accept use of self-signed ssl certificate

[Notmarrco]

Hi, When I try to connect to my self hosted trovebox site, I get this error.

Traceback (most recent call last): File "./import.py", line 24, in <module> resp = client.get("/photos/list.json") File "/usr/local/lib/python2.6/dist-packages/trovebox/http.py", line 81, in get response = session.get(url, params=params, auth=auth, verify=False) File "/usr/local/lib/python2.6/dist-packages/requests/sessions.py", line 254, in get return self.request('get', url, **kwargs) File "/usr/local/lib/python2.6/dist-packages/requests/sessions.py", line 241, in request r.send(prefetch=prefetch) File "/usr/local/lib/python2.6/dist-packages/requests/models.py", line 518, in send r = self.auth(self) File "/usr/local/lib/python2.6/dist-packages/requests_oauthlib/core.py", line 58, in __call__ if is_form_encoded or extract_params(r.body): AttributeError: 'Request' object has no attribute 'body'

I can't understand why but I suspect that it is because of https + self signed certificate, and I can't find a way to disable certificate checking.

[sneakypete81]

The error seems a bit strange - can you please confirm the versions that you have installed:

python -V
#  <python version>

python
import trovebox
print trovebox.__version__
#   <openphoto-python version>

import requests
print requests.__version__
#   <requests version>

import requests_oauthlib
print requests_oauthlib.__version__
#   <requests_oauthlib version>

The requests_oauthlib version reporting might fail, since this was only added very recently. Can you find the requests_oauthlib version some other way? Perhaps by reinstalling:

sudo pip install requests_oauthlib

...and see what it reports.

[sneakypete81]

Also, does it work for the hosted trovebox.com site? For example:

trovebox -h current.trovebox.com

[Notmarrco]

Gasp, you were right ! I had an old version of requests. :smile:

After upgrading I can now track the certification bug more clearly.

Traceback (most recent call last):
  File "./import.py", line 23, in <module>
    resp = client.get("/photos/list.json")
  File "/usr/local/lib/python2.6/dist-packages/trovebox/http.py", line 80, in get
    response = session.get(url, params=params, auth=auth)
  File "/usr/local/lib/python2.6/dist-packages/requests/sessions.py", line 347, in get
    return self.request('GET', url, **kwargs)
  File "/usr/local/lib/python2.6/dist-packages/requests/sessions.py", line 335, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.6/dist-packages/requests/sessions.py", line 438, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.6/dist-packages/requests/adapters.py", line 331, in send
    raise SSLError(e)
requests.exceptions.SSLError: [Errno 1] _ssl.c:490: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

If I call resp = client.get("/photos/list.json", verify=False) it doesn't change a thing though the session.get should take all the "params".

I can make it work if I call response = session.get(url, params=params, auth=auth, verify=False) in http.py . I don't understand why the verify=False in the client.get call is not propagated to the session.get call ....

[sneakypete81]

Additional parameters to the "get" method are passed as URL query parameters, not added to the session.get call. I'll need to add a specific option to allow ssl verification to be disabled.

Thanks for reporting this!

[sneakypete81]

This should be fixed now - please test with the latest development branch (https://github.com/photo/openphoto-python/archive/development.zip).

You'll need to use the new configure method:

import trovebox
client = trovebox.Trovebox()
client.configure(ssl_verify=False)

I don't have an SSL-enabled server to test this on, but have checked that the requests session has "verify=False" set for the above.

Please let me know if this works for you.

[sneakypete81]

Fixed in v0.5