ElasticHQ / elasticsearch-HQ

Monitoring and Management Web Application for ElasticSearch instances and clusters.
http://www.elastichq.org
Other
4.96k stars 532 forks source link

Support Disabling SSL Verification #471

Closed AStrangwood closed 5 years ago

AStrangwood commented 5 years ago

General information

Issue Description

Same as https://github.com/ElasticHQ/elasticsearch-HQ/issues/464 the suggested fix does not work for self signed certificates and disabling ssl verification is the only way to use self signed certs i believe

Please can you add support to disable ssl verification, im using self signed certs and need to be able to disable ssl verification.

Is there a workaround for the time being?

Source Code / Logs

essage: 'Unable to create connection to: https://elasticsearch:9200' Arguments: (SSLError(MaxRetryError("HTTPSConnectionPool(host='elasticsearch-coordinator', port=9200): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))",),),) --- Logging error --- Traceback (most recent call last): File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 601, in urlopen chunked=chunked) File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 346, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 850, in _validate_conn conn.connect() File "/usr/local/lib/python3.6/site-packages/urllib3/connection.py", line 326, in connect ssl_context=context) File "/usr/local/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 329, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/local/lib/python3.6/site-packages/eventlet/green/ssl.py", line 402, in wrap_socket return GreenSSLSocket(sock, *a, _context=self, **kw) File "/usr/local/lib/python3.6/site-packages/eventlet/green/ssl.py", line 91, in __init__ self.do_handshake() File "/usr/local/lib/python3.6/site-packages/eventlet/green/ssl.py", line 270, in do_handshake super(GreenSSLSocket, self).do_handshake) File "/usr/local/lib/python3.6/site-packages/eventlet/green/ssl.py", line 113, in _call_trampolining return func(*a, **kw) File "/usr/local/lib/python3.6/ssl.py", line 1077, in do_handshake self._sslobj.do_handshake() File "/usr/local/lib/python3.6/ssl.py", line 689, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)

obearn commented 5 years ago

You can probably use the certifi module to add you autosigned root certifcate. Give a look at https://incognitjoe.github.io/adding-certs-to-requests.html

strbak commented 5 years ago

Please can you add support to disable ssl verification, im using self signed certs and need to be able to disable ssl verification.

strbak commented 5 years ago

with es 6.8.1 and above , auth & ssl is common , many es clusters are built are with passwd ,please kinldy help consider the problems

royrusso commented 5 years ago

It may be as simple as passing a flag verify=False, per docs. I will try that. https://2.python-requests.org//en/latest/user/advanced/#ssl-cert-verification