ssbarnea · May 18, 2021 13:59 · Dec 17, 2013 · Dec 17, 2013 · Dec 17, 2013
diff --git a/ubuntu.log b/ubuntu.log
@@ -0,0 +1,51 @@
+root@smini:/# ./python-test-ssl.py
+os:             Linux-3.11.0-13-generic-x86_64-with-Ubuntu-13.10-saucy
+python          2.7.5+ (default, Sep 19 2013, 13:48:49)
+[GCC 4.8.1]
+requests:       2.1.0
+certifi.where:  /usr/local/lib/python2.7/dist-packages/certifi/cacert.pem
+=== test 1 ===
+<Response [200]>
+=== test 2 ===
+curl: (60) SSL certificate problem: unable to get local issuer certificate
+More details here: http://curl.haxx.se/docs/sslcerts.html
+
+curl performs SSL certificate verification by default, using a "bundle"
+ of Certificate Authority (CA) public keys (CA certs). If the default
+ bundle file isn't adequate, you can specify an alternate file
+ using the --cacert option.
+If this HTTPS server uses a certificate signed by a CA represented in
+ the bundle, the certificate verification probably failed due to a
+ problem with the certificate (it might be expired, or the name might
+ not match the domain name in the URL).
+If you'd like to turn off curl's verification of the certificate, use
+ the -k (or --insecure) option.
+=== test 3 ===
+curl: (60) SSL certificate problem: unable to get local issuer certificate
+More details here: http://curl.haxx.se/docs/sslcerts.html
+
+curl performs SSL certificate verification by default, using a "bundle"
+ of Certificate Authority (CA) public keys (CA certs). If the default
+ bundle file isn't adequate, you can specify an alternate file
+ using the --cacert option.
+If this HTTPS server uses a certificate signed by a CA represented in
+ the bundle, the certificate verification probably failed due to a
+ problem with the certificate (it might be expired, or the name might
+ not match the domain name in the URL).
+If you'd like to turn off curl's verification of the certificate, use
+ the -k (or --insecure) option.
+=== test 4 ===
+Traceback (most recent call last):
+  File "./python-test-ssl.py", line 29, in <module>
+    r = requests.get('https://sbarnea.com')
+  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 55, in get
+    return request('get', url, **kwargs)
+  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 44, in request
+    return session.request(method=method, url=url, **kwargs)
+  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 382, in request
+    resp = self.send(prep, **send_kwargs)
+  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 485, in send
+    r = adapter.send(request, **kwargs)
+  File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 379, in send
+    raise SSLError(e)
+requests.exceptions.SSLError: [Errno 1] _ssl.c:509: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
diff --git a/python-test-ssl.p → python-test-ssl.py b/python-test-ssl.p → python-test-ssl.py
diff --git a/python-test-ssl.p b/python-test-ssl.p
@@ -0,0 +1,38 @@
+#!/usr/bin/env python
+
+import os
+import sys
+
+import platform
+import requests
+import requests.utils
+import certifi
+
+print "os:            ", platform.platform()
+print "python         ", sys.version
+print "requests:      ", requests.__version__
+print "certifi.where: ", certifi.where()
+
+certs = '/etc/ssl/certs/ca-certificates.crt'
+
+print "=== test 1 ==="
+r = requests.get('https://github.com/timeline.json')
+print r
+
+print "=== test 2 ==="
+os.system('curl https://sbarnea.com')
+
+print "=== test 3 ==="
+os.system('curl --cacert %s  https://sbarnea.com' % certs)
+
+print "=== test 4 ==="
+r = requests.get('https://sbarnea.com')
+print r
+
+print "=== test 5 ==="
+os.environ['REQUESTS_CA_BUNDLE'] = certs
+os.environ['CURL_CA_BUNDLE'] = certs
+r = requests.get('https://sbarnea.com')
+print r
+
+print "done"