gitlab-watchman icon indicating copy to clipboard operation
gitlab-watchman copied to clipboard

Published 20 hours ago verified publisher icon PaperMtn

Disable SSL Veriry

Open itsecforu opened this issue 3 years ago • 4 comments

Hey!

I got the error Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED on every step

How can i disable it to check without SSL?

itsecforu avatar Feb 09 '21 08:02 itsecforu

no ideas ? :-(

itsecforu avatar Feb 10 '21 10:02 itsecforu

Hi. Do you have a valid SSL certificate on your GitLab instance?

I imagine this is caused as the requests library sets SSL verify as true by default, and it’s configured in GitLab Watchman to verify SSL as well.

It’s debatable the merits of turning this off, and I ’m reluctant to change it to not check by default as really most environments should be using a valid SSL certificate for GitLab instances.

If you’re building from source, you could change it yourself by modifying line 29 in gitlab-watchman/gitlab_watchman/gitlab_wrapper.py to verify_ssl=False

Let me know how it goes.

PaperMtn avatar Feb 10 '21 22:02 PaperMtn

Hey! Thx u for feedback! Cert valid to 4757 year :-D I use self-signed certificate. I tried to add rootca.cert to /etc/pki/ca-certs/source/anchors/ , but it still doesnt work. with verify_ssl=False i got this output:

gitlab-watchman --timeframe a --all
No logging option selected, defaulting to Stdout
{"localtime": "2021-02-11 16:15:23,648", "level": "INFO", "source": "GitLab Watchman", "message": "GitLab Watchman started execution"}
{"localtime": "2021-02-11 16:15:23,649", "level": "INFO", "source": "GitLab Watchman", "message": "Version: 1.4.0"}
{"localtime": "2021-02-11 16:15:23,649", "level": "INFO", "source": "GitLab Watchman", "message": "Importing rules..."}
{"localtime": "2021-02-11 16:15:23,753", "level": "INFO", "source": "GitLab Watchman", "message": "31 rules loaded"}
{"localtime": "2021-02-11 16:15:23,753", "level": "INFO", "source": "GitLab Watchman", "message": "Getting everything..."}
{"localtime": "2021-02-11 16:15:23,753", "level": "INFO", "source": "GitLab Watchman", "message": "Searching for Passwords in blobs"}
HTTPSConnectionPool(host='gitlab.my.local', port=443): Max retries exceeded with url: /api/v4/search?scope=blobs&search=%22password%3A%22+-%28svg%7Cpng%7Cjpeg%7Cjpg%29&per_page=100&page= (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))
{"localtime": "2021-02-11 16:23:30,186", "level": "CRITICAL", "source": "GitLab Watchman", "message": "'NoneType' object has no attribute 'headers'"}
{"localtime": "2021-02-11 16:23:30,186", "level": "INFO", "source": "GitLab Watchman", "message": "Searching for Passwords in commits"}

itsecforu avatar Feb 11 '21 13:02 itsecforu

any ideas?

itsecforu avatar Feb 17 '21 08:02 itsecforu