incubator-libcloud mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grig Gheorghiu <grig.gheorg...@gmail.com>
Subject Re: [libcloud] SSL Certificate Name Verification
Date Wed, 19 Jan 2011 16:37:28 GMT
On Wed, Jan 19, 2011 at 8:26 AM, Grig Gheorghiu
<grig.gheorghiu@gmail.com> wrote:
> On Mon, Jan 3, 2011 at 8:59 PM, Jerry Chen <jerry@apache.org> wrote:
>>
>> On Jan 3, 2011, at 10:38 AM, Jerry Chen wrote:
>>
>>> Otherwise, having the ssl package as a dependency for 2.5 sounds good to me.
>>
>> I have introduced both simplejson and ssl as dependencies for <2.6 in setup.py.
>>
>
> I just installed libcloud 0.4.2 under Python 2.5.1 and I didn't get
> any 'missing dependencies' error during the install. However, when I
> tried to get a connection to the EC2 driver, I got:
>
>
>    EC2Driver = get_driver(Provider.EC2)
>  File "/usr/lib/python2.5/site-packages/libcloud/providers.py", line
> 79, in get_driver
>    _mod = __import__(mod_name, globals(), locals(), [driver_name])
>  File "/usr/lib/python2.5/site-packages/libcloud/drivers/ec2.py",
> line 21, in <module>
>    from libcloud.base import Node, Response, ConnectionUserAndKey
>  File "/usr/lib/python2.5/site-packages/libcloud/base.py", line 23, in <module>
>    from libcloud.httplib_ssl import LibcloudHTTPSConnection
>  File "/usr/lib/python2.5/site-packages/libcloud/httplib_ssl.py",
> line 23, in <module>
>    import ssl
> ImportError: No module named ssl
>
> Installing the ssl module from PyPI (current version 1.15) helped. Now
> when I open a connection I get:
>
> /usr/lib/python2.5/site-packages/libcloud/httplib_ssl.py:55:
> UserWarning: SSL certificate verification is disabled, this can pose a
> security risk. For more information how to enable the SSL certificate
> verification, please visit the libcloud documentation.
>  warnings.warn(libcloud.security.VERIFY_SSL_DISABLED_MSG)
>
> Will read up on the docs at
> http://wiki.apache.org/incubator/LibcloudSSL to see how to get past
> that.
>
> Grig
>

Just a quick note that I managed to get past the SSL disabled warning
by following the docs:

* downloaded cacert.pem from http://curl.haxx.se/docs/caextract.html
(my Fedora 8 EC2 instance didn't have the certs)
* toggled VERIFY_SSL_CERT to True and set path to cacert before
opening a connection:

import libcloud.security
libcloud.security.VERIFY_SSL_CERT = True
libcloud.security.CA_CERTS_PATH.append("/path/to/cacert.pem")

Good docs!

Grig

Mime
View raw message