(Migrated) Re: https follow up

On 01/29/2014 01:03 AM, Jeffrey Gong wrote:

I suspect it has something to do with the cert chain in our office
environment. going to look at it from that direction. enclosed is the error
message I get when I change the outgoing channel to https and ping it.
http, no s, pings fine but the data source is https…

Hi Jeffrey,

can you please have a look at this URL?

http://docs.python-requests.org/en/latest/user/advanced/#ssl-cert-verification

Basically, when you issue an HTTP request with an outconn, i.e.

out = self.self.outgoing.plain_http.get(‘my conn’)
response = out.conn.get(self.cid)

you can also pass some flags into it, ‘verify’ is one of them.

If it’s not a boolean, this can be a path to a bundle of certificates
such as

response = out.conn.get(self.cid, verify=’/my/certs.pem’)

For instance, let’s say you’ve installed Zato 1.1 to /opt/zato so the
default bundle is in
/opt/zato/code/eggs/requests-1.2.3-py2.7.egg/requests/cacert.pem/ i.e.
it’s bundled along with the requests library.

Now using the ‘verify’ flag you specify some other bundle. Or you can
copy this default one over to a different directory, add your
certificate to this new copy and provide it in the ‘verify’ flag.

You can also start by simply updating the default bundle directly with
your own cert but don’t forget to use the ‘verify’ flag eventually so
your changes are never get accidentally overwritten.

Can you please confirm this works for you?