I’m getting following error when I try to run the tcms-api module but following the steps given,
https://tcms-api.readthedocs.io/en/latest/modules/tcms_api.html#module-tcms_api
I’m using python 3 in CentOS, applied our own domain and certificates by mounting the certificates to docker container.
Can you please tell how to solve the SSL Certificate verification failure error?
[root@KiwiTCMS-Testcase-Portal docker-compose]# python3 test-api.py
Traceback (most recent call last):
File "test-api.py", line 5, in <module>
rpc_client = TCMS()
File "/opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/tcms_api/__init__.py", line 123, in __init__
config['tcms']['url']).server
File "/opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/tcms_api/xmlrpc.py", line 124, in __init__
self.login(username, password, url)
File "/opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/tcms_api/xmlrpc.py", line 131, in login
self.server.Auth.login(username, password)
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/xmlrpc/client.py", line 1112, in __call__
return self.__send(self.__name, args)
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/xmlrpc/client.py", line 1452, in __request
verbose=self.__verbose
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/xmlrpc/client.py", line 1154, in request
return self.single_request(host, handler, request_body, verbose)
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/xmlrpc/client.py", line 1166, in single_request
http_conn = self.send_request(host, handler, request_body, verbose)
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/xmlrpc/client.py", line 1279, in send_request
self.send_content(connection, request_body)
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/xmlrpc/client.py", line 1309, in send_content
connection.endheaders(request_body)
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/http/client.py", line 1282, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/http/client.py", line 1042, in _send_output
self.send(msg)
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/http/client.py", line 980, in send
self.connect()
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/http/client.py", line 1448, in connect
server_hostname=server_hostname)
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/ssl.py", line 407, in wrap_socket
_context=self, _session=session)
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/ssl.py", line 817, in __init__
self.do_handshake()
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/ssl.py", line 1077, in do_handshake
self._sslobj.do_handshake()
File "/opt/rh/rh-python36/root/usr/lib64/python3.6/ssl.py", line 689, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)
2
Answers
Introducing the following line fix the issue,
I see that you are using Python 3.6 from RedHat’s SoftwareCollections. That version contains a bug (or arguably a security feature) which doesn’t respect settings documented in upstream Python which allow you to accept untrusted SSL certificates. There are lots of these things reported on bugzilla.redhat.com but I don’t think they will change it!
This is how we do it in our test suite:
https://github.com/kiwitcms/tcms-api/blob/master/tests/krb5/integration_test.py#L18