New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Option to ignore SSL errors #126

Closed
bemeyert opened this Issue Dec 19, 2014 · 15 comments

Comments

Projects
None yet
9 participants
@bemeyert

bemeyert commented Dec 19, 2014

Hi all,
I can no longer connect to our server because of a SSL verification error. It is a self-signed certificate. So I know that it can't be verified. Please add an option to ignore SSL problems. Currently I can't use nagstamon.

The error:

ERROR: 2014-12-19 11:17:55.955827 7val icinga   Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/Nagstamon/Server/Generic.py", line 1077, in FetchURL
    urlcontent = self.urlopener.open(request)
  File "/usr/lib/python2.7/urllib2.py", line 431, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 449, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 409, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 1240, in https_open
    context=self._context)
URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>

Thx

@HenriWahl

This comment has been minimized.

Show comment
Hide comment
@HenriWahl

HenriWahl Dec 19, 2014

Owner

The used urllib2 does NOT verify certificates as default, as far as I know. Thus I really wonder how you get this message. Maybe there is something wrong with the self-signed certificate at all? Since when does this error occur?

Owner

HenriWahl commented Dec 19, 2014

The used urllib2 does NOT verify certificates as default, as far as I know. Thus I really wonder how you get this message. Maybe there is something wrong with the self-signed certificate at all? Since when does this error occur?

@bemeyert

This comment has been minimized.

Show comment
Hide comment
@bemeyert

bemeyert Dec 19, 2014

I'm not sure. But it might be the last system update where Python was updated from 2.7.8-2 to 2.7.9-1 (urllib2.py ist part of that package). It seems like it's not a problem with Nagstamon. Sorry about the noise and thx

bemeyert commented Dec 19, 2014

I'm not sure. But it might be the last system update where Python was updated from 2.7.8-2 to 2.7.9-1 (urllib2.py ist part of that package). It seems like it's not a problem with Nagstamon. Sorry about the noise and thx

@tititake

This comment has been minimized.

Show comment
Hide comment
@tititake

tititake Dec 21, 2014

After upgraded to python 2.7.9, I had same problem.
Downgrade to 2.7.8 fixed that.

It's nice Nagstamon could work with 2.7.9 too.

tititake commented Dec 21, 2014

After upgraded to python 2.7.9, I had same problem.
Downgrade to 2.7.8 fixed that.

It's nice Nagstamon could work with 2.7.9 too.

@HenriWahl

This comment has been minimized.

Show comment
Hide comment
@HenriWahl

HenriWahl Dec 21, 2014

Owner

The python guys really added SSL-verification to Python 2.7.9... see http://lwn.net/Articles/611243/.
Incredible - I would like to know how many other applications do have problems now. Well, from a security point of view this new behaviour is absolutely necessary - just introducing it with a minor release is kind of unfair.
In the long run I plan to use the Requests library instead of urllib. In the meantime I found a cure at the end of http://www.afpy.org/doc/python/2.7/whatsnew/2.7.html where a method is described to disable the new SSL verification. I will add this as soon as possible.

Owner

HenriWahl commented Dec 21, 2014

The python guys really added SSL-verification to Python 2.7.9... see http://lwn.net/Articles/611243/.
Incredible - I would like to know how many other applications do have problems now. Well, from a security point of view this new behaviour is absolutely necessary - just introducing it with a minor release is kind of unfair.
In the long run I plan to use the Requests library instead of urllib. In the meantime I found a cure at the end of http://www.afpy.org/doc/python/2.7/whatsnew/2.7.html where a method is described to disable the new SSL verification. I will add this as soon as possible.

@HenriWahl

This comment has been minimized.

Show comment
Hide comment
@HenriWahl

HenriWahl Dec 21, 2014

Owner

Hi,
I attempted to fix this in las commit 1f99d2f - are you able to test the latest git version?
Regards

By the way: which distributions do you use?

Owner

HenriWahl commented Dec 21, 2014

Hi,
I attempted to fix this in las commit 1f99d2f - are you able to test the latest git version?
Regards

By the way: which distributions do you use?

@bemeyert

This comment has been minimized.

Show comment
Hide comment
@bemeyert

bemeyert Dec 22, 2014

@HenriWahl Awesome work! Nagstamon runs again. I'm using Archlinux and install Nagstamon via the AUR package nagstamon-git which contains version 1.0.1. Thanks a lot

bemeyert commented Dec 22, 2014

@HenriWahl Awesome work! Nagstamon runs again. I'm using Archlinux and install Nagstamon via the AUR package nagstamon-git which contains version 1.0.1. Thanks a lot

@mkrsn

This comment has been minimized.

Show comment
Hide comment
@mkrsn

mkrsn Dec 28, 2014

same Problem with Gentoo and v1.0.1. Henri's fix solved the Problem - Thanks :)

mkrsn commented Dec 28, 2014

same Problem with Gentoo and v1.0.1. Henri's fix solved the Problem - Thanks :)

@gerdesj

This comment has been minimized.

