Client certificate not being passed

[el-pablo]

My company is using mutual certificate authentication for our Jira instance. There's an option in the API to specify a client_cert parameter, but when I use it is ignored.

This is how I'm doing it:

from jira import JIRA
jira = JIRA({"server":'https://jirahostname.co.uk', "client_cert":'/path/to/mycert.pem'})

Which gives me an SSL handshake error.

I've tried adding this at line 453 of client.py:

self._session.cert = self._options['client_cert']
and it fixes the issue, but I'm a complete novice with Python and wondered whether this is just a hack and that there is something that I'm doing wrong.

If I've genuinely found a bug I'm happy to raise a pull request, but given my complete amateur status I thought I'd ask here first!

Thanks

[hdost]

Hey @el-pablo I believe you may just be having an issue with syntax.
Try:

from jira import JIRA
jira = JIRA('https://jirahostname.co.uk', options={'client_cert':'/path/to/mycert.pem'})

[el-pablo]

Thanks for the response @hdost - I just tried that and it doesn't seem to have helped....

[hdost]

What error does it seem to be giving you?

[el-pablo]

I get the following, which I believe is because it is not sending a certificate.

WARNING:root:Got ConnectionError [HTTPSConnectionPool(host='jirahostname.co.uk', port=443): Max retries exceeded with url: /rest/api/2/serverInfo (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:833)'),))] errno:None on GET https://jirahostname.co.uk/rest/api/2/serverInfo
{'response': None, 'request': <PreparedRequest [GET]>}\{'response': None, 'request': <PreparedRequest [GET]>}

[hdost]

This may be something we need to fix https://stackoverflow.com/a/18579484/1966876

[el-pablo]

I went down that little rabbit hole, but in the end adding the line:

self._session.cert = self._options['client_cert']

in the client.py init function seems to fix it just fine...

[el-pablo]

I can send a pull request if it helps?

[hdost]

PRs are always welcome :)

…

________________________________________ *Harold Dost* | @hdost

On Tue, May 8, 2018 at 11:26 AM, Paul Thomas ***@***.***> wrote: I can send a pull request if it helps? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#558 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAnTBuj3k0qw5UhrPbjlEmGcDcvJSISqks5twbkmgaJpZM4TqXWe> .

[j5awry]

would this also fix:

#311

[fdcds]

Duplicate of #637 and #311?

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. You way want to consider using the Sponsor button in order to persuade someone to address it.