search

mozilla-services / syncserver

Run-Your-Own Firefox Sync Server
Mozilla Public License 2.0
1.87k stars 145 forks source link

[make test] SSL3_GET_SERVER_CERTIFICATE:certificate verify failed #6

Closed HLFH closed 10 years ago

HLFH commented 10 years ago

I'm using cacert.org and this CA is installed in /etc/ssl/certs/ca-certificates.crt

[root@intelnuc syncserver]# make test
# Basic syntax and sanity checks.
local/bin/flake8 ./syncserver
# Testcases from syncstorage app
local/bin/nosetests -s syncstorage.tests
..................................................................SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS..SSSSSSSSSSSSSSSS...SS...............
----------------------------------------------------------------------
Ran 233 tests in 39.551s

OK (SKIP=147)
# Testcases from tokenserver app; broken due to incorrect file paths
#local/bin/nosetests -s tokenserver.tests
# Live tests against a running server.
./local/bin/pserve syncserver/tests.ini & SERVER_PID=$! ; sleep 2 ; ./local/bin/python -m syncstorage.tests.functional.test_storage --use-token-server https://sync.gitnote.eu/token/1.0/sync/1.5 ; kill $SERVER_PID
Starting server in PID 24669.
2014-04-02 12:06:48 [24669] [INFO] Starting gunicorn 18.0
2014-04-02 12:06:48 [24669] [INFO] Listening at: http://127.0.0.1:5001 (24669)
2014-04-02 12:06:48 [24669] [INFO] Using worker: sync
2014-04-02 12:06:48 [24677] [INFO] Booting worker with pid: 24677
2014-04-02 12:06:48 [24678] [INFO] Booting worker with pid: 24678
2014-04-02 12:06:48 [24679] [INFO] Booting worker with pid: 24679
2014-04-02 12:06:48 [24681] [INFO] Booting worker with pid: 24681
Traceback (most recent call last):
  File "/usr/lib64/python2.7/runpy.py", line 162, in _run_module_as_main
    "__main__", fname, loader, pkg_name)
  File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code
    exec code in run_globals
  File "/var/www/syncserver/local/lib/python2.7/site-packages/syncstorage/tests/functional/test_storage.py", line 1270, in <module>
    res = run_live_functional_tests(TestStorage, sys.argv)
  File "/var/www/syncserver/local/lib/python2.7/site-packages/syncstorage/tests/functional/support.py", line 178, in run_live_functional_tests
    creds = authenticate_to_token_server(url, opts.email, opts.audience)
  File "/var/www/syncserver/local/lib/python2.7/site-packages/syncstorage/tests/functional/support.py", line 108, in authenticate_to_token_server
    "Authorization": "BrowserID " + assertion,
  File "/var/www/syncserver/local/lib/python2.7/site-packages/requests/api.py", line 55, in get
    return request('get', url, **kwargs)
  File "/var/www/syncserver/local/lib/python2.7/site-packages/requests/api.py", line 44, in request
    return session.request(method=method, url=url, **kwargs)
  File "/var/www/syncserver/local/lib/python2.7/site-packages/requests/sessions.py", line 382, in request
    resp = self.send(prep, **send_kwargs)
  File "/var/www/syncserver/local/lib/python2.7/site-packages/requests/sessions.py", line 485, in send
    r = adapter.send(request, **kwargs)
  File "/var/www/syncserver/local/lib/python2.7/site-packages/requests/adapters.py", line 379, in send
    raise SSLError(e)
requests.exceptions.SSLError: [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-04-02 12:06:50 [24669] [INFO] Handling signal: term
HLFH commented 10 years ago

This is all what I did : make serve works but not make test...

cd /var/www
git clone https://github.com/mozilla-services/syncserver
cd syncserver/

vim Makefile
VIRTUALENV = virtualenv2
PYTHON = local/bin/python
NOSE = local/bin/nosetests -s
FLAKE8 = local/bin/flake8
PIP = local/bin/pip
PIP_CACHE = /tmp/pip-cache.${USER}
BUILD_TMP = /tmp/syncstorage-build.${USER}
PYPI = https://pypi.python.org/simple
INSTALL = $(PIP) install -U -i $(PYPI)

.PHONY: all build test serve clean

all:     build test

build:
     $(VIRTUALENV) --no-site-packages --distribute ./local
     $(INSTALL) --upgrade Distribute
     $(INSTALL) pip
     $(INSTALL) nose
     $(INSTALL) flake8
     $(INSTALL) -r requirements.txt
     $(PYTHON) ./setup.py develop

test:
     # Basic syntax and sanity checks.
     $(FLAKE8) ./syncserver
     # Testcases from syncstorage app
     $(NOSE) syncstorage.tests
     # Testcases from tokenserver app; broken due to incorrect file paths
     #$(NOSE) tokenserver.tests
     # Live tests against a running server.
     ./local/bin/pserve syncserver/tests.ini & SERVER_PID=$$! ; sleep 2 ; ./local/bin/python -m syncstorage.tests.functional.test_storage --use-token-server https://sync.gitnote.eu/token/1.0/sync/1.5 ; kill $$SERVER_PID

serve:
     ./local/bin/pserve ./syncserver.ini

clean:
     rm -rf ./local
:wq!

vim syncserver.ini
[server:main]
use = egg:gunicorn
host = 127.0.0.1
port = 5001
workers = 4
timeout = 60

[app:main]
use = egg:syncserver

[syncserver]
# This must be edited to point to the public URL of your server.
public_url = https://sync.gitnote.eu

# This defines the database in which to store all server data.
sqluri = sqlite:////var/www/syncserver/sync.db

# This is a secret key used for signing authentication tokens.
#secret = INSERT_SECRET_KEY_HERE
:wq!

vim syncserver/tests.ini
[server:main]
use = egg:gunicorn
host = 127.0.0.1
port = 5001
workers = 4
timeout = 60

[app:main]
use = egg:SyncServer

[syncserver]
# This must be edited to point to the public URL of your server.
public_url = https://sync.gitnote.eu/

# This defines the database in which to store all server data.
sqluri = sqlite:////var/www/syncserver/sync.db

# This is a secret key used for signing authentication tokens.
#secret = INSERT_SECRET_KEY_HERE
:wq!

local/bin/easy_install gunicorn
make build

vim /etc/nginx/conf.d/sync.conf
server {
        listen 80;
        server_name sync.gitnote.eu;
        return 301 https://$server_name$request_uri;  # enforce https
       }

server {
        listen  443 ssl;
        server_name sync.gitnote.eu;

        ssl_certificate /etc/nginx/ssl/cacert/gitnote.eu.pem;
        ssl_certificate_key /etc/nginx/ssl/cacert/gitnote.eu_privatekey.pem;

        location / {
             proxy_pass_header Server;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Scheme $scheme;
                proxy_connect_timeout 10;
                proxy_read_timeout 120;
                proxy_pass http://127.0.0.1:5001/;
                }
        }
:wq!
systemctl restart nginx

make test
rfk commented 10 years ago

The tests use the requests module, which appears to bundle its own suite of ca certificates: https://github.com/kennethreitz/requests/blob/master/requests/certs.py

You could try adding your cert to the following file to add the cert: ./local/lib/python2.7/site-packages/requests/cacert.pem

Ideally requests would pick up certs from the default OS bundle but I'm not sure how to make that happen in a cross-platform way.

HLFH commented 10 years ago

@rfk Thanks for the tip.

I believe I have to wait to set up a 100% Firefox Sync server. https://github.com/mozilla/fxa-auth-server#dev-deployment