[Kimchi-devel] [Fwd: Fw: Is this SSL error an issue, or expected behavior?]

Rodrigo, Not to beat a dead horse here (hopefully you've all heard that expression before, heh), but my question wasn't about how to get it working or why it's happening -- but rather if we should handle the error instead of having it shown to users. See: ] ENGINE socket.error 1 Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py", line 1292, in communicate req.parse_request() File "/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py", line 580, in parse_request success = self.read_request_line() File "/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py", line 611, in read_request_line request_line = self.rfile.readline() File "/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py", line 274, in readline data = self.rfile.readline(256) File "/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py", line 1114, in readline data = self.recv(self._rbufsize) File "/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py", line 990, in recv data = self._sock.recv(size) File "/usr/lib64/python2.7/ssl.py", line 241, in recv return self.read(buflen) File "/usr/lib64/python2.7/ssl.py", line 160, in read return self._sslobj.read(len) SSLError: [Errno 1] _ssl.c:1419: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca If we're all okay with that showing up in the kimchi command output -- fine. I just wanted to be sure. Regards, -------- Forwarded Message -------- From: Christy L Norman Perez <clnperez(a)us.ibm.com&gt; To: christy(a)linux.vnet.ibm.com Subject: Fw: Is this SSL error an issue, or expected behavior? Date: Fri, 3 Jan 2014 16:42:55 -0600 ----- Forwarded by Christy L Norman Perez/Austin/IBM on 01/03/2014 04:01 PM ----- From: Rodrigo Trujillo/Brazil/IBM@IBMBR To: Christy L Norman Perez/Austin/IBM@IBMUS, Rodrigo Trujillo/Brazil/IBM, Daniel Henrique Barboza/Brazil/IBM@IBMBR, Adriano Araujo dos Reis Botega/Brazil/IBM@IBMBR, Scott Garfinkle/Austin/IBM@IBMUS, Christy L Norman Perez/Austin/IBM@IBMUS, De Xin AD Wu/China/IBM@IBMCN, Zheng Sheng ZS Zhou/China/IBM@IBMCN Cc: kimchi-ginger-dev@IBMUS Date: 12/27/2013 05:06 AM Subject: Re: Is this SSL error an issue, or expected behavior? Like Mark said, this problem is caused by the CA which signed the Kimchi certificate ... actually, it is an auto signed certificate.... you can see running: openssl x509 -text -in src/kimchi-cert.pem notice that the issuer is kimchi itself. The error is caused because by kimchi actually. It happens because the browser or url requester does not accept the certificate. So, if you use curl for testing, use the option "-k" (insecure) ... if you are using browser , they usually ask if you would like to trust the certificate. Regards Rodrigo Trujillo Staff Software Engineer Linux Technology Center - Brasil From: Christy L Norman Perez/Austin/IBM@IBMUS To: kimchi Date: 19/12/2013 16:11 Subject: Is this SSL error an issue, or expected behavior? To pick up from the e-mail I started yesterday... The ca error does go away if I go in and "forget about the site," create an exception for the certificate, then try again. I also played with this a bit to see if I can get the regular kimchi build to give me the same error, and I could. So, I think this could be discussed as an issue with kimchi (not just kimchi-ginger). Regards, Christy Norman Perez <clnperez(a)us.ibm.com&gt; Software Engineer IBM KVM Assistance Program Linux Technology Center 512.286.7821 (T/L 363.7821)