From: "Aníbal Limón" <anibal.limon@linux.intel.com>
To: Gary Thomas <gary@mlbassoc.com>, Yocto Project <yocto@yoctoproject.org>
Subject: Re: Missing certificates
Date: Fri, 24 Jul 2015 15:02:27 -0500 [thread overview]
Message-ID: <55B299D3.8040302@linux.intel.com> (raw)
In-Reply-To: <55B296CA.6000404@mlbassoc.com>
On 24/07/15 14:49, Gary Thomas wrote:
> On 2015-07-24 13:30, Aníbal Limón wrote:
>> Hi Gary,
>>
>> What version of python do you use?.
>>
>> Since 2.7.9 cert checking is enabled by default causing this kind of
>> errors. [1]
>>
>> [1] https://www.python.org/dev/peps/pep-0476/
>>
>> Kind regards,
>> alimon
>
> I'm using the stock python 2.7.9 from Poky/Yocto
> master:901be2cb69892595443ed41ab4be285932db15eb
>
> Is there an answer for this that's a bit less intrusive?
> Perhaps there could be a DISTRO or even IMAGE feature to
> enable/disable this checking?
I don't think that Python guys include a configuration flags to disable
this behavior because it's
the default now due to security issues.
>
> The pep you referenced mostly talks about why this was changed
> and how to disable it - manually within the python code itself.
> What I don't see is where/how/what to change/import to actually
> let the full certificate checking happen.
You can use this code for disable per urlopen call or globally [1].
Regards,
alimon
[1] https://www.python.org/dev/peps/pep-0476/#opting-out
>
>>
>> On 24/07/15 13:02, Gary Thomas wrote:
>>> I was trying to run a simple fetch from python using
>>> url =
>>> 'https://raw.github.com/Itseez/opencv/master/samples/c/fruits.jpg'
>>> filedata = urllib2.urlopen(url).read()
>>>
>>> This failed:
>>> Traceback (most recent call last):
>>> File "./edge.py", line 36, in <module>
>>> filedata = urllib2.urlopen(url).read()
>>> File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen
>>> return opener.open(url, data, timeout)
>>> File "/usr/lib/python2.7/urllib2.py", line 431, in open
>>> response = self._open(req, data)
>>> File "/usr/lib/python2.7/urllib2.py", line 449, in _open
>>> '_open', req)
>>> File "/usr/lib/python2.7/urllib2.py", line 409, in _call_chain
>>> result = func(*args)
>>> File "/usr/lib/python2.7/urllib2.py", line 1240, in https_open
>>> context=self._context)
>>> File "/usr/lib/python2.7/urllib2.py", line 1197, in do_open
>>> raise URLError(err)
>>> urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED]
>>> certificate verify failed (_ssl.c:581)>
>>>
>>> I can see that it was looking for some certificates in
>>> /usr/lib/ssl/certs
>>> but that directory is missing.
>>>
>>> Anyone know what I might be missing (or have misconfigured)?
>>>
>>> Thanks
>>>
>
next prev parent reply other threads:[~2015-07-24 20:02 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-24 18:02 Missing certificates Gary Thomas
2015-07-24 19:30 ` Aníbal Limón
2015-07-24 19:49 ` Gary Thomas
2015-07-24 20:02 ` Aníbal Limón [this message]
2015-07-24 20:09 ` Christopher Larson
2015-07-24 20:17 ` Gary Thomas
2015-07-24 19:37 ` Christopher Larson
2015-07-27 14:05 ` Gary Thomas
-- strict thread matches above, loose matches on Subject: below --
2015-09-03 15:27 missing certificates Edward Vidal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55B299D3.8040302@linux.intel.com \
--to=anibal.limon@linux.intel.com \
--cc=gary@mlbassoc.com \
--cc=yocto@yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.