-1

I am trying to get a Kilo OpenStack cloud deployed and I was getting this error:

Execution of '/usr/bin/openstack token issue --format value' returned 1: /usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see

So I go to: https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning

I find out that I do not have access to a python version better than 2.7.5 so I look at:

https://urllib3.readthedocs.org/en/latest/security.html#pyopenssl

So do what they recommend I do ...

# pip install pyopenssl ndg-httpsclient pyasn1
/usr/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
You are using pip version 7.1.0, however version 7.1.2 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
Requirement already satisfied (use --upgrade to upgrade): pyopenssl in /usr/lib64/python2.7/site-packages
Collecting ndg-httpsclient
/usr/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
  Downloading ndg_httpsclient-0.4.0.tar.gz
Requirement already satisfied (use --upgrade to upgrade): pyasn1 in /usr/lib/python2.7/site-packages
Installing collected packages: ndg-httpsclient
  Running setup.py install for ndg-httpsclient
Successfully installed ndg-httpsclient-0.4.0

The docs also say this:

Once the packages are installed, you can tell urllib3 to switch the ssl backend to PyOpenSSL with inject_into_urllib3():

import urllib3.contrib.pyopenssl urllib3.contrib.pyopenssl.inject_into_urllib3() Now you can continue using urllib3 as you normally would.

I do not understand what that means? Is there some python source code I need to go patch?

Update:

I did as suggested by Josep and this is what is happening:

# python
Python 2.7.5 (default, Jun 24 2015, 00:41:19) 
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import urllib3
>>> import pyopenssl
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ImportError: No module named pyopenssl

Yet I have pyopenssl installed ...

# pip install pyopenssl
Requirement already satisfied (use --upgrade to upgrade): pyopenssl in /usr/lib64/python2.7/site-packages

UPDATE:

Here's what happens if I do this ...

# python
Python 2.7.5 (default, Jun 24 2015, 00:41:19) 
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import OpenSSL
>>> import urllib3
>>> import urllib3.contrib.pyopenssl as pyopenssl
>>> pyopenssl.inject_into_urllib3()
>>>
Red Cricket
  • 9,762
  • 21
  • 81
  • 166
  • Have you tried doing that in your code? `import urllib3.contrib.pyopenssl` and then `urllib3.contrib.pyopenssl.inject_into_urllib3()`? – hlt Dec 03 '15 at 20:16
  • Well its not my code. It is the OpenStack code. I am not a python guy. So I am not sure where to look. I thought of trying `sudo find / -name '*py' -exec grep -l urllib3 {} \;` :) – Red Cricket Dec 03 '15 at 20:18
  • 1
    But you're using `urllib3` right? So try inserting it into your code, right after where you do `import urllib3` or whatever – hlt Dec 03 '15 at 20:19
  • -1 and voting to close because: 1) There's no MCVE showing what triggers the first error you quote. 2) You show a failure to import `pyopenssl` partway through the question, but then later in the question figure out how to fix that import; having the failed import is a confusing distraction. 3) You seem to have figured out how to call `inject_into_urllib3`, but that leaves it unclear what your actual problem is. Doesn't that just, uh, solve your problem? If not, why not? I can't tell what your actual remaining problem is after all the edits. – Mark Amery Jan 19 '19 at 14:50

1 Answers1

0

I understand that you are using OpenStack which uses urllib3. So yes, if you want to go that avenue and "patch" OpenStack, look for something like import .*urllib3.* or from urllib3 import .* and after every instance add the two lines they instruct you to add.

Josep Valls
  • 5,483
  • 2
  • 33
  • 67
  • Looks like the code is already do something like this: # Attempt to enable urllib3's SNI support, if possible try: from .packages.urllib3.contrib import pyopenssl pyopenssl.inject_into_urllib3() except ImportError: pass – Red Cricket Dec 03 '15 at 21:12
  • Have you properly installed pyopenssl? That try-except-pass may be hiding something from you. Try opening a python interpreter and importing urllib3 and pyopenssl, then do the pyopenssl.inject_into_urllib3() and see if there is any error there and what it is. – Josep Valls Dec 03 '15 at 21:28
  • 2
    Can you go into an interpreter and try `import OpenSSL` then try `import urllib3`, `import urllib3.contrib.pyopenssl` and `pyopenssl.inject_into_urllib3()` – Josep Valls Dec 04 '15 at 18:01
  • Thanks for the reply Josep. I have updated my OP with the result of these imports. – Red Cricket Dec 04 '15 at 18:08
  • First imports look good. My bad, try `import urllib3.contrib.pyopenssl as pyopenssl` before `pyopenssl.inject_into_urllib3()` – Josep Valls Dec 04 '15 at 18:31
  • Then, you should be fine. Those last 2 lines are what the documentation is instructing you to do. You'd have to add them below each instance in the OpenStack code where urllib3 is being imported. – Josep Valls Dec 04 '15 at 18:43