Comments (11)
sqall01
commented on July 17, 2024
This is interesting. I just tested it myself and it worked out:
sqall@towel:/alertR/test$ wget https://raw.githubusercontent.com/sqall01/alertR/master/alertRinstaller.py/alertR/test$ python alertRinstaller.py -l
sqall@towel:
[...]
I guess the installer could not create a temporary file to which the certificate content is written to. At least, this is what it looks like regarding your error message. At the moment, I have no idea why this happens. So we have to debug it a little bit. Can you please try the attached installation script and paste me the output? Since github does not support ".py" files, you have to rename it.
The changes I made were just some debug outputs. If you do not trust it, just diff both versions of it.
P.S.
I am not available until the end of next week. Please do not feel ignored if I answer afterwards.
from alertr.
rlefever
commented on July 17, 2024
pi@alertr-server:~ $ python alertRinstaller.py -l
06/01/2016 23:40:55 DEBUG: [alertRinstaller.py]: Downloading repository
information.
Server Cert File Location:
/tmp/tmpAMCVLa
Input:
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
MAkGA1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjlDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----
06/01/2016 23:41:00 ERROR: [alertRinstaller.py]: Getting repository
information failed.
Traceback (most recent call last):
File "alertRinstaller.py", line 1027, in getRepositoryInformation
conn.request("GET", serverPath + "/repoInfo.json")
File "/usr/lib/python2.7/httplib.py", line 1001, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 1035, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 997, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 850, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 812, in send
self.connect()
File "alertRinstaller.py", line 104, in connect
ca_certs=self.servercert_file)
File "/usr/lib/python2.7/ssl.py", line 891, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 507, in init
self._context.load_verify_locations(ca_certs)
SSLError: [X509] PEM lib (_ssl.c:2751)
Could not list repository information.
This is interesting. I just tested it myself and it worked out:
sqall@towel:
/alertR/test$ wget/alertR/test$ python alertRinstaller.py -l
https://raw.githubusercontent.com/sqall01/alertR/master/alertRinstaller.py
sqall@towel:
[...]I guess the installer could not create a temporary file to which the
certificate content is written to. At least, this is what it looks like
regarding your error message. At the moment, I have no idea why this
happens. So we have to debug it a little bit. Can you please try the
attached installation script and paste me the output? Since github does
not support ".py" files, you have to rename it.The changes I made were just some debug outputs. If you do not trust it,
just diff both versions of it.P.S.
I am not available until the end of next week. Please do not feel ignored
if I answer afterwards.
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#13 (comment)
from alertr.
akkord64
commented on July 17, 2024
Looks like our hitting a local SSL certificate trust issue on your pi
machine. You may need to update your SSL trust store. Reference the below
URL's (forgive the linux version of redhat) for resolution/work around
I would make sure your system is first up to date; sudo apt-get update and
then sudo apt-get upgrade.
If you are very technical you can try running through this guide:
https://access.redhat.com/articles/2039753
Andre - Is there a way to disable the VerifiedHTTPSConnection option on the
installer? I would tend to recommend fixing the trust bundle of the
machine, but if you can specify a no verify function via input argument
then that quickly gets around the issue.
On Wed, Jun 1, 2016 at 7:42 PM rlefever [email protected] wrote:
pi@alertr-server:~ $ python alertRinstaller.py -l
06/01/2016 23:40:55 DEBUG: [alertRinstaller.py]: Downloading repository
information.
Server Cert File Location:
/tmp/tmpAMCVLa
Input:
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
MAkGA1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjlDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----06/01/2016 23:41:00 ERROR: [alertRinstaller.py]: Getting repository
information failed.
Traceback (most recent call last):
File "alertRinstaller.py", line 1027, in getRepositoryInformation
conn.request("GET", serverPath + "/repoInfo.json")
File "/usr/lib/python2.7/httplib.py", line 1001, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 1035, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 997, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 850, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 812, in send
self.connect()
File "alertRinstaller.py", line 104, in connect
ca_certs=self.servercert_file)
File "/usr/lib/python2.7/ssl.py", line 891, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 507, in init
self._context.load_verify_locations(ca_certs)
SSLError: [X509] PEM lib (_ssl.c:2751)Could not list repository information.
This is interesting. I just tested it myself and it worked out:
sqall@towel:~/alertR/test$ wget
https://raw.githubusercontent.com/sqall01/alertR/master/alertRinstaller.py
sqall@towel:~/alertR/test$ python alertRinstaller.py -l
[...]I guess the installer could not create a temporary file to which the
certificate content is written to. At least, this is what it looks like
regarding your error message. At the moment, I have no idea why this
happens. So we have to debug it a little bit. Can you please try the
attached installation script and paste me the output? Since github does
not support ".py" files, you have to rename it.The changes I made were just some debug outputs. If you do not trust it,
just diff both versions of it.P.S.
I am not available until the end of next week. Please do not feel ignored
if I answer afterwards.