Show comment
Hide comment
@gerdesj

gerdesj Feb 23, 2015

Just to spell out the fix for Gentoo (thanks HW):
Grab a unified diff for the patch mentioned above by appending .patch to the URL in HenriWahl's comment above (https://github.com/HenriWahl/Nagstamon/commit/1f99d2f70db544652d30dca4e718ba733d3fd7cf.patch) and save it to eg (choose your filename) /etc/portage/patches/net-analyzer/nagstamon-1.0.1/python2.9.patch

Follow this: http://wiki.gentoo.org/wiki//etc/portage/patches#Adding_support_for_user_patches_to_your_ebuilds to enable epatch_user for all ebuilds because the ebuild for Nagstamon doesn't have direct support for epatch_user.

Re-emerge nagstamon and look for this in the output:

  • Applying user patches from /etc/portage/patches//net-analyzer/nagstamon ...
  • python-2.9.patch ...
  • Done with patching

Hooray, it's working again.

gerdesj commented Feb 23, 2015

Just to spell out the fix for Gentoo (thanks HW):
Grab a unified diff for the patch mentioned above by appending .patch to the URL in HenriWahl's comment above (https://github.com/HenriWahl/Nagstamon/commit/1f99d2f70db544652d30dca4e718ba733d3fd7cf.patch) and save it to eg (choose your filename) /etc/portage/patches/net-analyzer/nagstamon-1.0.1/python2.9.patch

Follow this: http://wiki.gentoo.org/wiki//etc/portage/patches#Adding_support_for_user_patches_to_your_ebuilds to enable epatch_user for all ebuilds because the ebuild for Nagstamon doesn't have direct support for epatch_user.

Re-emerge nagstamon and look for this in the output:

  • Applying user patches from /etc/portage/patches//net-analyzer/nagstamon ...
  • python-2.9.patch ...
  • Done with patching

Hooray, it's working again.

@lhost

This comment has been minimized.

Show comment
Hide comment
@lhost

lhost commented Feb 27, 2015

@sinaowolabi

This comment has been minimized.

Show comment
Hide comment
@sinaowolabi

sinaowolabi Jul 23, 2015

Any advice for Ubuntu (specifically, 15.04) users?

sinaowolabi commented Jul 23, 2015

Any advice for Ubuntu (specifically, 15.04) users?

@HenriWahl

This comment has been minimized.

Show comment
Hide comment
@HenriWahl

HenriWahl Jul 27, 2015

Owner

Not yet - either change the files as in 1f99d2f or stay tuned for the next version.

Owner

HenriWahl commented Jul 27, 2015

Not yet - either change the files as in 1f99d2f or stay tuned for the next version.

@soxwellfb

This comment has been minimized.

Show comment
Hide comment
@soxwellfb

soxwellfb Aug 17, 2015

Contributor

Just a note to say that the 10.10.5 patch for OS X bumped the version of Python from 2.7.6 to 2.7.10, so it's now showing the SSL certificate issue against a self signed Nagios server.

I applied the patch by:

cd /Applications/Nagstamon.app/Contents/MacOS/Nagstamon-src
patch -p2 <  <path to patch file>/nagstamon-python2.7.9.patch

This may be of use to someone.

Contributor

soxwellfb commented Aug 17, 2015

Just a note to say that the 10.10.5 patch for OS X bumped the version of Python from 2.7.6 to 2.7.10, so it's now showing the SSL certificate issue against a self signed Nagios server.

I applied the patch by:

cd /Applications/Nagstamon.app/Contents/MacOS/Nagstamon-src
patch -p2 <  <path to patch file>/nagstamon-python2.7.9.patch

This may be of use to someone.

@varac

This comment has been minimized.

Show comment
Hide comment
@varac

varac Jan 7, 2016

@HenriWahl Any change to get a new release out ? Last one (1.0.1) is already over a year now. I would love to have this feature without patching files.

varac commented Jan 7, 2016

@HenriWahl Any change to get a new release out ? Last one (1.0.1) is already over a year now. I would love to have this feature without patching files.

@HenriWahl

This comment has been minimized.

Show comment
Hide comment
@HenriWahl

HenriWahl Jan 7, 2016

Owner

You can already check the still alpha but yet usable releases of the new 2.0 version, which is a port to Qt5 instead of GTK2 and thus rather time consuming.
Especially this bug is fixed there due to the use of the Requests module. The Qt5 port additionally comes with native OSX support.
See https://nagstamon.ifw-dresden.de/nagstamon-20 for Details.

Owner

HenriWahl commented Jan 7, 2016

You can already check the still alpha but yet usable releases of the new 2.0 version, which is a port to Qt5 instead of GTK2 and thus rather time consuming.
Especially this bug is fixed there due to the use of the Requests module. The Qt5 port additionally comes with native OSX support.
See https://nagstamon.ifw-dresden.de/nagstamon-20 for Details.

@HenriWahl

This comment has been minimized.

Show comment
Hide comment
@HenriWahl

HenriWahl Jan 7, 2016

Owner

Right now the next alpha is out :-)

Owner

HenriWahl commented Jan 7, 2016

Right now the next alpha is out :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment