Dear Rohit, I confirm the new config key 'verifysslcert' is working.
Thanks very much, Philip On Tue, Nov 4, 2014 at 11:18 AM, Rohit Yadav <[email protected]> wrote: > Hi Phillip, > >> On 04-Nov-2014, at 4:16 pm, Phillip Kent <[email protected]> wrote: >> >> Hi Rohit, >> >> one issue I found is that you are in 5.3.0 using the 'requests.get' >> method for the API requests, and this implements certificate >> verification by default. > > In 5.2.0 and before, requests.get is also used in API calls where users are > using username/password instead of apikey/secretkey. > >> This fails (we think) on my company CloudStack setup because the API >> server is put behind both a proxy and a load balancer and there is not >> a continuous https path to the server. (Well, we ought to have that, >> but right now it hasn't been implemented.) >> >> So I got fatal errors of the form: >> >> requests.exceptions.SSLError: [Errno 1] _ssl.c:510: error:14090086:SSL >> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >> >> If I modify requester.py to: >> >> requests.get(...., verify=False) >> >> this fixes the error. > > I’m not sure if we should put verify=False by default. I think it’s a good > idea to give an option in config per server profile whether users want to > verify SSL cert or not. > > I’ve fixed in latest 5.3 branch, can you test it? The config key is called > verifysslcert, default set to true, you’ll have to set it to false in your > case. > > Regards, > Rohit Yadav > Software Architect, ShapeBlue > M. +91 88 262 30892 | [email protected] > Blog: bhaisaab.org | Twitter: @_bhaisaab >
