Project

General

Profile

Bug #6766

FYI ONLY: GMN local install with self-signed CA certificate breaks with new SSL support in Python 2.7.9

Added by Mark Servilla about 9 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
2015-01-20
Due date:
% Done:

0%

Story Points:
Sprint:

Description

As of Python 2.7.9, which was released late 2014, full SSL support is now enabled (https://www.python.org/dev/peps/pep-0476/). This change in the Python SSL module will cause an SSL exception to occur when connecting to any server using a self-signed certificate and or a certificate that is signed by a non-recognized CA -- this change directly affects a "local" installation of GMN if using the local CA (http://pythonhosted.org/dataone.generic_member_node/setup-local-authn-ca.html). This problem manifests in any Python 2.7.9 client using the SSL module that attempts an SSL connection to a "local" install of GMN. There is, however, a "highly discouraged" global setting that reverts the SSL module to its previous behavior:

import ssl

ssl._create_default_https_context = ssl._create_unverified_context

Note: testing with a server that uses a certificate signed with a recognizable CA averts any exception.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)