Has nuxeo drive 2.0 a problem with SSL ?

It's possible this question is a duplicate of nuxeo-drive-and-ssl_ciphers

Server : nuxeo-5.8-HF30 / nuxeo-6.0-HF15 nuxeo-drive : 2.0.818 client OS : windows 7

Since I upgraded nuxeo-drive client, it's unable to connect to nuxeo with “https” protocol… If I configure nxdrive URL with “http://myhost/nuxeo” : OK with “https://myhost/nuxeo” : KO (obviously, direct access with browser works fine)

In the log file :

Traceback (most recent call last): File “nuxeo-drive-client\nxdrive\wui\settings.py”, line 200, in _connect_startup_page File “C:\Python27\lib\httplib.py”, line 1053, in request

File “C:\Python27\lib\httplib.py”, line 1093, in _send_request

"""Compat definition since superclass does not define it.

File “C:\Python27\lib\httplib.py”, line 1049, in endheaders

File “C:\Python27\lib\httplib.py”, line 893, in _send_output

self.putheader('Host', netloc_enc)

File “C:\Python27\lib\httplib.py”, line 855, in send

else:

File “C:\Python27\lib\httplib.py”, line 1274, in connect

self._line_left = len(line)

File “C:\Python27\lib\ssl.py”, line 352, in wrap_socket

ciphers=self.ciphers,

File “C:\Python27\lib\ssl.py”, line 579, in init File “C:\Python27\lib\ssl.py”, line 808, in do_handshake SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

I observed the phenomenon with nuxeo-5.8 and nuxeo-6.0 server… With the nuxeo-drive-1.x client, everything OK (nuxeo-5.8 access only)

N.B : Certificate on nuxeo-5.8 is a real one… not an autosigned certificate…

What I'm missing ?

0 votes

2 answers

1619 views

ANSWER



I finally found an explanation which seems correct to me : My system had obsolete certificates associated to our organisation and nuxeo-drive tried to use them…

I removed these certificates (configuration panel, internet options) and nuxeo-drive could connect !

Thanks for your help and your attention…

0 votes



Hello,

Some fixes regarding the startup page connexion have been made since 2.0.818. Can you please try the latest development build: http://qa.nuxeo.org/jenkins/view/Drive/job/nuxeo-drive-msi/1126/artifact/dist/nuxeo-drive-2.0.909-win32.msi

0 votes



Here is the result with nuxeo-6 and nuxeo-5.8 :

2015-09-09 17:44:19,173 9112 5276 ERROR nxdrive.wui.settings Error while trying to connect to Nuxeo Drive startup page with URL https://myhost/nuxeo/drive_login.jsp Traceback (most recent call last): File "nuxeo-drive-client\nxdrive\wui\settings.py", line 203, in _connect_startup_page File "C:\Python27\lib\urllib2.py", line 431, in open

http_err = 1

File "C:\Python27\lib\urllib2.py", line 449, in _open

File "C:\Python27\lib\urllib2.py", line 409, in _call_chain

File "C:\Python27\lib\urllib2.py", line 1240, in https_open

raise URLError('unknown url type: %s' % type)

File "C:\Python27\lib\urllib2.py", line 1197, in do_open

URLError: urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

09/09/2015

I wondered if my Python installation (used to work with nuxeo sources) caused problems… c:\Python27 was present on my machine…

I erased c:\python27 ; new tests (http://qa.nuxeo.org/jenkins/view/Drive/job/nuxeo-drive-msi/lastSuccessfulBuild/artifact/dist/nuxeo-drive-2.0.910-win32.msi) : 2015-09-10 09:48:53,979 6480 1028 ERROR nxdrive.wui.settings Error while trying to connect to Nuxeo Drive startup page with URL https://myhost/nuxeo/drive_login.jsp Traceback (most recent call last): File "nuxeo-drive-client\nxdrive\wui\settings.py", line 203, in connect_startup_page File "C:\Python27\lib\urllib2.py", line 431, in open File "C:\Python27\lib\urllib2.py", line 449, in open File "C:\Python27\lib\urllib2.py", line 409, in call_chain File "C:\Python27\lib\urllib2.py", line 1240, in https_open File "C:\Python27\lib\urllib2.py", line 1197, in do_open URLError: urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (ssl.c:590)

09/10/2015

I have no clue, could be related to http://answers.nuxeo.com/questions/12362/nuxeo-drive-and-ssl_ciphers but the latest Drive version embeds Python 2.10.7…
09/10/2015

I try the client on an another station (without Python, without nuxeo-drive…) : connection to host with a real certificate is OK. connection to host with auto-signed certificate is KO…
09/10/2015