-
Notifications
You must be signed in to change notification settings - Fork 261
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
server_cert_validation 'ignore' no longer works in 0.3.0 #201
Comments
The traceback does not seem to match the example script you gave us, are you able to verify you are running the correct script as it seems like you are calling |
I'm also unable to reproduce this- cert validation behavior is working fine for me on 0.3.0 as well (though it does bring up the fact that the pywinrm test suite is very minimal and doesn't exercise most of these code paths). |
Sorry that was the wrong trace! I reproduced it and updated the above. I can reproduce this every time. Are you using a self-signed certificate?
This is the self-signed cert
Is there anything else I can provide? |
Thanks for that, I think the issue may be some incompatibility with python 2.7.5 that the Ansible issue showed you were using. Will have to find out why it no longer works on that version but it would be good to know if you can try out a newer Python version and tell us if that has the same issue. |
@nitzmahone In regards to lack of tests, #198 should hopefully assist. |
Sure can. I get the same on python 3 (centos 3.4.5-5.el7)
|
Yep, self-signed cert... Something really weird going on there, because your test works fine for me with 0.3.0 on CentOS7.4 under both python 2.7.5 and 3.4.5. At this point, I'd start being a little suspicious of your OpenSSL installation maybe? Some other nonstandard bits? I'm running off a brand-new container, and it works as expected:
and 3.4.5:
|
Aha, @jborean93 and I were kicking this around- my psychic powers tell me you might have Can you confirm that (and make sure that things work as expected if you unset the envvar)? We'll move that around so that the validation setting still takes precedence for 0.3.1. |
Yes! I do set a CA bundle so this must be it
On 5/01/2018 10:27 AM, "Matt Davis" <notifications@github.com> wrote:
Aha, @jborean93 <https://github.com/jborean93> and I were kicking this
around- my psychic powers tell me you might have REQUESTS_CA_BUNDLE or
CURL_CA_BUNDLE envvars set? There was a last-minute PR I merged for 0.3.0 (
#160 <#160>) that inadvertently makes
the presence of that envvar force validation...
Can you confirm that (and make sure that things work as expected if you
unset the envvar)? We'll move that around so that the validation setting
still takes precedence for 0.3.1.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#201 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AArK8Izp3sJHfelciBLS7mEnNnG_1TL1ks5tHUJKgaJpZM4RROz8>
.
|
* fixes diyan#201 * ensures that `server_cert_validation` takes precedence over code/env CA path overrides * adds basic unit test coverage of verify behavior
Thanks for turning this one around quickly! 🚤 |
@nitzmahone I appreciate that the bug was fixed so quickly, but any idea when the fix will be available in the published pip package (which, as of time of writing, still says 0.3.0)? This bug really bit me hard, and I'm guessing other folks provisioning Windows boxes with Ansible are similarly affected. |
Same issue here. Python 2.7.5 with pywinrm 0.3.0 installed on the awx docker instance. For some reasion, upgrading python is not possible. |
So for others like me who spent hours trying to figure out what was potentially wrong with Ansible, Vagrant, Packer, WinRM etc., the temporary solution to simply downgrade pywinrm back to 0.2.2 via |
hey @nitzmahone, any idea when this change might be released? |
https://github.com/diyan/pywinrm/releases/tag/v0.4.0 was released yesterday. |
The following no longer works against a self-signed certificate, has
server_cert_validation
changed?With:
However this previous release does work
The text was updated successfully, but these errors were encountered: