I have a python program using urllib2 to GET a page via https protocol:
urllib2.urlopen('https://mywebsite')
I have no problem running this script using python interpreter, but when running with Jython interpreter, I got this error:
urllib2.URLError: <urlopen error (-1,'SSL handshake exception')>
Do I need to do something else to make urllib2.urlopen work with an https address?
I think Jython use the Java SSL implementation, so you'll need to add the server's certificate to your keystore. That's because Java always checks the certificate validity.
Installing a certificate
And two ways of not checking the validity, with java code and pure Jython.
Related
So with the help of Graham I realize I need to rebuild the mod_ssl.so to point to the new OpenSSL version.
I found the following post with similar problem but not much suggested: https://stackoverflow.com/questions/36756641/rebuild-mod-ssl-so-on-apache2-on-macosx
Is it possible to only rebuild the mod_ssl.so only or do I need to rebuild Apache?
Any specific flags to use?
Is homebrew the way o go and how do I avoid having two installations of Apache?
I am on 10.11.6 and using MacOS Server 5.2 (If that has an impact)
I have integrated the following framework under a flask app and made it work. https://github.com/playingmedia/swish-python
So basically it makes a Request with pyopenssl with included certificates.
This is working fine in my flask app, but when I move it to my Apache Server (configured to be accessed through TLS - not sure if that is relevant) it gives me the following error: SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:590)
I am wondering if there is mod_wsgi setting I need to manipulate of there could be any permission issues...
I included another framework using Suds with TLS without on the Apache server any problem so wondering if there is any known issues with Request library and pyopenssl under mod_wsgi?
Have tried to google quite a lot but perhaps I am not typing in the right key words
Thx
I'm trying to upload video to YouTube with cURL and API v3. Unfortunately, I'm getting the following error message:
"curl: (1) SSL is disabled, https: not supported"
What does it mean and what can I do to fix it?
The error message "curl: (1) SSL is disabled, https: not supported" means that the instance of curl/libcurl that you're using was built without support for this protocol.
This could've happened if the configure script that was run at build time couldn't find all libs and include files curl requires for SSL to work. If the configure script fails to find them, curl is simply built without SSL support.
To get the https:// support into a curl that was previously built but that reports that https:// is not supported, you should dig through the logs and check out why the configure script doesn't find the SSL libs and/or include files. This may be because of several reasons, e.g. native linker doesn't find openssl or only the libssl lib is missing.
Try to re-compile cURL with SSL support (something like: ./configure --with-ssl=/usr/bin/openssl) to see if it helps to resolve the issue.
Reference: http://curl.haxx.se/docs/faq.html#curl_1_SSL_is_disabled_https
We are trying to use composite templates (fillable PDFs) and embedded signing using the REST API. We are using the docusign_rest gem in conjuction with our custom code to create composite templates and embedded signing. The docusign_rest gem is used for authentication and is giving the following error:
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed)
On the local dev machine, we simply provided path to a certificate file at the time of starting the dev server, but on a remote machine this is not feasible.
Is it possible to skip the SSL check for a demo purpose? This SO link seems to suggest that it is possible. If yes, then how can we achieve that?
If not, then is there a quick way to fix it or do we have to install SSL certificates and configure the server to read those?
We are using ruby 1.9.3 , rails 3.2.11 and Apache2 (so that would mean enabling the SSL module).
I believe for demo (demo.docusign.net) you can use https OR http. What happens if you simply use http? Does that resolve your SSL error?
In either case, you'll eventually need to resolve this though because for production (www.docusign.net) you need to use https. The problem is most likely in your Ruby code or with your certificate. For testing purposes I'd try making a cURL request through the command line to see if that works.
See here for some examples of making DocuSign REST API calls using cURL
Im trying to use client ssl certificate in JMeter to authenticate on website. The problem is that when i try to import it in SSL Manager, im not getting any message for password, anything. In configuration i've written:
user.classpath=/home/m/Downloads/jre-1.7.0_09/usr/java/jre1.7.0_09/lib/
ssl.provider=com.sun.net.ssl.internal.ssl.Provider
I've added user.classpath because jsse.jar stands there, but i think its not necessary. What am i doing wrong?
To test Client Certificates, use this:
Keystore Configuration
Steps are:
Create your certificates either with Java keytool utility or through your PKI
If created by PKI, import your keys in Java Key Store by converting them to a format acceptable by JKS
Then reference the keystore file through the 2 JVM properties :
-Djavax.net.ssl.keyStore=path_to_keystore
-Djavax.net.ssl.keyStorePassword=password_of_keystore
You use either HTTPClient 3.1 or 4 implementations for HTTP Request
To make JMeter use more than one certificate you need to ensure that:
https.use.cached.ssl.context=false
is set in jmeter.properties or user.properties
Sometimes this appears, sometime not. Its since two days in former good running apps.
CurlException: 60: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed thrown in
With a former Version of the php SDK, I disabled CURLOPT_SSL_VERIFYPEER generally besause that never works. But the last two versions, now its the newest, worked until yesterday.Shout I disable something again? Is it the same method in the actual SDK? Writing from home, can't look inside.
Is it a message from the cert coming with the sdk or are that problems with the cert of https on my server?
You shouldn't disable CURLOPT_SSL_VERIFYPEER because of the security implications. The PHP SDK usually contains the needed certificate, but in your case it seems to have problems.
The best way to solve it is:
Download the Facebook SSL certificate here
Put it somewhere accessible by PHP
Tell the Facebook PHP SDK to use it:
Facebook::$CURL_OPTS[CURLOPT_CAINFO] = '/path/to/fb_ca_chain_bundle.crt';
I just ran into this same error (coworkers didn't have it) and the solution was to download a new copy of the Facebook API SDK from https://github.com/facebook/facebook-php-sdk. Apparently my version (and the certificate) was outdated.