New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
--no-verify-ssl is broken in CentOS/RHEL 8 #8213
Comments
@alexzorin Thanks for notifying me about this. Unfortunately The bugzilla issue you linked is for Fedora which should be much easier. I'll ping the maintainers later today. |
Whoops! I was initially looking at requests as the culprit and did not notice that urlllib3 is in base. My bad, nice catch. Thanks! |
@alexzorin I read a bit in the urllib3 issue you linked but I'm not sure what versions are actually affected.
So I guess Fedora should be fine and Fedora's |
I failed to mention that where I ran into this was in CentOS 8, which ships with:
The linked issue does not mention that the issue goes back as far as 1.24.2, but I believe it is the same one. Forcefully upgrading the system urlllib3 (via pip) to urllib3-1.25.10 makes the issue go away. I gather that the change for CentOS would need to be picked up from RHEL? |
CentOS will ship whatever RHEL (base) ships (with a short delay). So the first thing to do is to file a bugzilla issue against RHEL 8. |
Could you please open a bug at https://bugzilla.redhat.com/ and reference this issue? |
Turns out this was fixed by a change between Python |
While trying to test with Pebble in EPEL8, I found that
--no-verify-ssl
was not actually doing anything. Digging in, it appears that the version ofpython3-urllib3
published in EPEL8 is affected by urllib3/urllib3#1682, which makes it impossible to disable verification in some environments.This is not actually an issue in Certbot and as such can probably be closed immediately, but I'm just wondering @FelixSchwarz whether you have any advice about getting https://bugzilla.redhat.com/show_bug.cgi?id=1824900 moving? Should a separate bug be filed? Sorry, newbie to EL land.
The text was updated successfully, but these errors were encountered: