search

getsentry / raven-python

Raven is the legacy Python client for Sentry (getsentry.com) — replaced by sentry-python
https://sentry.io
BSD 3-Clause "New" or "Revised" License
1.68k stars 657 forks source link

SNI support #523

Open raphaelm opened 9 years ago

raphaelm commented 9 years ago

In my setup the HTTP transport always failed because of an untrusted certificate. The certificate, however, was trusted, but the server sent the wrong certificate as raven's very own SSL wrapper apparently does not support TLS Server Name Indication. My guess is that this could be fixed by adding a server_hostname attribute with useful content to the ssl.wrap_socket call in raven.utils.http.urlopen.ValidHTTPSConnection.

xordoquy commented 9 years ago

Does this work with the request transport ?

gavinwahl commented 9 years ago

It does work with the requests transport, but then you lose the asynchronous thread feature.

dcramer commented 9 years ago

I would like to see:

  1. How much work it is to support SNI / http proxy by ourselves
  2. How much work it is to vendor requests
  3. How much work it is to vendor urllib3 (which afaik provides all of the functionality that we want out of requests)

On Monday, December 1, 2014 at 4:48 PM, Gavin Wahl wrote:

It does work with the requests transport, but then you lose the asynchronous thread feature.

— Reply to this email directly or view it on GitHub (https://github.com/getsentry/raven-python/issues/523#issuecomment-65165969).

xordoquy commented 9 years ago

TBH, I'd go with vendoring requests. I don't have time to investigate on urllib3 or DYI SNI / proxy support in particular with how hard supporting some proxy is with the stdlibs

fengsi commented 8 years ago

+1 for this

pypetey commented 7 years ago

+1 for this

serathius commented 7 years ago

+1

miracle2k commented 7 years ago

I thought this was kind of nightmare, having to write code for 10+ apps after switching to LetsEncrypt on the server; but then I noticed there is a pretty easy way to change the transport via the url. Just use threaded+requests+https as a url scheme!

gartens commented 6 years ago

This fixed the problem for me. Should I submit a PR?

fzarifian commented 6 years ago

@gartens Something went wrong on your tests (see flake8 core tests)

est commented 5 years ago

Also to add, if you can change your sentry server nginx settings, use something like

server {
    listen   443 ssl default;
    ....
}

to force nginx route the non-SNI default website to sentry.

jgadelange commented 3 years ago

Thanks @est, this saved me from changing stuff in ~100 projects.

Somehow somewhere last week the sentry logging started throwing urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:777)> Seems to be related to this issue, can't find any changes in our system so far.