New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Certificate verify traceback when trying to connect to vcenter using SmartConnect() on Mac OS X Yosemite with python 2.7 #235
Comments
Isn't that a duplicate of this: #212
|
@michaelrice Not sure if you would call this a duplicate. This is more an issue and less of an enhancement. It shows the traceback and quits without connecting. Also, this issue has information that #212 doesn't have. |
@nmadhok do yo have https_proxy enabled ? |
@rreubenur Not sure. Quick way to check that? |
Same issue here.
|
Okay, this is going to have to be one of the first things I work on as soon as I can circle back to pyVmomi work. |
@hartsock Thanks! |
is there a work around for this? can one disable cert verify from user script? |
Here's the workaround:
|
I think the subject of this report should be changed to drop the OSX bits, it might help describe this more generally. This is not specific to OSX in any way because it is being caused by the change to python 2.7.9 which was pointed out in #212. #212 probably shouldn't be labeled as an enhancement. Because of this change to 2.7.9 it really makes it feel more like a bug (one I still think should be a python bug but the python devs do not agree). As it is now the current release of pyVmomi is "broken" on 2.7.9 and even on some 2.7.8 releases where they back ported the ssl patch (Ive read AWS did this in a gevent bug report about the same issue) instead of rolling a new 2.7.9 release out. I posted a work around to the mailing list a couple weeks ago which is a less elegant way of doing what @nmadhok is doing. It has also been added to py-vpoller as well. @hartsock I think we need to get a suitable patch made for connect.py and get quick release out to address this problem so that pyVmomi doesnt seem "broken" to 2.7.9 users. |
@michaelrice agreed. This will have to take priority over some of my other work. |
Toggles on and off strict host name verification in the standard python SSL library. A change was introduced to Python's SSL verification behavior with [PEP 0466](https://www.python.org/dev/peps/pep-0466/) which forces this library to consider a set of changes to preserve backward compatability. The intention of PEP 0466 is to improve SSL security for Python programmers but this changes default behaviors. This change proposes keeping the default behaviors undisturbed but forcing users and developers working in insecure environments to become aware of the change and adjust their security measures and code accordingly. fixes: vmware#212, vmware#235, and vmware#179
Toggles on and off strict host name verification in the standard python SSL library. A change was introduced to Python's SSL verification behavior with [PEP 0466](https://www.python.org/dev/peps/pep-0466/) which forces this library to consider a set of changes to preserve backward compatability. The intention of PEP 0466 is to improve SSL security for Python programmers but this changes default behaviors. This change proposes keeping the default behaviors undisturbed but forcing users and developers working in insecure environments to become aware of the change and adjust their security measures and code accordingly. fixes: vmware#212, vmware#235, and vmware#179
Any news on this? |
I have the same issue except I am in python 2.7.3 and I can not use _create_default_https_context since ssl package does not have that attribute. and upgrading at this point is not an option? Any other option? |
I modified Line 339 "verify" variable to to False in /usr/local/lib/python2.7/dist-packages/requests/adapters.py |
@spicyramen that worked! Thank you, I created a patch on my end to add to my bootstrap file. |
that is such a bad thing to do. I hope that anyone who follows that knows what ramifications it has, or even better just does not follow that advice |
This was the only workaround that worked for me ... try: import ssl context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) context.verify_mode = ssl.CERT_NONE service_instance = connect.SmartConnect(host=args.host, user=args.user, pwd=args.password, port=int(args.port), sslContext=context) |
Hey Gorantornqvist's method of creating a context and then assigning it worked for me in py and py3. here is the hello world with yaml sample with it working. Tack så mycket! |
Thanks @gorantornqvist . The only workaround that worked for me as well |
Glad to hear it (and thanks to @gorantornqvist as well). |
The suggested workaround by @gorantornqvist will only work on systems with Python 2.7+ and pyVmomi 6.0.0. This will not work on systems with Python 2.6 or systems with pyVmomi < 6.0 |
Hello.. I tested with python3 and was fine
|
Can any one explain why any line after this give me a syntax error in Python 3.4? try:
print ("logged in to %s" % args.host) In that example the print statement is giving me an invalid syntax after I add the code from @gorantornqvist...before it works. I am still learning python...but I am certain everything I've tried was correct syntax. I've tried both typing and copying/pasting and I've verified the encoding is unchanged. I can't seem to get any work around for this SSL error to work for me. Bah, i give up...I can't believe Github doesn't use [code] tags. I cannot get this to format right, but my indents are correct. |
hey there.. you need to indent under the try: and then figure out if your Print you want as part of the try loop or Cheers, On Tue, Jan 5, 2016 at 7:08 PM, vagrant-storm notifications@github.com
|
Oops it didn't copy right. I do have all the indents as they should be. import ssl is indented and the print is not. or it did copy right...if I hit edit all the indents are there...weird. I will have to play with the Git posting some more. |
is there any other way a person could get around this SSL: Cert failing? I've tried editing the adapters.py to be verify=false as well and there was no change. Nevermind...I took out the try and it works. |
I can confirm I am affected by this problem too: when using the vmware modules of ansible. The workaround posted by @gorantornqvist (#235 (comment)) solves it in my case. I'm using python2.7.11 on osx. Is there a problem solution planned? Can I help in any ways? |
Can you copy/paste your script you are running of a screen shot / link of cheers, On Thu, Feb 11, 2016 at 1:30 AM, chaitanyaanpate notifications@github.com
|
CODE:(As it is) import pyVmomi; print('welcome') url='Myurl' si = connect.SmartConnect(host=url,user=username,pwd=password,port=443) |
there is a bug, so here is a script that will work for you #!/usr/bin/python import ssl from pyVmomi import *; < == you dont need thisdef main(): use the vcr instance to setup an instance of service_instancewith my_vcr.use_cassette('hello_world_vcenter.yaml', record_mode='all'): the recording will show up in the working directory |
I am new to python and I am getting error as unexpected end of file error On Thu, Feb 11, 2016 at 9:54 PM, lmcdasm notifications@github.com wrote:
|
hello. You need to indent and follow proper python syntax. Perhaps start with the On Tue, Feb 16, 2016 at 2:10 AM, chaitanyaanpate notifications@github.com
|
I use a lot more hackish workaround - http://khadgaray.blogspot.com/2016/03/python-disabling-ssl-verification-on.html , as we work with a combination of Python 2.6.6 and 2.7.10 . |
There will be seven SSL certificate's. Any one among those seven can solve ur problem. Soon I ll share u the certificates. |
This is already fixed by 92c1de5. |
Getting a traceback when trying to connect to vcenter using
SmartConnect()
on Mac OS X Yosemite using python 2.7.The text was updated successfully, but these errors were encountered: