Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL warnings when using export flag #111

Closed
getaaron opened this issue Mar 31, 2015 · 9 comments
Closed

SSL warnings when using export flag #111

getaaron opened this issue Mar 31, 2015 · 9 comments
Labels
bug

Comments

@getaaron
Copy link

This warning prints when using the --export flag:

$ grip --export /Users/aaron/seven\ layer\ dip.md                                                                    

Exporting to /Users/aaron/seven layer dip.html
/Library/Python/2.7/site-packages/requests/packages/urllib3/util/ssl_.py:79: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
/Library/Python/2.7/site-packages/requests/packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)
@joeyespo joeyespo mentioned this issue Mar 31, 2015
Closed
@cswarth
Copy link

cswarth commented May 27, 2015

+1 for this issue. Trying to use grip to render GFM from inside emacs with grip --export - and getting these warnings in the html output.

@cswarth
Copy link

cswarth commented May 27, 2015

If you need to stop these warnings, you can add a couple of lines to the front of server.py in the grip package,

import warnings
warnings.simplefilter("ignore")

NB this has nothing to do with an actual fix for the problem!

If you change "ignore" to "error", you turn the warnings into exceptions and can see precisely where they are coming from. (traceback at the end of this message.)

A suggested fix on SO, SSL InsecurePlatformWarning, did not work for me.

from requests.packages.urllib3.connection import UnverifiedHTTPSConnection
from requests.packages.urllib3.connectionpool import HTTPSConnectionPool

# Override the default Connection class for the HTTPSConnectionPool.
HTTPSConnectionPool.ConnectionCls = UnverifiedHTTPSConnection

That still produced a warning, this time about an insecure request.

requests.packages.urllib3.exceptions.InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html

Traceback:

$ grip --export - <README.md  | head -3 
Traceback (most recent call last):
  File "/Users/cswarth/Library/Python/2.7/bin/grip", line 9, in <module>
    load_entry_point('grip==3.2.0', 'console_scripts', 'grip')()
  File "/Users/cswarth/Library/Python/2.7/lib/python/site-packages/grip/command.py", line 78, in main
    True, args['<address>'])
  File "/Users/cswarth/Library/Python/2.7/lib/python/site-packages/grip/exporter.py", line 36, in export
    render_offline, render_wide, render_inline)
  File "/Users/cswarth/Library/Python/2.7/lib/python/site-packages/grip/exporter.py", line 18, in render_page
    return render_app(app)
  File "/Users/cswarth/Library/Python/2.7/lib/python/site-packages/grip/renderer.py", line 8, in render_app
    response = c.get('/')
  File "/Library/Python/2.7/site-packages/werkzeug/test.py", line 774, in get
    return self.open(*args, **kw)
  File "/Library/Python/2.7/site-packages/flask/testing.py", line 108, in open
    follow_redirects=follow_redirects)
  File "/Library/Python/2.7/site-packages/werkzeug/test.py", line 742, in open
    response = self.run_wsgi_app(environ, buffered=buffered)
  File "/Library/Python/2.7/site-packages/werkzeug/test.py", line 659, in run_wsgi_app
    rv = run_wsgi_app(self.application, environ, buffered=buffered)
  File "/Library/Python/2.7/site-packages/werkzeug/test.py", line 867, in run_wsgi_app
    app_rv = app(environ, start_response)
  File "/Library/Python/2.7/site-packages/flask/app.py", line 1836, in __call__
    return self.wsgi_app(environ, start_response)
  File "/Library/Python/2.7/site-packages/flask/app.py", line 1820, in wsgi_app
    response = self.make_response(self.handle_exception(e))
  File "/Library/Python/2.7/site-packages/flask/app.py", line 1403, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/Library/Python/2.7/site-packages/flask/app.py", line 1817, in wsgi_app
    response = self.full_dispatch_request()
  File "/Library/Python/2.7/site-packages/flask/app.py", line 1477, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/Library/Python/2.7/site-packages/flask/app.py", line 1381, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/Library/Python/2.7/site-packages/flask/app.py", line 1475, in full_dispatch_request
    rv = self.dispatch_request()
  File "/Library/Python/2.7/site-packages/flask/app.py", line 1461, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/Users/cswarth/Library/Python/2.7/lib/python/site-packages/grip/server.py", line 144, in render
    style_urls, styles, favicon)
  File "/Users/cswarth/Library/Python/2.7/lib/python/site-packages/grip/server.py", line 245, in _render_page
    render_offline)
  File "/Users/cswarth/Library/Python/2.7/lib/python/site-packages/grip/renderer.py", line 17, in render_content
    else github_render(text, gfm, context, username, password))
  File "/Users/cswarth/Library/Python/2.7/lib/python/site-packages/grip/github_renderer.py", line 21, in render_content
    r = requests.post(url, headers=headers, data=data, auth=auth, verify=False)
  File "/Library/Python/2.7/site-packages/requests/api.py", line 108, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/Library/Python/2.7/site-packages/requests/api.py", line 50, in request
    response = session.request(method=method, url=url, **kwargs)
  File "/Library/Python/2.7/site-packages/requests/sessions.py", line 464, in request
    resp = self.send(prep, **send_kwargs)
  File "/Library/Python/2.7/site-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/Library/Python/2.7/site-packages/requests/adapters.py", line 370, in send
    timeout=timeout
  File "/Library/Python/2.7/site-packages/requests/packages/urllib3/connectionpool.py", line 544, in urlopen
    body=body, headers=headers)
  File "/Library/Python/2.7/site-packages/requests/packages/urllib3/connectionpool.py", line 341, in _make_request
    self._validate_conn(conn)
  File "/Library/Python/2.7/site-packages/requests/packages/urllib3/connectionpool.py", line 762, in _validate_conn
    conn.connect()
  File "/Library/Python/2.7/site-packages/requests/packages/urllib3/connection.py", line 238, in connect
    ssl_version=resolved_ssl_version)
  File "/Library/Python/2.7/site-packages/requests/packages/urllib3/util/ssl_.py", line 266, in ssl_wrap_socket
    return context.wrap_socket(sock)
  File "/Library/Python/2.7/site-packages/requests/packages/urllib3/util/ssl_.py", line 79, in wrap_socket
    InsecurePlatformWarning
requests.packages.urllib3.exceptions.InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.

