Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

https server not work #116

Open
77598072 opened this issue Jul 8, 2020 · 6 comments
Open

https server not work #116

77598072 opened this issue Jul 8, 2020 · 6 comments

Comments

@77598072
Copy link

77598072 commented Jul 8, 2020

I requested https service, he reported an error.

HTTPSConnectionPool(host='***, port=443): Max retries exceeded with 
url: /** (Caused by SSLError(SSLError("bad handshake:
Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

I read the source code and made the following changes, it work, but I want to know, is there an official way to complete the https request?

class ProxyView(ProxyView):
    upstream = 'https://****/'

    def __init__(self, *args, **kwargs):
        super(ProxyView, self).__init__(*args, **kwargs)
        self.http = urllib3.PoolManager(cert_reqs='CERT_REQUIRED', ca_certs=certifi.where())
  
@zoobab
Copy link

zoobab commented May 28, 2024

I have the same issue, is there a way to pass verify=False?

@andruten
Copy link
Member

andruten commented Jun 5, 2024

Hi @zoobab @77598072!

Thanks for posting the issue. I've set https upstream in several projects without any issue. Are you using same server? If proxy resolves in an internal url you should use http instead of https.

@zoobab
Copy link

zoobab commented Jun 5, 2024

I have made the following patch to achieve the same verify=False functionality, but I am sure there is a way to add this feature in a more cleaner way, doing it with sed in a Dockerfile:

# patch for SSL verify false, see https://github.com/jazzband/django-revproxy/issues/116 and https://stackoverflow.com/questions/36600583/python-3-urllib-ignore-ssl-certificate-verification
USER root
RUN sed -i "s/HTTP_POOLS\ =\ urllib3.PoolManager()/HTTP_POOLS\ =\ urllib3.PoolManager(cert_reqs='CERT_NONE')/g" /opt/conda/envs/myproxy/lib/python3.1/site-packages/revproxy/views.py
RUN sed -i "s/import\ urllib3/import\ urllib3\nurllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)/g" /opt/conda/envs/myproxy/lib/python3.1/site-packages/revproxy/views.py

For me it works(tm), but I would welcome an option to ignore SSL verifications, as curl has it with the -k option.

@andruten
Copy link
Member

andruten commented Jun 5, 2024

@zoobab what urllib3 version are you using?

@zoobab
Copy link

zoobab commented Jun 5, 2024

@andruten urllib3==2.2.1

@andruten
Copy link
Member

andruten commented Jun 5, 2024

@zoobab Could you try with a 1.26.x version?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants