)
redmine.packages.requests.packages.urllib3.exceptions.SSLError: [Errno 2] No such file or directory

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.4/site-packages/redmine/managers.py", line 129, in get
    return self.resource_class(self, self.retrieve()[0])
  File "/usr/lib/python3.4/site-packages/redmine/managers.py", line 62, in retrieve
    response = self.redmine.request('get', self.url, params=dict(self.params, limit=limit, offset=offset))
  File "/usr/lib/python3.4/site-packages/redmine/__init__.py", line 119, in request
    response = getattr(requests, method)(url, **kwargs)
  File "/usr/lib/python3.4/site-packages/redmine/packages/requests/api.py", line 69, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/lib/python3.4/site-packages/redmine/packages/requests/api.py", line 50, in request
    response = session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python3.4/site-packages/redmine/packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3.4/site-packages/redmine/packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3.4/site-packages/redmine/packages/requests/adapters.py", line 433, in send
    raise SSLError(e, request=request)
redmine.packages.requests.exceptions.SSLError: [Errno 2] No such file or directory

[lnovy]

 lnovy  ~  mkdir redmine
 lnovy  ~  cd redmine
 lnovy  ~/redmine  virtualenv venv
New python executable in venv/bin/python2
Also creating executable in venv/bin/python
Installing setuptools, pip...done.
 lnovy  ~/redmine  source venv/bin/activate
 lnovy  ⓔ venv  ~/redmine  pip install pyredmine
You are using pip version 6.0.8, however version 7.1.2 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
Collecting pyredmine
  Downloading pyredmine-0.2.4.tar.gz
Installing collected packages: pyredmine
  Running setup.py install for pyredmine
Successfully installed pyredmine-0.2.4
 lnovy  ⓔ venv  ~/redmine  python
Python 2.7.10 (default, Jul  5 2015, 14:15:43) 
[GCC 5.1.1 20150618 (Red Hat 5.1.1-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from redmine import Redmine
>>> red = Redmine('https://redmine.pirati.cz')
>>> red.get('projects/Praha')
'<!DOCTYPE html>\n<html lang="cs">\n<head>\n<meta charset="utf-8" />\n<title>P\xc5\x99ehled - Zastupitelstvo hl. m. Prahy - Pir\xc3\xa1tsk\xc3\xbd redmine</title>\n<meta name="description" content="Redmine" />\n<meta name="keywords" content="issue,bug,tracker" />\n<meta name="csrf-param" content="authenticity_token" />\n<meta name="csrf-token" content="kE92HA9F8rVTq9A6cuZRJSzy8LTc+G5VzG45SPkMuU7j3DTjdUxhnGwjNjQca7LO1B5SLd7tndvTh1jsmTWHVw==" />\n<link rel=\'shortcut icon\' href=\'/favicon.ico\' />\n<link rel="stylesheet" media="all" href="/stylesheets/jquery/jquery-ui-1.11.0.css" />\n<link rel="stylesheet" media="all" href="/stylesheets/application.css" />\n\n<script src="/javascripts/jquery-1.11.1-ui-1.11.0-ujs-3.1.3.js"></script>\n<script src="/javascripts/application.js"></script>\n<script>\n//<![CDATA[\n$(window).load(function(){ warnLeavingUnsaved(\'Aktu\xc3\xa1ln\xc3\xad str\xc3\xa1nka obsahuje neulo\xc5\xbeen\xc3\xbd text, kter\xc3\xbd bude ztracen, kdy\xc5\xbe opust\xc3\xadte str\xc3\xa1nku.\'); });\n//]]>\n</script>\n\n\n<!-- page specific tags -->\n<link rel="alternate" type="application/atom+xml" title="ATOM" href="https://redmine.pirati.cz/projects/praha/activity.atom" />\n</head>\n<body class="project-praha controller-projects action-show">\n<div id="wrapper">\n<div id="wrapper2">\n<div id="wrapper3">\n<div id="top-menu">\n    <div id="account">\n        <ul><li><a class="login" href="/login">P\xc5\x99ihl\xc3\xa1\xc5\xa1en\xc3\xad</a></li>\n<li><a class="register" href="/account/register">Registrovat</a></li></ul>    </div>\n    \n    <ul><li><a class="home" href="/">\xc3\x9avodn\xc3\xad</a></li>\n<li><a class="projects" href="/projects">Projekty</a></li>\n<li><a class="help" href="http://www.redmine.org/guide">N\xc3\xa1pov\xc4\x9bda</a></li></ul></div>\n\n<div id="header">\n    <div id="quick-search">\n        <form action="/projects/praha/search" accept-charset="UTF-8" method="get"><input