[opensuse-factory] SSL trouble on Tumbleweed
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I suspect I am forgetting something, could use some help. On tumbleweed (python)
import requests requests.get('https://www.googleapis.com/oauth2/v1/certs') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python2.7/site-packages/requests/api.py", line 59, in get return request('get', url, **kwargs) File "/usr/lib/python2.7/site-packages/requests/api.py", line 48, in request return session.request(method=method, url=url, **kwargs) File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 451, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 557, in send r = adapter.send(request, **kwargs) File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 417, in send raise SSLError(e, request=request) requests.exceptions.SSLError: [Errno 21] Is a directory
Same operation succeeds on openSUSE 13.1
requests.get('https://www.googleapis.com/oauth2/v1/certs')
I have the following packages on my tumbleweed system that provide certificates: - -> rpm -qa | grep cert ca-certificates-1_201403302107-10.1.noarch ca-certificates-mozilla-2.2-1.1.noarch mozilla-nss-certs-3.17.3-1.1.x86_64 This matches the packages I have on my 13.1 system. Thus, I suspect something w.r.t. cert handling in tumbleweed is different and the Python or underlying SSL implementation cannot find the certificates. Help is much appreciated. The Tw install is fairly recent and is almost up to date, last zypper up on Saturday. Help is much appreciated. Thanks, Robert - -- Robert Schweikert MAY THE SOURCE BE WITH YOU Public Cloud Architect LINUX rjschwei@suse.com IRC: robjo -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJUx+JbAAoJEE4FgL32d2UkvXEH/3TBVsH6eky1FV6ycMVGJL0b 9pADC0b9AglZQgRceOY/+rJ9/IKNokQfSM0z8DPGG1xYLSRE5SY8Vm1g22cNEGtf pnbUeslY+jOJ9Eie3EIRiPPMpzWqDD9CO3sdEK1r25ebbEZcpA23zqn5gBMHO6ih StzEpebu0EmikxxQ1tVcxr3xYQJdo9iiytFqKM8HW4R3TLtE8OXw1Ncyk2pwwVLn VtfaIKjdWelJnYdLZCxtyKjI/SOjkAp54UMyaCdc56kP+7scMcSAPpQggRXI9jPL tzAoCnxKflFDKdlwWDmhtnjTn9Rp2uv+dQ21TIohGyLc1MLsGm8FieWsIByKupY= =23Iw -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 27.01.2015 um 20:09 schrieb Robert Schweikert:
Hi,
I suspect I am forgetting something, could use some help.
On tumbleweed (python)
import requests requests.get('https://www.googleapis.com/oauth2/v1/certs') ... File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 417, in send raise SSLError(e, request=request) requests.exceptions.SSLError: [Errno 21] Is a directory
strace shows open("/etc/ssl/certs/", O_RDONLY|O_CLOEXEC) = 4 fstat(4, {st_mode=S_IFDIR|0555, st_size=20480, ...}) = 0 read(4, 0x7fa7fe54f000, 4096) = -1 EISDIR (Is a directory)
Same operation succeeds on openSUSE 13.1 also succeeds on 13.2
openssl s_client -connect www.googleapis.com:443 is fine everywhere, so I would think, there is a problem with the cert handling in factory's python or requests which tries to read /etc/ssl/certs/ as if it was a file. if you do sed -i 's!etc/ssl/certs/!etc/ssl/ca-bundle.pem!' /usr/lib/python2.7/site-packages/requests/certs.py then the script works as expected. However, this line worked in 13.2, so probably the processing of it changed. Ciao Bernhard M. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlTIB2YACgkQSTYLOx37oWQWcQCgwlK/OgS/DwzTI3P+hT+RSqLm G/gAn2GuwnQx0+f4RxUv1FD+/JKjiYm2 =ZKV5 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Tue, Jan 27, 2015 at 10:47:18PM +0100, Bernhard M. Wiedemann wrote:
Am 27.01.2015 um 20:09 schrieb Robert Schweikert:
Hi,
I suspect I am forgetting something, could use some help.
