Date: Sat, 3 Oct 2015 15:20:01 +0200 From: Niklaas Baudet von Gersdorff <niklaas@kulturflatrate.net> To: freebsd-ports@freebsd.org Subject: Porting S3QL and ca-root-nss.crt: Python unable to find needed certificates Message-ID: <560FD601.8030502@kulturflatrate.net>
next in thread | raw e-mail | index | archive | help
Hi, I'm porting S3QL, see https://bitbucket.org/nikratio/s3ql/overview. It creates a mountable filesystem on a Amazon S3 bucket. I already came this far: https://github.com/niklaas/freebsd-port-s3ql which also requires two python modules there are so far no ports for too: llfuse: https://github.com/niklaas/freebsd-port-llfuse dugong: https://github.com/niklaas/freebsd-port-dugong `poudriere testport` works fine. I installed the port on a FreeBSD system successfully and it seems to work fine. S3QL connects to the S3 bucket via SSL. But the connection only works if I use the following command, explicitly stating the location of ca-root-nss.crt: mkfs.s3ql --backend-options ssl-ca-path=/usr/local/share/certs/ca-root-nss.crt s3://<bucket-name> Not doing so causes the following errors: > Traceback (most recent call last): > File "/usr/local/bin/mount.s3ql", line 9, in <module> > load_entry_point('s3ql==2.15', 'console_scripts', 'mount.s3ql')() > File "/usr/local/lib/python3.4/site-packages/s3ql/mount.py", line 120, in main > options.authfile, options.compress) > File "/usr/local/lib/python3.4/site-packages/s3ql/common.py", line 340, in get_backend_factory > backend.fetch('s3ql_passphrase') > File "/usr/local/lib/python3.4/site-packages/s3ql/backends/common.py", line 351, in fetch > return self.perform_read(do_read, key) > File "/usr/local/lib/python3.4/site-packages/s3ql/backends/common.py", line 107, in wrapped > return method(*a, **kw) > File "/usr/local/lib/python3.4/site-packages/s3ql/backends/common.py", line 314, in perform_read > fh = self.open_read(key) > File "/usr/local/lib/python3.4/site-packages/s3ql/backends/common.py", line 107, in wrapped > return method(*a, **kw) > File "/usr/local/lib/python3.4/site-packages/s3ql/backends/s3c.py", line 302, in open_read > resp = self._do_request('GET', '/%s%s' % (self.prefix, key)) > File "/usr/local/lib/python3.4/site-packages/s3ql/backends/s3c.py", line 437, in _do_request > query_string=query_string, body=body) > File "/usr/local/lib/python3.4/site-packages/s3ql/backends/s3c.py", line 668, in _send_request > self.conn.send_request(method, path, body=body, headers=headers) > File "/usr/local/lib/python3.4/site-packages/dugong/__init__.py", line 508, in send_request > self.timeout) > File "/usr/local/lib/python3.4/site-packages/dugong/__init__.py", line 1396, in eval_coroutine > if not next(crt).poll(timeout=timeout): > File "/usr/local/lib/python3.4/site-packages/dugong/__init__.py", line 535, in co_send_request > self.connect() > File "/usr/local/lib/python3.4/site-packages/dugong/__init__.py", line 444, in connect > self._sock = self.ssl_context.wrap_socket(self._sock, server_hostname=server_hostname) > File "/usr/local/lib/python3.4/ssl.py", line 365, in wrap_socket > _context=self) > File "/usr/local/lib/python3.4/ssl.py", line 583, in __init__ > self.do_handshake() > File "/usr/local/lib/python3.4/ssl.py", line 810, in do_handshake > self._sslobj.do_handshake() > ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600) I did some research and found this *fixed* bug which is more or less recent: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196431 I was wondering whether there are still some issues with security/ca_root_nss or whether I forgot to specify something in the Makefile? How can I find out where python is looking for the certificates? This would enable me to create a symlink which could be added to the final version of my port of net/s3ql then too. (Note: I don't know python.) Any help is very much appreciated. Best, -- Niklaas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?560FD601.8030502>