https server not work

[77598072]

I requested https service, he reported an error.

HTTPSConnectionPool(host='***, port=443): Max retries exceeded with 
url: /** (Caused by SSLError(SSLError("bad handshake:
Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

I read the source code and made the following changes, it work, but I want to know, is there an official way to complete the https request?

class ProxyView(ProxyView):
    upstream = 'https://****/'

    def __init__(self, *args, **kwargs):
        super(ProxyView, self).__init__(*args, **kwargs)
        self.http = urllib3.PoolManager(cert_reqs='CERT_REQUIRED', ca_certs=certifi.where())

[zoobab]

I have the same issue, is there a way to pass verify=False?

[andruten]

Hi @zoobab @77598072!

Thanks for posting the issue. I've set https upstream in several projects without any issue. Are you using same server? If proxy resolves in an internal url you should use http instead of https.

[zoobab]

I have made the following patch to achieve the same verify=False functionality, but I am sure there is a way to add this feature in a more cleaner way, doing it with sed in a Dockerfile:

# patch for SSL verify false, see https://github.com/jazzband/django-revproxy/issues/116 and https://stackoverflow.com/questions/36600583/python-3-urllib-ignore-ssl-certificate-verification
USER root
RUN sed -i "s/HTTP_POOLS\ =\ urllib3.PoolManager()/HTTP_POOLS\ =\ urllib3.PoolManager(cert_reqs='CERT_NONE')/g" /opt/conda/envs/myproxy/lib/python3.1/site-packages/revproxy/views.py
RUN sed -i "s/import\ urllib3/import\ urllib3\nurllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)/g" /opt/conda/envs/myproxy/lib/python3.1/site-packages/revproxy/views.py

For me it works(tm), but I would welcome an option to ignore SSL verifications, as curl has it with the -k option.

[andruten]

@zoobab what urllib3 version are you using?

[zoobab]

@andruten urllib3==2.2.1

[andruten]

@zoobab Could you try with a 1.26.x version?