search

eshad / httplib2

Automatically exported from code.google.com/p/httplib2
0 stars 0 forks source link

HTTPS request doesn't work when disable_ssl_certificate_validation = True #173

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?

h = httplib2.Http(cache="C:\\Temp\\.cache")
h.disable_ssl_certificate_validation=True
out, err = h.request("https://mail.google.com") #uri doesn't matter
print(out['status'])

What is the expected output? What do you see instead?
I expect to get '200' printed to stdout, 
instead I get:
ValueError: check_hostname needs a SSL context with either CERT_OPTIONAL or 
CERT_REQUIRED

What version of the product are you using? On what operating system?
httplib2-0.7.1 (CPython 3.2.1 64-bit, Windows 7 Enterprise 64-bit) 

Please provide any additional information below.
Changing (in HTTPSConnectionWithTimeout constructor):
http.client.HTTPSConnection.__init__(self, host, port=port,
    key_file=key_file, cert_file=cert_file, timeout=timeout, 
    context=context,
    check_hostname= True)

to:

http.client.HTTPSConnection.__init__(self, host, port=port,
    key_file=key_file, cert_file=cert_file, timeout=timeout, 
    context=context,
    check_hostname= disable_ssl_certificate_validation ^ True)

solves issue.(no errors, response as expected)

Original issue reported on code.google.com by kvvier on 6 Sep 2011 at 8:05

GoogleCodeExporter commented 9 years ago 
Just tried it on python 2, works fine.
It seems that the problem appears only in python 3 lib version.

Original comment by kvvier on 10 Sep 2011 at 1:06

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
I'm seeing the same problem using python 3.2.2 on Windows XP with httplib2-0.7.1

Original comment by aarone@one-shore.com on 16 Sep 2011 at 10:59

GoogleCodeExporter commented 9 years ago 
A little more info...

With a build of python 3.2.2 and httplib2 0.7.1 (installed via pip) on Ubuntu 
10.04.3 LTS

I get the same error message:

Traceback (most recent call last):
  File "usinghttplib2.py", line 28, in <module>
    response, content = http.request(url, "GET", headers=headers)
  File "/usr/local/python3/lib/python3.2/site-packages/httplib2/__init__.py", line 1059, in request
    self.disable_ssl_certificate_validation)
  File "/usr/local/python3/lib/python3.2/site-packages/httplib2/__init__.py", line 775, in __init__
    check_hostname=True)
  File "/usr/local/python3/lib/python3.2/http/client.py", line 1086, in __init__
    raise ValueError("check_hostname needs a SSL context with "
ValueError: check_hostname needs a SSL context with either CERT_OPTIONAL or 
CERT_REQUIRED

using the same Ubuntu 10.04 with python 3.1.2 (stock lucid setup) the message 
is a bit different:

Traceback (most recent call last):
  File "usinghttplib2.py", line 28, in <module>
    response, content = http.request(url, "GET", headers=headers)
  File "/usr/local/lib/python3.1/dist-packages/httplib2/__init__.py", line 1059, in request
    self.disable_ssl_certificate_validation)
  File "/usr/local/lib/python3.1/dist-packages/httplib2/__init__.py", line 775, in __init__
    check_hostname=True)
TypeError: __init__() got an unexpected keyword argument 'context'

ith a build of python 3.2.2 and httplib2 0.7.1 (installed via pip) on Ubuntu 
10.04.3 LTS

Original comment by aarone@one-shore.com on 18 Sep 2011 at 5:49

GoogleCodeExporter commented 9 years ago 
Proposed fix to allow using disable_ssl_certificate_validation=True

add the following lines to httplib2.HTTPSConnectionWithTimeout

        check_hostname=True
        if disable_ssl_certificate_validation:
            check_hostname=False

and modify the call to http.client.HTTPSConnection to use the value for 
check_hostname

        http.client.HTTPSConnection.__init__(self, host, port=port, key_file=key_file,
                cert_file=cert_file, timeout=timeout, context=context, 
                check_hostname=check_hostname)

I'm not sure of the full ramifications, or if this is the right place to add 
the check.  I'm just getting my feet wet with python and don't know the proper 
patch submittal process yet.

