Hello Jason, On Thursday 23 October 2014 11:56:37 Jason Gillman Jr. wrote: > What openssl package from pypi would you like me to install into the venv?
I installed:
pyOpenSSL==0.14
ndg-httpsclient==0.3.2
pyasn1==0.1.7
My test script is:
$ cat test_ssl_exception.py
import requests
try:
r = requests.get('https://hg.mornie.org')
except requests.exceptions.SSLError as e:
m = e.message
print type(m)
print m
On hg.mornie.org I have a self signed certificate so validation will fail.
Here my complete testing steps:
$ mkvirtualenv test_ssl_exception
Inside test_ssl_exception venv:
$ pip install requests
[CUT installing logs]
$ python test_ssl_exception.py
<class 'requests.packages.urllib3.exceptions.SSLError'>
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
So, it works.
$ pip install pyOpenSSL
[CUT installing logs]
Again,
$ python test_ssl_exception.py
<class 'requests.packages.urllib3.exceptions.SSLError'>
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
So, it still works.
$ pip install ndg-httpsclient
[CUT install logs]
$ python test_ssl_exception.py
/home/eriol/.virtualenvs/test_ssl_exception/local/lib/python2.7/site-
packages/ndg/httpsclient/subj_alt_name.py:22: UserWarning: Error importing
pyasn1, subjectAltName check for SSL peer verification will be disabled.
Import error is: No module named pyasn1.type
warnings.warn(import_error_msg)
/home/eriol/.virtualenvs/test_ssl_exception/local/lib/python2.7/site-
packages/ndg/httpsclient/ssl_peer_verification.py:24: UserWarning:
SubjectAltName support is disabled - check pyasn1 package installation to
enable
warnings.warn(SUBJ_ALT_NAME_SUPPORT_MSG)
/home/eriol/.virtualenvs/test_ssl_exception/local/lib/python2.7/site-
packages/ndg/httpsclient/subj_alt_name.py:22: UserWarning: Error importing
pyasn1, subjectAltName check for SSL peer verification will be disabled.
Import error is: No module named pyasn1.type
warnings.warn(import_error_msg)
<class 'requests.packages.urllib3.exceptions.SSLError'>
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
So we have, obviously, an UserWarning since pyasn1 is missing, but
SSLError's message is still a string.
$ pip install pyasn1
$ python test_ssl_exception.py
<class 'requests.packages.urllib3.exceptions.SSLError'>
Traceback (most recent call last):
File "test_ssl_exception.py", line 9, in <module>
print m
TypeError: __str__ returned non-string (type Error)
After installing pyasn1 we get the error.
If we use pdb we can see what is happening:
$ python test_ssl_exception.py
> /home/eriol/tmp/test_ssl_exception.py(11)<module>()
-> print type(m)
(Pdb) m
SSLError(SSLError('bad handshake', Error([('SSL routines',
'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)),)
(Pdb) m.message
SSLError('bad handshake', Error([('SSL routines',
'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],))
Removing pyasn1 from the venv:
-> print type(m)
(Pdb) m
SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
failed (_ssl.c:581)'),)
(Pdb) m.message
SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:581)')
So pyasn1 is doing something under the hood.
If you try outside a virtualenv but not having python-pyasn1 installed it still
works.
HTH,
--
Daniele Tricoli 'Eriol'
http://mornie.org
signature.asc
Description: This is a digitally signed message part.
