jira-cli
jira-cli copied to clipboard
alisaifee
jira-cli does not work with self-signed ssl certificates
It is quite common for corporate intranets to have Jira instances with self-signed certificates. On versions of python where urllib2 does certificate verification (such as Python 2.7.9) and the corporate root is not in the main certificate store, the following happens:
invalid url https://my-corporate-intranet:8444. Please provide the correct url for your jira installation
The root cause is not printed but with some debugging it turns out to be a urllib2 error:
(<class 'ssl.SSLError'>, SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)'), <traceback object at 0x7f8ff8fb67a0>)
There are at least 2 places where this is a problem:
- Any place which uses
urllib.request.urlopen - The
sudslibrary which does not support passing a flag to urllib2 to turn verification off or passing a ca bundle
I haven't found any other places because I didn't get the suds error.
I have filed a bug in suds: https://bitbucket.org/jurko/suds/issue/78/allow-bypassing-ssl-certificate
I have the same problem here. Self signed cert won't get accepted. (I'm using OSX)
Could one of you share a jira host that I could test this with - maybe I can do a work around in jira-cli itself.
Partial workaround would be to trust the cert in the usual way, https://unix.stackexchange.com/questions/90450/adding-a-self-signed-certificate-to-the-trusted-list, and then point python requests to the OS truststore, e.g.
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