On tumbleweed (python)
import requests requests.get('https://www.googleapis.com/oauth2/v1/certs') ... File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 417, in send raise SSLError(e, request=request) requests.exceptions.SSLError: [Errno 21] Is a directory
strace shows open("/etc/ssl/certs/", O_RDONLY|O_CLOEXEC) = 4 fstat(4, {st_mode=S_IFDIR|0555, st_size=20480, ...}) = 0 read(4, 0x7fa7fe54f000, 4096) = -1 EISDIR (Is a directory)
Same operation succeeds on openSUSE 13.1 also succeeds on 13.2
openssl s_client -connect www.googleapis.com:443 is fine everywhere, so I would think, there is a problem with the cert handling in factory's python or requests which tries to read /etc/ssl/certs/ as if it was a file.
if you do sed -i 's!etc/ssl/certs/!etc/ssl/ca-bundle.pem!' /usr/lib/python2.7/site-packages/requests/certs.py
then the script works as expected. However, this line worked in 13.2, so probably the processing of it changed.
There is a bug open for this (for python3?): https://bugzilla.suse.com/show_bug.cgi?id=912903 Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/28/2015 04:36 AM, Marcus Meissner wrote:
On Tue, Jan 27, 2015 at 10:47:18PM +0100, Bernhard M. Wiedemann wrote:
Am 27.01.2015 um 20:09 schrieb Robert Schweikert:
Hi,
I suspect I am forgetting something, could use some help.
On tumbleweed (python)
import requests requests.get('https://www.googleapis.com/oauth2/v1/certs')
... File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 417, in send raise SSLError(e, request=request) requests.exceptions.SSLError: [Errno 21] Is a directory
strace shows open("/etc/ssl/certs/", O_RDONLY|O_CLOEXEC) = 4 fstat(4, {st_mode=S_IFDIR|0555, st_size=20480, ...}) = 0 read(4, 0x7fa7fe54f000, 4096) = -1 EISDIR (Is a directory)
Same operation succeeds on openSUSE 13.1 also succeeds on 13.2
openssl s_client -connect www.googleapis.com:443 is fine everywhere, so I would think, there is a problem with the cert handling in factory's python or requests which tries to read /etc/ssl/certs/ as if it was a file.
if you do sed -i 's!etc/ssl/certs/!etc/ssl/ca-bundle.pem!' /usr/lib/python2.7/site-packages/requests/certs.py
then the script works as expected. However, this line worked in 13.2, so probably the processing of it changed.
There is a bug open for this (for python3?):
Same symptom, but python2 Thanks I'll file a bug. Robert - -- Robert Schweikert MAY THE SOURCE BE WITH YOU Public Cloud Architect LINUX rjschwei@suse.com IRC: robjo -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJUyL6pAAoJEE4FgL32d2UkDZgIAKzdHboEzQUd/Co640YTrXgr hIbS1hluq9YcEbLk1Woe//2UYQOlzv0LJ6+k94N42NNlr5+1kByjgvSgBZmWKWzt tn3VRsLXVEoW2I7vFNcHn1i0mg9Gwl3aFd/Pq6+IN5H+IbT4m5vYm+42xBQzbCiq AGoJcQPh0HP/Gc2M/8rvB5o0DL51dSJ0co8l4rhkqzElzCKxE7ejJ0J39MUJz49J cAUpC6rFLEvm32Rf3r5t2yu3yrVYt/QrYtob5TqsOvaBbPLjlcd9OB7mGHnm0kqa uF+tM3lvoBQ5McvhLW9dXGf8mRVAMiB4q1O4TyeEq1XYMiQa4eqIPkOHR5FunCI= =9Sns -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (3)
-
Bernhard M. Wiedemann
-
Marcus Meissner
-
Robert Schweikert