name="utf8" type="hidden" value="&#x2713;" />\n        \n        <label for=\'q\'>\n          <a accesskey="4" href="/projects/praha/search">Hledat</a>:\n        </label>\n        <input type="text" name="q" id="q" size="20" class="small" accesskey="f" />\n</form>        \n    </div>\n\n    <h1><a class="root" href="/projects/zastupitele?jump=overview">Krajsk\xc3\xa1 sdru\xc5\xbeen\xc3\xad</a> \xc2\xbb <a class="ancestor" href="/projects/kspraha?jump=overview">Praha</a> \xc2\xbb Zastupitelstvo hl. m. Prahy</h1>\n\n    <div id="main-menu">\n        <ul><li><a class="overview selected" href="/projects/praha">P\xc5\x99ehled</a></li>\n<li><a class="activity" href="/projects/praha/activity">Aktivita</a></li>\n<li><a class="roadmap" href="/projects/praha/roadmap">Pl\xc3\xa1n</a></li>\n<li><a class="issues" href="/projects/praha/issues">\xc3\x9akoly</a></li>\n<li><a class="calendar" href="/projects/praha/issues/calendar">Kalend\xc3\xa1\xc5\x99</a></li>\n<li><a class="news" href="/projects/praha/news">Novinky</a></li>\n<li><a class="wiki" href="/projects/praha/wiki">Wiki</a></li></ul>\n    </div>\n</div>\n\n<div id="main" class="">\n    <div id="sidebar">\n            <h3>Str\xc3\xa1ven\xc3\xbd \xc4\x8das</h3>\n    <p><span class="icon icon-time">7623.56 hodin</span></p>\n  <p>\n  <a href="/projects/praha/time_entries">Detaily</a> |\n  <a href="/projects/praha/time_entries/report">P\xc5\x99ehled</a>\n  </p>\n\n\n\n        \n    </div>\n\n    <div id="content">\n        \n        <div class="contextual">\n</div>\n\n<h2>P\xc5\x99ehled</h2>\n\n\n<div class="splitcontentleft">\n  <div class="wiki">\n    <p>Zastupitelstvo hl. m. Prahy</p>\n\n  </div>\n  <ul>\n    <li><span class="label">Domovsk\xc3\xa1 str\xc3\xa1nka:</span> <a href="http://praha.pirati.cz">http://praha.pirati.cz</a></li>\n  </ul>\n\n  <div class="issues box">\n    <h3>Sledov\xc3\xa1n\xc3\xad \xc3\xbakol\xc5\xaf</h3>\n    <ul>\n      <li><a href="/projects/praha/issues?set_filter=1&amp;tracker_id=2">Po\xc5\xbeadavek</a>:\n          141 otev\xc5\x99en\xc3\xbdch / 878\n      </li>\n      <li><a href="/projects/praha/issues?set_filter=1&amp;tracker_id=9">Na\xc5\xa1e \xc5\xbe\xc3\xa1dost</a>:\n          41 otev\xc5\x99en\xc3\xbdch / 148\n      </li>\n      <li><a href="/projects/praha/issues?set_filter=1&amp;tracker_id=10">Programov\xc3\xbd c\xc3\xadl</a>:\n          30 otev\xc5\x99en\xc3\xbdch / 33\n      </li>\n      <li><a href="/projects/praha/issues?set_filter=1&amp;tracker_id=12">Podn\xc4\x9bt</a>:\n          9 otev\xc5\x99en\xc3\xbdch / 21\n      </li>\n      <li><a href="/projects/praha/issues?set_filter=1&amp;tracker_id=13">Sch\xc5\xafzka</a>:\n          1 otev\xc5\x99en\xc3\xbd / 393\n      </li>\n      <li><a href="/projects/praha/issues?set_filter=1&amp;tracker_id=14">N\xc3\xa1vrh</a>:\n          0 otev\xc5\x99en\xc3\xbdch / 1\n      </li>\n      <li><a href="/projects/praha/issues?set_filter=1&amp;tracker_id=15">Dlouhodob\xc3\xbd \xc3\xbakol</a>:\n          81 otev\xc5\x99en\xc3\xbdch / 88\n      </li>\n    </ul>\n    <p>\n      <a href="/projects/praha/issues?set_filter=1">V\xc5\xa1echny \xc3\xbakoly</a>\n        | <a href="/projects/praha/issues/calendar">Kalend\xc3\xa1\xc5\x99</a>\n    </p>\n  </div>\n  \n</div>\n\n<div class="splitcontentright">\n    <div class="members box">\n    <h3>\xc4\x8clenov\xc3\xa9</h3>\n      <p><span class="label">Administr\xc3\xa1tor:</span> <a class="user active" href="/users/16">Adam Z\xc3\xa1bransk\xc3\xbd</a>, <a class="user active" href="/users/46">Jan Lou\xc5\xbeek</a>, <a class="user active" href="/users/17">Mikul\xc3\xa1\xc5\xa1 Ferjen\xc4\x8d\xc3\xadk</a></p>\n      <p><span class="label">Projektov\xc3\xbd vedouc\xc3\xad:</span> <a class="user active" href="/users/16">Adam Z\xc3\xa1bransk\xc3\xbd</a>, <a class="user active" href="/users/4">Jakub Mich\xc3\xa1lek</a>, <a class="user active" href="/users/46">Jan Lou\xc5\xbeek</a>, <a class="user active" href="/users/17">Mikul\xc3\xa1\xc5\xa1 Ferjen\xc4\x8d\xc3\xadk</a>, <a class="user active" href="/users/13">Ond\xc5\x99ej Kallasch</a>, <a class="user active" href="/users/10">Ond\xc5\x99ej Marek</a>, <a class="user active" href="/users/3">Ond\xc5\x99ej Profant</a>, <a class="user active" href="/users/18">Roman Ku\xc4\x8dera</a>, <a class="user active" href="/users/5">Viktor Mahrik</a></p>\n      <p><span class="label">U\xc5\xbeivatel:</span> <a class="user active" href="/users/66">Adam Sko\xc5\x99epa</a>, <a class="user active" href="/users/15">Alexandr Mansurov</a>, <a class="user active" href="/users/86">Alexandra Herzog</a>, <a class="user active" href="/users/20">Barbora  Hr\xc5\xafzov\xc3\xa1</a>, <a class="user active" href="/users/78">Daniel \xc5\x98ezn\xc3\xad\xc4\x8dek</a>, <a class="user active" href="/users/24">Ivan Hruza</a>, <a class="user active" href="/users/19">Iveta Posp\xc3\xad\xc5\xa1ilov\xc3\xa1</a>, <a class="user active" href="/users/46">Jan Lou\xc5\xbeek</a>, <a class="user active" href="/users/26">Jana Svobodov\xc3\xa1</a>, <a class="user active" href="/users/27">Janek Wagner</a>, <a class="user active" href="/users/25">Janek Wagner</a>, <a class="user active" href="/users/84">Katka Svobodov\xc3\xa1</a>, <a class="user active" href="/users/120">Ladislav Ne\xc5\xa1n\xc4\x9bra</a>, <a class="user active" href="/users/74">Luk\xc3\xa1\xc5\xa1 Nov\xc3\xbd</a>, <a class="user active" href="/users/93">Martin Arden</a>, <a class="user active" href="/users/7">Michaela Krausova</a>, <a class="user active" href="/users/99">Olga Richterov\xc3\xa1</a>, <a class="user active" href="/users/29">Ondra Vodi\xc4\x8dka</a>, <a class="user active" href="/users/21">Pavel Nazarsk\xc3\xbd</a>, <a class="user active" href="/users/36">Petr Jedelsk\xc3\xbd</a>, <a class="user active" href="/users/8">Petra Kopeck\xc3\xa1</a>, <a class="user active" href="/users/111">Veronika Rajnohov\xc3\xa1</a>, <a class="user active" href="/users/33">Vladislav Tobias Esner</a>, <a class="user active" href="/users/22">V\xc3\xa1clav M\xc3\xa1lek</a></p>\n  </div>\n\n\n  <div class="news box">\n    <h3>Posledn\xc3\xad novinky</h3>\n    <p>\n<a href="/news/3">Nov\xc3\xa1 metodika veden\xc3\xad seznamu sch\xc5\xafzek</a>\n\n<br />\n<span class="summary">Pros\xc3\xadm pro\xc4\x8dt\xc4\x9bte si novou informaci k jednotn\xc3\xa9mu veden\xc3\xad seznamu sch\xc5\xafzek</span><br />\n<span class="author">P\xc5\x99id\xc3\xa1no u\xc5\xbeivatelem <a class="user active" href="/users/4">Jakub Mich\xc3\xa1lek</a> p\xc5\x99ed <a title="2014-11-10 17:00" href="/projects/praha/activity?from=2014-11-10">12 m\xc4\x9bs\xc3\xadc\xc5\xaf</a></span></p>\n\n    <p><a href="/projects/praha/news">Zobrazit v\xc5\xa1echny novinky</a></p>\n  </div>\n  \n</div>\n\n\n\n\n        \n        <div style="clear:both;"></div>\n    </div>\n</div>\n</div>\n\n<div id="ajax-indicator" style="display:none;"><span>Nahr\xc3\xa1v\xc3\xa1m...</span></div>\n<div id="ajax-modal" style="display:none;"></div>\n\n<div id="footer">\n  <div class="bgl"><div class="bgr">\n    Powered by <a href="http://www.redmine.org/">Redmine</a> &copy; 2006-2015 Jean-Philippe Lang\n  </div></div>\n</div>\n</div>\n</div>\n\n</body>\n</html>\n'

[Kedrigern]

Jenže my používáme Python 3.

Za rozumné řešení považuji začít používat rozumný certifikát. Za rychlé řešení považuji propašovat do requests direktivu danger_mode. Jak jsem koukal na danou knihovnu (pyredmine), tak by to snad mělo jít nějak předat.

Jde nám o to, aby request vypadaly takto:
requests.get(url, timeout=5, config={'danger_mode': True}, verify=False)

[lnovy]

Co se ti nelibi na tom certifikatu?

[lnovy]

Pokud ta knihovna nedokaze vzit intermediate certifikat primo z pripojeni, tak si ten intermediate dej do ca store na serveru. Certifikat je validni, knihovna je spatna.

[Kedrigern]

Hotfix aplikovan v 447285c. Hází to teď ošklivé warnings, ale to nebudu řešit. Pokud se najde někdo, kdo to opraví, tak to bude skvělé.

Warnings:

/usr/lib/python3.4/site-packages/redmine/packages/requests/packages/urllib3/connectionpool.py:789: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)