gcloud crashed with SSL CERT VERIFICATION

[GoogleCodeExporter]

Issue running command [gcloud compute ssh].

What steps will reproduce the problem?

gcloud compute ssh [vm instance]

this error is intermittent. Not sure why it goes away eventually.

What is the expected output? What do you see instead?

connect to the instance

Please provide any additional information below.

Traceback (most recent call last):
  File "googlecloudsdk/gcloud_main.py", line 169, in main
    gcloud_cli.Execute()
  [...]
  File "googlecloudsdk/third_party/apitools/base/py/http_wrapper.py", line 340, in MakeRequest
    check_response_func=check_response_func)
  File "googlecloudsdk/third_party/apitools/base/py/http_wrapper.py", line 389, in _MakeRequestNoRetry
    redirections=redirections, connection_type=connection_type)
  File "googlecloudsdk/core/cli.py", line 330, in RequestWithErrHandling
    return orig_request(*args, **kwargs)
  File "third_party/oauth2client/client.py", line 569, in new_request
    redirections, connection_type)
  File "googlecloudsdk/core/cli.py", line 298, in RequestWithUserAgentAndTracing
    return orig_request(*modified_args, **kwargs)
  File "third_party/httplib2/__init__.py", line 1610, in request
    (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
  File "third_party/httplib2/__init__.py", line 1352, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "third_party/httplib2/__init__.py", line 1272, in _conn_request
    conn.connect()
  File "third_party/httplib2/__init__.py", line 1059, in connect
    raise SSLHandshakeError(e)
SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed 
(_ssl.c:590)

[output truncated]

Original issue reported on code.google.com by noel.d.m...@macys.com on 14 Mar 2016 at 9:41

[GoogleCodeExporter]

Thanks for the feedback.

This may be a problem with your Python installation. What version is installed?

Original comment by gsfow...@google.com on 15 Mar 2016 at 1:41

• Changed state: NeedsMoreInfo

[GoogleCodeExporter]

Python 2.7.11

Original comment by noel.d.m...@macys.com on 15 Mar 2016 at 5:16

[GoogleCodeExporter]

Sometimes changing the version of python helps. It is always an intermittent 
issue and doesn't last longer than 5-10 minutes as far as I can tell. We are 
behind a corporate proxy and it wouldn't surprise me if that has something to 
do with it.

Original comment by noel.d.m...@macys.com on 17 Mar 2016 at 6:21

[GoogleCodeExporter]

My hunch is that you're right–it's something where your network is making it 
so that we can't validate the cert from upstream. I think gcloud is doing the 
right thing here, but the error message is really bad.

When this happens, can you connect to https://www.googleapis.com/ in your 
browser?

Original comment by z...@google.com on 17 Mar 2016 at 6:30

[GoogleCodeExporter]

It happened again and this is what I see when I try to hit the above link

Your connection is not private

Attackers might be trying to steal your information from www.googleapis.com 
(for example, passwords, messages, or credit cards). 
NET::ERR_CERT_AUTHORITY_INVALID
  Automatically report details of possible security incidents to Google. Privacy policy
ReloadHide advanced
www.googleapis.com normally uses encryption to protect your information. When 
Google Chrome tried to connect to www.googleapis.com this time, the website 
sent back unusual and incorrect credentials. This may happen when an attacker 
is trying to pretend to be www.googleapis.com, or a Wi-Fi sign-in screen has 
interrupted the connection. Your information is still secure because Google 
Chrome stopped the connection before any data was exchanged.

You cannot visit www.googleapis.com right now because the website uses HSTS. 
Network errors and attacks are usually temporary, so this page will probably 
work later.

Original comment by noel.d.m...@macys.com on 17 Mar 2016 at 10:35

[GoogleCodeExporter]

Okay, then there's nothing really we can do here except make the error message 
better unfortunately–something about your network is causing you to get an 
invalid certificate.

Original comment by z...@google.com on 17 Mar 2016 at 11:00

• Changed state: Accepted

[GoogleCodeExporter]

okay, please feel free to close this ticket.

Original comment by noel.d.m...@macys.com on 17 Mar 2016 at 11:31

[GoogleCodeExporter]

Original comment by z...@google.com on 17 Mar 2016 at 11:37

• Changed state: WorkingAsIntended