@joeyespo
Copy link
Owner

Interesting. Does the SSL warnings go away when you run it without --export?

@cswarth
Copy link

cswarth commented May 27, 2015

Yes, the warnings show up when not using --export too.

$ /Users/cswarth/Library/Python/2.7/bin/grip - <README.md  
 * Running on http://localhost:5000/ (Press CTRL+C to quit)
/Library/Python/2.7/site-packages/requests/packages/urllib3/util/ssl_.py:79: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
/Library/Python/2.7/site-packages/requests/packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)
127.0.0.1 - - [27/May/2015 16:11:02] "GET / HTTP/1.1" 200 -

$ pip freeze
You are using pip version 6.0.8, however version 7.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
altgraph==0.10.2
backports.ssl-match-hostname==3.4.0.2
bdist-mpkg==0.5.0
bokeh==0.8.2
bonjour-py==0.3
certifi==14.5.14
colorama==0.3.3
docopt==0.6.2
Flask==0.10.1
gevent==1.0.1
gevent-websocket==0.9.3
greenlet==0.4.5
grip==3.2.0
itsdangerous==0.24
Jinja2==2.7.3
lxml==3.4.2
macholib==1.5.1
Markdown==2.6.1
MarkupSafe==0.23
matplotlib==1.3.1
modulegraph==0.10.4
numpy==1.8.0rc1
pandas==0.16.0
path-and-address==1.0.0
py2app==0.7.3
Pygments==2.0.2
pyobjc-core==2.5.1
pyobjc-framework-Accounts==2.5.1
pyobjc-framework-AddressBook==2.5.1
pyobjc-framework-AppleScriptKit==2.5.1
pyobjc-framework-AppleScriptObjC==2.5.1
pyobjc-framework-Automator==2.5.1
pyobjc-framework-CFNetwork==2.5.1
pyobjc-framework-Cocoa==2.5.1
pyobjc-framework-Collaboration==2.5.1
pyobjc-framework-CoreData==2.5.1
pyobjc-framework-CoreLocation==2.5.1
pyobjc-framework-CoreText==2.5.1
pyobjc-framework-DictionaryServices==2.5.1
pyobjc-framework-EventKit==2.5.1
pyobjc-framework-ExceptionHandling==2.5.1
pyobjc-framework-FSEvents==2.5.1
pyobjc-framework-InputMethodKit==2.5.1
pyobjc-framework-InstallerPlugins==2.5.1
pyobjc-framework-InstantMessage==2.5.1
pyobjc-framework-LatentSemanticMapping==2.5.1
pyobjc-framework-LaunchServices==2.5.1
pyobjc-framework-Message==2.5.1
pyobjc-framework-OpenDirectory==2.5.1
pyobjc-framework-PreferencePanes==2.5.1
pyobjc-framework-PubSub==2.5.1
pyobjc-framework-QTKit==2.5.1
pyobjc-framework-Quartz==2.5.1
pyobjc-framework-ScreenSaver==2.5.1
pyobjc-framework-ScriptingBridge==2.5.1
pyobjc-framework-SearchKit==2.5.1
pyobjc-framework-ServiceManagement==2.5.1
pyobjc-framework-Social==2.5.1
pyobjc-framework-SyncServices==2.5.1
pyobjc-framework-SystemConfiguration==2.5.1
pyobjc-framework-WebKit==2.5.1
pyOpenSSL==0.13.1
pyparsing==2.0.1
pystache==0.5.4
python-dateutil==2.4.2
pytz==2013b0
PyYAML==3.11
pyzmq==14.5.0
requests==2.7.0
scipy==0.13.0b1
six==1.9.0
tornado==4.1
Twisted==13.2.0
vboxapi==1.0
websocket==0.2.1
Werkzeug==0.10.4
xattr==0.6.4
zope.interface==4.1.1

@cswarth
Copy link

cswarth commented May 27, 2015

I've had partial success by following the instructions here

Use the somewhat hidden security feature:

pip install requests[security]

This installs following extra packages:

pyOpenSSL
ndg-httpsclient
pyasn1
Please note that this is not required for python-2.7.9+

I still get a single warning now, but this eliminates the InsecurePlatformWarning.

/Library/Python/2.7/site-packages/requests/packages/urllib3/connectionpool.py:768: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)

@cswarth
Copy link

cswarth commented May 27, 2015

I upgraded my python installation (on MacOS) to the latest available on brew - 2.7.9.
Still get a InsecureRequestWarning.

Followed the (deprecated) instructions here to disable the warnings,

import requests.packages.urllib3
requests.packages.urllib3.disable_warnings()

added early in server.py.
Now I don't see the warnings from urllib3

@joeyespo
Copy link
Owner

Hmm. I'm not exactly sure what to do about this one.

What OS and Python versions are you two running?

InsecurePlatformWarning might be the root cause. The docs indicate that this can happen if you're using a Python version less then 2.7.9 (which emacs might be). This might be as simple as upgrading Python. Or using pyOpenSSL if you can't.

@cswarth,

I'm really not sure why adding pyOpenSSL like the docs instruct doesn't fix this. Are you also adding the following code as instructed?

import urllib3.contrib.pyopenssl
urllib3.contrib.pyopenssl.inject_into_urllib3()

Trying to use grip to render GFM from inside emacs

I have to ask. Does the same thing happen when running Grip directly from the terminal?

@joeyespo
Copy link
Owner

joeyespo commented Jun 1, 2015

So I was getting the InsecureRequestWarning warnings too. Looks like removing verify=False from all the requests fixed it (d43e542). The warning was happening as a security mechanism since we really were asking to do an insecure request.

As for InsecurePlatformWarning, that was probably because you were using Python < 2.7 before. The fact that it went away when you upgraded gives me confidence that removing verify=False will be enough to eliminate all SSL warnings (as long as you're using Python 2.7, 3.x, or requests[security] and wiring it up properly).

Can you verify that this worked? Feel free to reopen the issue if not.

@joeyespo joeyespo closed this as completed Jun 1, 2015
@joeyespo joeyespo mentioned this issue Jun 1, 2015
Merged
@joeyespo joeyespo added the bug label Jun 1, 2015
@joeyespo
Copy link
Owner

Finally got around to deploying all the fixes into v3.3.0 tonight. Be sure to upgrade with pip install --upgrade grip.

This was referenced Oct 18, 2016
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cswarth @joeyespo @getaaron