Rodrigo,
Not to beat a dead horse here (hopefully you've all heard that
expression before, heh), but my question wasn't about how to get it
working or why it's happening -- but rather if we should handle the
error instead of having it shown to users. See:
] ENGINE socket.error 1
Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py",
line 1292, in communicate
req.parse_request()
File
"/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py",
line 580, in parse_request
success = self.read_request_line()
File
"/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py",
line 611, in read_request_line
request_line = self.rfile.readline()
File
"/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py",
line 274, in readline
data = self.rfile.readline(256)
File
"/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py",
line 1114, in readline
data = self.recv(self._rbufsize)
File
"/usr/lib/python2.7/site-packages/cherrypy/wsgiserver/wsgiserver2.py",
line 990, in recv
data = self._sock.recv(size)
File "/usr/lib64/python2.7/ssl.py", line 241, in recv
return self.read(buflen)
File "/usr/lib64/python2.7/ssl.py", line 160, in read
return self._sslobj.read(len)
SSLError: [Errno 1] _ssl.c:1419: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
If we're all okay with that showing up in the kimchi command output --
fine. I just wanted to be sure.
Regards,
-------- Forwarded Message --------
From: Christy L Norman Perez <clnperez(a)us.ibm.com>
To: christy(a)linux.vnet.ibm.com
Subject: Fw: Is this SSL error an issue, or expected behavior?
Date: Fri, 3 Jan 2014 16:42:55 -0600
----- Forwarded by Christy L Norman Perez/Austin/IBM on 01/03/2014 04:01 PM
-----
From: Rodrigo Trujillo/Brazil/IBM@IBMBR
To: Christy L Norman Perez/Austin/IBM@IBMUS, Rodrigo
Trujillo/Brazil/IBM, Daniel Henrique Barboza/Brazil/IBM@IBMBR,
Adriano Araujo dos Reis Botega/Brazil/IBM@IBMBR, Scott
Garfinkle/Austin/IBM@IBMUS, Christy L Norman
Perez/Austin/IBM@IBMUS, De Xin AD Wu/China/IBM@IBMCN, Zheng
Sheng ZS Zhou/China/IBM@IBMCN
Cc: kimchi-ginger-dev@IBMUS
Date: 12/27/2013 05:06 AM
Subject: Re: Is this SSL error an issue, or expected behavior?
Like Mark said, this problem is caused by the CA which signed the Kimchi
certificate ... actually, it is an auto signed certificate....
you can see running:
openssl x509 -text -in src/kimchi-cert.pem
notice that the issuer is kimchi itself.
The error is caused because by kimchi actually. It happens because the
browser or url requester does not accept the certificate.
So, if you use curl for testing, use the option "-k" (insecure) ... if you
are using browser , they usually ask if you would like to trust the
certificate.
Regards
Rodrigo Trujillo
Staff Software Engineer
Linux Technology Center - Brasil
From: Christy L Norman Perez/Austin/IBM@IBMUS
To: kimchi
Date: 19/12/2013 16:11
Subject: Is this SSL error an issue, or expected behavior?
To pick up from the e-mail I started yesterday...
The ca error does go away if I go in and "forget about the site," create an
exception for the certificate, then try again. I also played with this a
bit to see if I can get the regular kimchi build to give me the same error,
and I could. So, I think this could be discussed as an issue with kimchi
(not just kimchi-ginger).
Regards,
Christy Norman Perez <clnperez(a)us.ibm.com>
Software Engineer
IBM KVM Assistance Program
Linux Technology Center
512.286.7821 (T/L 363.7821)