Original comment by aarone@one-shore.com on 19 Sep 2011 at 5:21

Attachments:

GoogleCodeExporter commented 9 years ago 
An easy fix that worked for me was to copy file cacerts.txt from 
/usr/local/lib/python2.7/site-packages/httplib2/ to 
/usr/local/lib/python3.2/site-packages/httplib2/

Original comment by cwasvand...@gmail.com on 24 Sep 2011 at 1:31

GoogleCodeExporter commented 9 years ago 
Same issue on OS X 10.6.8 with Python 3.2 (r32:88452, Feb 20 2011, 11:12:31) 
and httplib2 0.7.2

Copying the cacerts.txt did not work for me.  The 
disable_ssl_certificate_validation.patch did.

Original comment by cabal...@gmail.com on 25 Nov 2011 at 4:23

GoogleCodeExporter commented 9 years ago 
I still have this problem with 0.7.2 on Arch Linux, it's quite annoying to 
distribute a copy of httplib2 when I could use the version provided by my 
distribution...

Original comment by Niklas.S...@gmail.com on 8 Mar 2012 at 11:45

GoogleCodeExporter commented 9 years ago 
kvvier's solution worked for me (XP 64-bit, Python 3.3):

Changing (in HTTPSConnectionWithTimeout constructor):
http.client.HTTPSConnection.__init__(self, host, port=port,
    key_file=key_file, cert_file=cert_file, timeout=timeout, 
    context=context,
    check_hostname= True)

to:

http.client.HTTPSConnection.__init__(self, host, port=port,
    key_file=key_file, cert_file=cert_file, timeout=timeout, 
    context=context,
    check_hostname= disable_ssl_certificate_validation ^ True)

Original comment by EnergyNu...@gmail.com on 15 Dec 2012 at 10:42

GoogleCodeExporter commented 9 years ago 
kvvier's solution worked for me too (XP 32-bit, Python 3.3):

Thanks

Original comment by lmadan...@gmail.com on 29 Mar 2013 at 6:19

GoogleCodeExporter commented 9 years ago 
This problem is 2 years old and a fix was found. Why is it still not in the 
upstream source?

Original comment by be.nicol...@gmail.com on 6 Nov 2013 at 12:34

GoogleCodeExporter commented 9 years ago 
I ran into this same issue on Mac OSX, Python 3.3. The fix seems to work.

Original comment by petr...@gmail.com on 10 Nov 2013 at 3:33

GoogleCodeExporter commented 9 years ago 
Encounter the issue with 3.3.2.
Still in new status for the patch has side effect?

Original comment by wch.mail...@gmail.com on 3 Dec 2013 at 9:04

GoogleCodeExporter commented 9 years ago 
Just got this same error today on Python 3.3.

Original comment by mikeo...@gmail.com on 7 Dec 2013 at 12:07

GoogleCodeExporter commented 9 years ago 
I branched the code and applied the fix:
https://bitbucket.org/markbaas/httplib2

Please submit the patch so I can remove the branch.

Original comment by mark.baas on 5 Feb 2014 at 1:16

GoogleCodeExporter commented 9 years ago 
I'm also seeing this issue on Python 3.4 (OS X via homebrew)

Original comment by killpack99 on 24 Nov 2014 at 11:04

GoogleCodeExporter commented 9 years ago 
Same problem here. I can confirm the fix fonr mark.bass works: 
https://bitbucket.org/markbaas/httplib2/commits/088f44a0c0892716c6497ad37c9d4e1e
e597fed0

Please merge this simple patch to fix this

Original comment by carlo...@gmail.com on 21 Jan 2015 at 5:36

GoogleCodeExporter commented 9 years ago 
Same problem here, on Python 3.4 Ubuntu 14.04. I've also confirmed that 
mark.baas's patch solves the problem.

Original comment by lda...@raccoon.ag on 27 May 2015 at 7:46