ngomstronic / svc-perf

Automatically exported from code.google.com/p/svc-perf
0 stars 0 forks source link

pywbem.cim_operations.CIMError: (0, 'Socket error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)') #3

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Installed Ubuntu Server 15.04 + LAMP + Zabbix
2. Installed and configured svc-perf from instructions in INSTALL file
3. Always getting the error "SSL: CERTIFICATE_VERIFY_FAILED" for all svc 
scripts.

Would like to get this working. Thanks!

Original issue reported on code.google.com by integ...@gmail.com on 12 May 2015 at 7:33

GoogleCodeExporter commented 8 years ago
sudo -u zabbix /etc/zabbix/externalscripts/svc_status.sh

works.

Original comment by integ...@gmail.com on 12 May 2015 at 7:37

GoogleCodeExporter commented 8 years ago
This seems to be related to Python 2.7.9. They introduced certificate 
validation. Looking for a solution.

Original comment by integ...@gmail.com on 12 May 2015 at 8:32

GoogleCodeExporter commented 8 years ago
Fixed. See:

https://www.python.org/dev/peps/pep-0476/

It is also possible, though highly discouraged , to globally disable 
verification by monkeypatching the ssl module in versions of Python that 
implement this PEP:

import ssl

try:
    _create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
    # Legacy Python that doesn't verify HTTPS certificates by default
    pass
else:
    # Handle target environment that doesn't support HTTPS verification
    ssl._create_default_https_context = _create_unverified_https_context

This guidance is aimed primarily at system administrators that wish to adopt 
newer versions of Python that implement this PEP in legacy environments that do 
not yet support certificate verification on HTTPS connections. For example, an 
administrator may opt out by adding the monkeypatch above to sitecustomize.py 
in their Standard Operating Environment for Python. Applications and libraries 
SHOULD NOT be making this change process wide (except perhaps in response to a 
system administrator controlled configuration setting).

Particularly security sensitive applications should always provide an explicit 
application defined SSL context rather than relying on the default behaviour of 
the underlying Python implementation.

Original comment by integ...@gmail.com on 12 May 2015 at 8:49