(Migrated) "InsecurePlatformWarning"

(This message has been automatically imported from the retired mailing list)

I notice the following is logged when I use HTTPS outgoing channels
(zato 2.0.3 under Ubuntu 14.04)

2015-05-19 01:00:01,342 - ESC[1;33mWARNINGESC[0m - 10818:Dummy-3726 -
py.warnings:22 -
/opt/zato/2.0.3/eggs/requests-2.6.0-py2.7.egg/requests/packages/urllib3/util/ssl_.py:79:
InsecurePlatformWarning: A true SSLContext object is not available. This
prevents urllib3 from configuring SSL appropriately and may cause
certain SSL connections to fail. For more information, see
https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning

The documentation at that link says either to use pyOpenSSL or to use
python 2.7.9+, and then points to
https://urllib3.readthedocs.org/en/latest/security.html#pyopenssl

However: I also notice that Zato already includes the pyOpenSSL module:
/opt/zato/2.0.3/eggs/pyOpenSSL-0.14-py2.7.egg

And similar instructions are also included in
/opt/zato/2.0.3/eggs/requests-2.6.0-py2.7.egg/requests/packages/urllib3/contrib/pyopenssl.py

 try:
     import urllib3.contrib.pyopenssl
     urllib3.contrib.pyopenssl.inject_into_urllib3()
 except ImportError:
     pass

Isn’t this something which zato itself should be doing? Or is the user
expected to include this themselves somewhere? If so, it’s not clear to
me where I could safely hook this into zato initialization myself.

Regards,

Brian.

On 19/05/15 11:08, Brian Candler wrote:

Isn’t this something which zato itself should be doing? Or is the user
expected to include this themselves somewhere? If so, it’s not clear to
me where I could safely hook this into zato initialization myself.

Hi Brian,

you’re right that it should be handled automatically when a server
starts up.

It should be possible to add it to 2.0.4.