On Thu, Feb 13, 2014 at 4:58 PM, Arthur Richards arichards@wikimedia.orgwrote:
Actually, I semi-take that back. I am still getting some exceptions like: requests.exceptions.SSLError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
At first I thought this might be an issue of CA keys not being on tool labs, but that does not appear to be the case. Run from the same host as the tool in question:
local-bingle@tools-login:~$ curl -v https://bugzilla.wikimedia.org * About to connect() to bugzilla.wikimedia.org port 443 (#0) * Trying 208.80.154.41... connected * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using RC4-SHA * Server certificate: * subject: serialNumber=BhQHbaOWi1kF5o57ZgySvt3TVywIQOGI; OU=GT90855227; OU=See www.rapidssl.com/resources/cps (c)13; OU=Domain Control Validated - RapidSSL(R); CN=bugzilla.wikimedia.org * start date: 2013-11-03 18:52:33 GMT * expire date: 2017-11-05 19:36:25 GMT * subjectAltName: bugzilla.wikimedia.org matched * issuer: C=US; O=GeoTrust, Inc.; CN=RapidSSL CA * SSL certificate verify ok.
The only other thing I can think of is my original theory of an issue with the out of date Python Requests library. Anybody else have ideas?