boto
boto3 / botocore.session sets up warning filters at import time
Just importing boto3 adds this warning filter:
>>> import botocore.session
>>> import warnings
>>> warnings.filters[0]
('ignore', re.compile('A true SSLContext object is not available.*', re.IGNORECASE), <class 'urllib3.exceptions.InsecurePlatformWarning'>, re.compile('.*urllib3\\.util\\.ssl_'), 0)
However that applies globally, to any runtime that uses boto3 as a library, not just cmd line tools such as awscli. What if user does want to squash SSL warnings in their app for other reasons. Is it possible for botocore to filter warnings just where botocore needs to do so (with a context-manager) rather than ignore globally?
If not, can we have some more explanation about why this warning needs to be ignored globally? The source code has this comment "Ignore warnings related to SNI as it is not being used in validations" from 5 years ago, but I don't understand it.
Thanks!
Greetings! It looks like this issue hasn’t been active in longer than one year. We encourage you to check if this is still an issue in the latest release. Because it has been longer than one year since the last update on this, and in the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment to prevent automatic closure, or if the issue is already closed, please feel free to reopen it.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This is still an issue in botocore v1.20.1
>>> import warnings
>>> for f in warnings.filters:
... print(f)
...
('default', None, <class 'DeprecationWarning'>, '__main__', 0)
('ignore', None, <class 'DeprecationWarning'>, None, 0)
('ignore', None, <class 'PendingDeprecationWarning'>, None, 0)
('ignore', None, <class 'ImportWarning'>, None, 0)
('ignore', None, <class 'ResourceWarning'>, None, 0)
>>> import botocore.session
>>> for f in warnings.filters:
... print(f)
...
('ignore', re.compile('A true SSLContext object is not available.*', re.IGNORECASE), <class 'urllib3.exceptions.InsecurePlatformWarning'>, re.compile('.*urllib3\\.util\\.ssl_'), 0)
('default', None, <class 'DeprecationWarning'>, '__main__', 0)
('ignore', None, <class 'DeprecationWarning'>, None, 0)
('ignore', None, <class 'PendingDeprecationWarning'>, None, 0)
('ignore', None, <class 'ImportWarning'>, None, 0)
('ignore', None, <class 'ResourceWarning'>, None, 0)
('always', None, <class 'urllib3.exceptions.SecurityWarning'>, None, 0)
('default', None, <class 'urllib3.exceptions.SubjectAltNameWarning'>, None, 0)
('default', None, <class 'urllib3.exceptions.InsecurePlatformWarning'>, None, 0)
('default', None, <class 'urllib3.exceptions.SNIMissingWarning'>, None, 0)
>>> botocore.__version__
'1.20.1'
It's not appropriate for a library import to globally configure ignores for SSL errors.
Greetings! It looks like this issue hasn’t been active in longer than one year. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.
This is still an issue in the latest release.
>>> import warnings
>>> before = set(warnings.filters)
>>> import botocore.session
>>> after = set(warnings.filters)
>>> after - before
{('always', None, urllib3.exceptions.SecurityWarning, None, 0),
('default', None, urllib3.exceptions.InsecurePlatformWarning, None, 0),
('default', None, urllib3.exceptions.SNIMissingWarning, None, 0),
('default', None, urllib3.exceptions.SubjectAltNameWarning, None, 0),
('ignore',
re.compile(r'A true SSLContext object is not available.*',
re.IGNORECASE|re.UNICODE),
urllib3.exceptions.InsecurePlatformWarning,
re.compile(r'.*urllib3\.util\.ssl_', re.UNICODE),
0)}
>>> botocore.__version__
'1.24.27'