Skip to content

Self signed / Let's Encrypt SSL certificate support #90

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
esgn opened this issue Aug 8, 2017 · 7 comments
Closed

Self signed / Let's Encrypt SSL certificate support #90

esgn opened this issue Aug 8, 2017 · 7 comments
Labels
enhancement

Comments

@esgn
Copy link

esgn commented Aug 8, 2017
edited
Loading

Hi,

I'm trying to use your plugin with a testlink instance deployed with a let's encrypt ssl certificate. When I try a simple API call through your plugin I get a "certificate verify failed" error caused, I presume, by xmlrpclib. Any idea what would be the best way to support self-signed certificates ?

Thanx in advance
@esgn esgn changed the title Self signed / Let's Encrypt certificate support Self signed / Let's Encrypt SSL certificate support Aug 8, 2017
@lczub
Copy link
Owner

lczub commented Aug 8, 2017

Hello Emmanuel,

to be honest, I have no real experiences with SSL certificates. If I understand xmlrpclib pydoc right,

class TestlinkAPIGeneric(object):
...
    def __init__(self, server_url, devKey, **args):
        transport=args.get('transport')
        encoding=args.get('encoding')
        verbose=args.get('verbose',0)
        allow_none=args.get('allow_none',0)
        self.server = xmlrpclib.Server(server_url, transport, encoding,
                                       verbose, allow_none)
...

must support as additional optional args the xmlrpclib context parameter. But I have currently no idea, what you have to define as ssl.SSLContext.

So the TestlinkAPIGenric.py code change would be something like

class TestlinkAPIGeneric(object):
...
    def __init__(self, server_url, devKey, **args):
        transport=args.get('transport')
        encoding=args.get('encoding')
        verbose=args.get('verbose',0)
        allow_none=args.get('allow_none',0)
        use_datetime = args.get('use_datetime', 0)
        context = args.get('context', None)
        self.server = xmlrpclib.Server(server_url, transport, encoding,
                                       verbose, allow_none, use_datetime, context)
...

and your test call might be

a_context = ssl.create_default_context(?????)
a_api = TestlinkAPIGeneric("YOUR_HTPS_TL_SERVER_URL", "YOUR_TL_DEVKEY", "context", a_context)

Helps this a little bit ? Would it be possible for you to play around with this changes and check, if you can find a working ssl.context definition?

Regards Luiko

@esgn
Copy link
Author

esgn commented Aug 8, 2017

From what i've seen (e.g : https://stackoverflow.com/questions/30461969/disable-default-certificate-verification-in-python-2-7-9) the idea is to create a context=ssl._create_unverified_context().Will try and play with it this week if I find some time. If not, will be in september.
Regards

@esgn
Copy link
Author

esgn commented Aug 19, 2017
edited
Loading

Not sure how to test properly in a python project but here is what works for me. Did the following edit in testlinkapigeneric.py then setup.py install and now my api calls work with self signed certificate

import ssl 
...
    def __init__(self, server_url, devKey, **args):
        transport=args.get('transport')
        encoding=args.get('encoding')
        verbose=args.get('verbose',0)
        allow_none=args.get('allow_none',0)
        use_datetime = args.get('use_datetime', 0)
        context = args.get('context', ssl._create_unverified_context())
        self.server = xmlrpclib.Server(server_url, transport, encoding,
                                       verbose, allow_none, use_datetime, context)

Trouble is ssl does not have the _create_unverified_context() before 2.7.9 and it seems xmlrpclib does not support a context either. Solution would be to use transport with something like

context = hasattr(ssl, '_create_unverified_context') and ssl._create_unverified_context() or None
test = xmlrpclib.Server(server_url, transport=xmlrpclib.SafeTransport(use_datetime=True, context=context) ...

But transport is already used I presume. Do you know how ?

@lczub
Copy link
Owner

lczub commented Aug 20, 2017

Hello Emmanuel,

using transport was introduced with #36 (and adjusted with #56) to support proxy configurations.

It is set in TestLinkHelper.connect() - getProxiedTransport().

Did I understand you right, that you are using a Python Version before 2.7.9 ?
We have to rethink, how we can adjust TestLinkHelper to support Proxy and Self-Sign-Certificate Support . Maybe in a first step either Proxy or Self-Sign-Certificate Support , not both in parallel?

Regards Luiko

@esgn
Copy link
Author

esgn commented Aug 21, 2017

No no I'm using 2.7.13. My point was that in order to make a patch that is compatible with most versions of Python Transport should be used instead of ssl context.
Regarding the first step I have no particular idea. Only self signed would be enough for me ;)

lczub pushed a commit that referenced this issue Aug 23, 2017
support self signed / Lets Encrypt SSL certificate #90
66c48de
@lczub
Copy link
Owner

lczub commented Aug 23, 2017

Hello Emmanuel,
you find know on branch tl-future a commit, which should support your self signed certificate situation
https://github.com/lczub/TestLink-API-Python-client/archive/tl-future.zip

TestLinkHelper should know define the uncertificate context, when you call it with a HTTPS url without defining a special sssl context.

Hope this works and help,

regards Luiko

@lczub
Copy link
Owner

lczub commented Sep 24, 2017

seams to work, if not please reopen.

@lczub lczub closed this as completed Sep 24, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lczub @esgn