Passing certificates from trusted CAs

[hunsalz]

If your Jira runs in an environment with your own trusted CA you will have to instantiate jira with passing 'verify' the path of a CA_BUNDLE file or directory with certificates of trusted CAs. See http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification

options = {
   "server" : 'https://your-jira.your-domain.org',
   "verify" : 'your-ca.crt'
}
jira = JIRA(options, basic_auth=('user', 'password')

Otherwise you will receive:

requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)

Unfortunately it doesn't work with the config.py module as well. The reason is the boolean assumption in line 85

verify = config.getboolean(profile, 'verify')

Simple working solution is:

verify = config.get(profile, 'verify')
if verify.lower() == 'true':
   verify = True
elif verify.lower() == 'false':
   verify = False

Maybe the boolean decision is imaginable in a more pythonic way ...?

[ssbarnea]

Dealing with certificates is outside the scope of this library. We are using requests library so you can use it to change SSL certificate bundle via REQUESTS_CA_BUNDLE.

You are more than welcome to chaise all SSL related bugs directly on requests library issue tracker.

We may have some historical relics related to altering SSL behaviour directly in jira library but these are unsupported and I will remove them soon.

[hunsalz]

@ssbarnea : I suppose you misunderstood me. I don't suggest to add any new SSL functionality. It's about the misinterpretation of the 'verify' config param in config.py module. The verify parameter isn't strictly a boolean value. In fact it's allowed to pass a path to a directory with certificates or a path to a single certificate and this will be processed by OpenSSL.