Skip to content
This repository has been archived by the owner on Dec 16, 2017. It is now read-only.

Warning on HTTPS connections #143

Open
krmaxwell opened this issue Apr 3, 2015 · 7 comments
Open

Warning on HTTPS connections #143

krmaxwell opened this issue Apr 3, 2015 · 7 comments
Labels
bug
Milestone
v0.8

Comments

@krmaxwell
Copy link
Owner 

/home/kmaxwell/src/maltrieve/venv/local/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:79: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
@krmaxwell
Copy link
Owner Author

So my inclination is that we should require valid certificates from the list sources (e.g. ZeusTracker) but not from the served samples themselves (because we expect badness there). Thoughts?

@krmaxwell
Copy link
Owner Author

Based on https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning , it looks like the real fix is to upgrade to v2.7.9 or greater.

@krmaxwell krmaxwell added the bug label Apr 4, 2015
@krmaxwell krmaxwell added this to the v0.8 milestone Apr 4, 2015
@krmaxwell
Copy link
Owner Author

Orrrr to install the security extras.

@webstergd
Copy link
Contributor

I do not think Ubuntu LTE has upgraded to that version yet on the standard
install. I think it is a nice to have with the source list. It really
shouldn't matter when downloading the samples as it is already malicious.
People should also be using a Proxy.

On Tue, May 26, 2015 at 5:27 PM, Kyle Maxwell [email protected]
wrote:

Orrrr to install the security extras
http://stackoverflow.com/a/29202163/1569808.


Reply to this email directly or view it on GitHub
#143 (comment)
.

@krmaxwell
Copy link
Owner Author

For me, this is as much about the UX as anything else. All those warnings clutter up the display. Also, assuming that you're using pip install -r requirements.txt then we should be able to do everything via PyPI.

@webstergd
Copy link
Contributor

fully agree. That warning is an annoying one for sure.

On Tue, May 26, 2015 at 9:36 PM, Kyle Maxwell [email protected]
wrote:

For me, this is as much about the UX as anything else. All those warnings
clutter up the display. Also, assuming that you're using pip install -r
requirements.txt then we should be able to do everything via PyPI.


Reply to this email directly or view it on GitHub
#143 (comment)
.

@jrespeto
Copy link

I was getting security errors also did this to fix it.

apt-get install libffi-dev openssl-dev
pip install requests[security]

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
v0.8
Development

No branches or pull requests
3 participants
@krmaxwell @jrespeto @webstergd