search

NotSqrt / mattermost-integration-gitlab

Send events from Gitlab to Mattermost through webhooks
https://www.mattermost.org/webhooks/
Apache License 2.0
99 stars 45 forks source link

SSL problem - Certificate verify failed #9

Closed davidfm closed 8 years ago

davidfm commented 8 years ago

Hi, I've posted my problem on the Mattermost forum but got no reponses. Hopefully you can give us some pointers on how to fix our issue.

Based on the instructions here I created my own docker container.

FROM python:2.7.11

MAINTAINER "David "

RUN pip install git+https://github.com/NotSqrt/mattermost-integration-gitlab

EXPOSE 5000

ENTRYPOINT mattermost_gitlab $MATTERMOST_WEBHOOK_URL

When I connect GitLab with this container and click on Test webhook it seems to work OK,

I see the following on the log:

10.0.0.19 - - [30/May/2016 15:48:02] "POST /new_event HTTP/1.1" 200 -

However, when I add an actual comment it fails and I see the following:

Traceback (most recent call last):
  File "/usr/local/lib/python2.7/site-packages/mattermost_gitlab/server.py", line 46, in new_event
    post_text(text)
  File "/usr/local/lib/python2.7/site-packages/mattermost_gitlab/server.py", line 92, in post_text
    resp = requests.post(app.config['MATTERMOST_WEBHOOK_URL'], headers=headers, data=json.dumps(data))
  File "/usr/local/lib/python2.7/site-packages/requests/api.py", line 109, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/requests/api.py", line 50, in request
    response = session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/requests/adapters.py", line 433, in send
    raise SSLError(e, request=request)
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
10.0.0.19 - - [30/May/2016 15:53:35] "POST /new_event HTTP/1.1" 200 -

Mattermost is behind a reverse proxy and we use a SSL certificate, but it's not self-signed.

Any ideas on what I am doing wrong?

Many thanks.

NotSqrt commented 8 years ago

Hi,

We use the requests library, that handles certificate verification : http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification

requests checks against a bundled list of certificate authorities, yours might not be in that list. You can make it use a different/newer list by running pip install certifi.

If it still fails, can you try running in python requests.get("https://yourmattermostinstance"), and adjust the optional parameter verify to a working value (False/True/path to a folder containing CA authorities)?

certifi changed a few months ago, and no longer supports the verification for 1024-bit certificates. If that's your case, you can try with verify=certifi.old_where().

davidfm commented 8 years ago

verify=False did the trick. Thanks!