Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More root cause info in the exception when CA cert verification fails #2036

Open
andy-maier opened this issue Dec 17, 2019 · 3 comments
Open

More root cause info in the exception when CA cert verification fails #2036

andy-maier opened this issue Dec 17, 2019 · 3 comments
Assignees
@andy-maier
Labels
area: code type: enhancement
Milestone
1.8.0

Comments

@andy-maier
Copy link
Contributor

The new requests-based implementation (and also the earlier implementation) is quite brief when the CA certificate verification fails:

ConnectionError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727); OpenSSL version used: OpenSSL 1.1.1d 10 Sep 2019

This issue is to find out whether and how it is possible to include some more information about what was wrong. Even showing the CA certificate file/directory would help, but showing which part of the verification failed would be even better.
@andy-maier andy-maier added this to the 1.0.0 milestone Dec 17, 2019
@andy-maier andy-maier mentioned this issue Feb 1, 2020
Open
@andy-maier
Copy link
Contributor Author

andy-maier commented Feb 1, 2020
edited

This one should be started by reporting the exceptions that are raised when CA verification fails, e.g. with a number of common cases.

@KSchopmeyer has agreed to do that and post the results. Could be done in conjunction with issue #2038.

@andy-maier andy-maier modified the milestones: 1.0.0, 1.1.0 Mar 25, 2020
@andy-maier andy-maier mentioned this issue Jul 17, 2020
Closed
@andy-maier andy-maier removed this from the 1.1.0 milestone Aug 19, 2020
@andy-maier andy-maier mentioned this issue Oct 3, 2020
Closed
@andy-maier andy-maier added this to the 1.2.0 milestone Oct 10, 2020
@andy-maier andy-maier removed this from the 1.2.0 milestone Jan 13, 2021
@andy-maier
Copy link
Contributor Author

Moved to next release along with issue #2038 .

@andy-maier andy-maier added this to the 1.3.0 milestone Mar 6, 2021
@andy-maier andy-maier removed this from the 1.3.0 milestone Jun 11, 2021
@andy-maier andy-maier added this to the 1.5.0 milestone Mar 1, 2022
@andy-maier andy-maier modified the milestones: 1.5.0, 1.6.0 Aug 2, 2022
@andy-maier andy-maier modified the milestones: 1.6.0, 1.7.0 Nov 29, 2022
@andy-maier andy-maier modified the milestones: 1.7.0, 1.8.0 Oct 9, 2023
@andy-maier
Copy link
Contributor Author

A few common cases are:

  • CIM server presents a server certificate that is expired (and otherwise valid).
  • CIM server presents a server certificate that has a different subject name than its hostname (and is otherwise valid).
  • CIM server presents a server certificate that is valid but CIM client does not have a matching CA certificate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andy-maier andy-maier

Labels
area: code type: enhancement
Projects
None yet
Milestone
1.8.0
Development

No branches or pull requests
2 participants
@KSchopmeyer @andy-maier