Created
December 14, 2018 18:21
-
-
Save ssbarnea/3d5067d41abc68c3788f1c9bc0ab4418 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Summary. | |
It seems that request does not work with HTTPS proxies because it fails to load the REQUEST_CA_BUNDLE (or fails to validate the certificates from the proxy). | |
I am sure that the proxy signs correctly because the same bundle is configured because both SSL_CERT_FILE and REQUEST_CA_BUNDLE point to the same file and curl works file. | |
## Expected Result | |
## Actual Result | |
``` | |
Traceback (most recent call last): | |
File "/Users/ssbarnea/.pyenv/versions/3.7.1/lib/python3.7/site-packages/urllib3/connectionpool.py", line 594, in urlopen | |
self._prepare_proxy(conn) | |
File "/Users/ssbarnea/.pyenv/versions/3.7.1/lib/python3.7/site-packages/urllib3/connectionpool.py", line 805, in _prepare_proxy | |
conn.connect() | |
File "/Users/ssbarnea/.pyenv/versions/3.7.1/lib/python3.7/site-packages/urllib3/connection.py", line 344, in connect | |
ssl_context=context) | |
File "/Users/ssbarnea/.pyenv/versions/3.7.1/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 344, in ssl_wrap_socket | |
return context.wrap_socket(sock, server_hostname=server_hostname) | |
File "/Users/ssbarnea/.pyenv/versions/3.7.1/lib/python3.7/ssl.py", line 412, in wrap_socket | |
session=session | |
File "/Users/ssbarnea/.pyenv/versions/3.7.1/lib/python3.7/ssl.py", line 853, in _create | |
self.do_handshake() | |
File "/Users/ssbarnea/.pyenv/versions/3.7.1/lib/python3.7/ssl.py", line 1117, in do_handshake | |
self._sslobj.do_handshake() | |
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1051) | |
``` | |
## Reproduction Steps | |
``` | |
#!/bin/bash | |
set -ex | |
export REQUESTS_CA_BUNDLE=/Users/ssbarnea/cacert.pem | |
export https_proxy=192.168.33.1:3128 | |
curl https://pypi.org >/dev/null | |
python3 -c "import requests; requests.get('https://pypi.org', verify='/Users/ssbarnea/cacert.pem')" | |
``` | |
## System Information | |
$ python -m requests.help | |
``` | |
$ python -m requests.help [17:44:28] | |
{ | |
"chardet": { | |
"version": "3.0.4" | |
}, | |
"cryptography": { | |
"version": "2.3.1" | |
}, | |
"idna": { | |
"version": "2.7" | |
}, | |
"implementation": { | |
"name": "CPython", | |
"version": "2.7.15" | |
}, | |
"platform": { | |
"release": "18.2.0", | |
"system": "Darwin" | |
}, | |
"pyOpenSSL": { | |
"openssl_version": "1010009f", | |
"version": "18.0.0" | |
}, | |
"requests": { | |
"version": "2.20.1" | |
}, | |
"system_ssl": { | |
"version": "1000211f" | |
}, | |
"urllib3": { | |
"version": "1.24.1" | |
}, | |
"using_pyopenssl": true | |
} | |
``` | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment