[yocto] Missing certificates

Aníbal Limón anibal.limon at linux.intel.com
Fri Jul 24 13:02:27 PDT 2015 

On 24/07/15 14:49, Gary Thomas wrote:
> On 2015-07-24 13:30, Aníbal Limón wrote:
>> Hi Gary,
>>
>> What version of python do you use?.
>>
>> Since 2.7.9 cert checking is enabled by default causing this kind of 
>> errors. [1]
>>
>> [1] https://www.python.org/dev/peps/pep-0476/
>>
>> Kind regards,
>>      alimon
>
> I'm using the stock python 2.7.9 from Poky/Yocto 
> master:901be2cb69892595443ed41ab4be285932db15eb
>
> Is there an answer for this that's a bit less intrusive?
> Perhaps there could be a DISTRO or even IMAGE feature to
> enable/disable this checking?

I don't think that Python guys include a configuration flags to disable 
this behavior because it's
the default now due to security issues.

>
> The pep you referenced mostly talks about why this was changed
> and how to disable it - manually within the python code itself.
> What I don't see is where/how/what to change/import to actually
> let the full certificate checking happen.

You can use this code for disable per urlopen call or globally [1].

Regards,
     alimon

[1] https://www.python.org/dev/peps/pep-0476/#opting-out

>
>>
>> On 24/07/15 13:02, Gary Thomas wrote:
>>> I was trying to run a simple fetch from python using
>>>         url = 
>>> 'https://raw.github.com/Itseez/opencv/master/samples/c/fruits.jpg'
>>>         filedata = urllib2.urlopen(url).read()
>>>
>>> This failed:
>>>   Traceback (most recent call last):
>>>   File "./edge.py", line 36, in <module>
>>>     filedata = urllib2.urlopen(url).read()
>>>   File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen
>>>     return opener.open(url, data, timeout)
>>>   File "/usr/lib/python2.7/urllib2.py", line 431, in open
>>>     response = self._open(req, data)
>>>   File "/usr/lib/python2.7/urllib2.py", line 449, in _open
>>>     '_open', req)
>>>   File "/usr/lib/python2.7/urllib2.py", line 409, in _call_chain
>>>     result = func(*args)
>>>   File "/usr/lib/python2.7/urllib2.py", line 1240, in https_open
>>>     context=self._context)
>>>   File "/usr/lib/python2.7/urllib2.py", line 1197, in do_open
>>>     raise URLError(err)
>>> urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] 
>>> certificate verify failed (_ssl.c:581)>
>>>
>>> I can see that it was looking for some certificates in 
>>> /usr/lib/ssl/certs
>>> but that directory is missing.
>>>
>>> Anyone know what I might be missing (or have misconfigured)?
>>>
>>> Thanks
>>>
>

More information about the yocto mailing list