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#13 (comment)—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#13 (comment), or mute
the thread
https://github.com/notifications/unsubscribe/AJ0Lfczp9NnGKny8uJhS1e6t3svN-rjrks5qHhjYgaJpZM4IrDLw
.
from alertr.
akkord64
commented on July 17, 2024
Andre - I hit the send too soon. Can you remove the Certificate pinning in
the global configuration data from the Digicert EV root? Github can change
the cert at will and this will break for everyone when they do. You would
have better luck referencing an online bundle (Curl maintains a up to date
copy of the Mozilla trust bundle) as the trusted store in the same way as
below:
I dont have time to clone/merge but It could be as simple as:
import urllib.request
...
cafileurl = 'https://curl.haxx.se/ca/cacert.pem'
cafileresponse = urllib.request.urlopen(cafileurl)
cadata = cafileresponse.read()
caCertificate = cadata.decode('utf-8')
Instead of pinning to a particular Digicert Root.
caCertificate = "-----BEGIN CERTIFICATE-----\n"
+ "MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\n"
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
+ "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
+ "ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\n"
+ "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
+ "LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\n"
+ "RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\n"
+ "+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\n"
+ "PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\n"
+ "xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\n"
+ "Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\n"
+ "hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\n"
+ "EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\n"
+ "MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\n"
+ "FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\n"
+ "nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\n"
+ "eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\n"
+ "hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\n"
+ "Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\n"
+ "vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n"
+ "+OkuE6N36B9K\n"
+ "-----END CERTIFICATE-----\n"
On Thu, Jun 2, 2016 at 7:26 AM Chris Perez [email protected] wrote:
Looks like our hitting a local SSL certificate trust issue on your pi
machine. You may need to update your SSL trust store. Reference the below
URL's (forgive the linux version of redhat) for resolution/work aroundI would make sure your system is first up to date; sudo apt-get update
and then sudo apt-get upgrade.If you are very technical you can try running through this guide:
https://access.redhat.com/articles/2039753Andre - Is there a way to disable the VerifiedHTTPSConnection option on
the installer? I would tend to recommend fixing the trust bundle of the
machine, but if you can specify a no verify function via input argument
then that quickly gets around the issue.On Wed, Jun 1, 2016 at 7:42 PM rlefever [email protected] wrote:
pi@alertr-server:~ $ python alertRinstaller.py -l
06/01/2016 23:40:55 DEBUG: [alertRinstaller.py]: Downloading repository
information.
Server Cert File Location:
/tmp/tmpAMCVLa
Input:
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
MAkGA1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjlDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----06/01/2016 23:41:00 ERROR: [alertRinstaller.py]: Getting repository
information failed.
Traceback (most recent call last):
File "alertRinstaller.py", line 1027, in getRepositoryInformation
conn.request("GET", serverPath + "/repoInfo.json")
File "/usr/lib/python2.7/httplib.py", line 1001, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 1035, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 997, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 850, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 812, in send
self.connect()
File "alertRinstaller.py", line 104, in connect
ca_certs=self.servercert_file)
File "/usr/lib/python2.7/ssl.py", line 891, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 507, in init
self._context.load_verify_locations(ca_certs)
SSLError: [X509] PEM lib (_ssl.c:2751)Could not list repository information.
This is interesting. I just tested it myself and it worked out:
sqall@towel:~/alertR/test$ wget
https://raw.githubusercontent.com/sqall01/alertR/master/alertRinstaller.py
sqall@towel:~/alertR/test$ python alertRinstaller.py -l
[...]I guess the installer could not create a temporary file to which the
certificate content is written to. At least, this is what it looks like
regarding your error message. At the moment, I have no idea why this
happens. So we have to debug it a little bit. Can you please try the
attached installation script and paste me the output? Since github does
not support ".py" files, you have to rename it.The changes I made were just some debug outputs. If you do not trust it,
just diff both versions of it.P.S.
I am not available until the end of next week. Please do not feel
ignored
if I answer afterwards.
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#13 (comment)—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#13 (comment), or mute
the thread
https://github.com/notifications/unsubscribe/AJ0Lfczp9NnGKny8uJhS1e6t3svN-rjrks5qHhjYgaJpZM4IrDLw
.
from alertr.
rlefever
commented on July 17, 2024
Update and Upgrade performed again. Nothing to update.
Per the referenced guide I tried to modify the cert-verification.cfg. I
found that it did not exist. I created it (in /etc/python/ the other path
does not exist) and entered the option specified but I am still getting
the same results.
Looks like our hitting a local SSL certificate trust issue on your pi
machine. You may need to update your SSL trust store. Reference the below
URL's (forgive the linux version of redhat) for resolution/work aroundI would make sure your system is first up to date; sudo apt-get update
and
then sudo apt-get upgrade.If you are very technical you can try running through this guide:
https://access.redhat.com/articles/2039753Andre - Is there a way to disable the VerifiedHTTPSConnection option on
the
installer? I would tend to recommend fixing the trust bundle of the
machine, but if you can specify a no verify function via input argument
then that quickly gets around the issue.On Wed, Jun 1, 2016 at 7:42 PM rlefever [email protected] wrote:
pi@alertr-server:~ $ python alertRinstaller.py -l
06/01/2016 23:40:55 DEBUG: [alertRinstaller.py]: Downloading repository
information.
Server Cert File Location:
/tmp/tmpAMCVLa
Input:
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
MAkGA1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjlDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----06/01/2016 23:41:00 ERROR: [alertRinstaller.py]: Getting repository
information failed.
Traceback (most recent call last):
File "alertRinstaller.py", line 1027, in getRepositoryInformation
conn.request("GET", serverPath + "/repoInfo.json")
File "/usr/lib/python2.7/httplib.py", line 1001, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 1035, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 997, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 850, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 812, in send
self.connect()
File "alertRinstaller.py", line 104, in connect
ca_certs=self.servercert_file)
File "/usr/lib/python2.7/ssl.py", line 891, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 507, in init
self._context.load_verify_locations(ca_certs)
SSLError: [X509] PEM lib (_ssl.c:2751)Could not list repository information.
This is interesting. I just tested it myself and it worked out:
sqall@towel:~/alertR/test$ wget
https://raw.githubusercontent.com/sqall01/alertR/master/alertRinstaller.py
sqall@towel:~/alertR/test$ python alertRinstaller.py -l
[...]I guess the installer could not create a temporary file to which the
certificate content is written to. At least, this is what it looks
like
regarding your error message. At the moment, I have no idea why this
happens. So we have to debug it a little bit. Can you please try the
attached installation script and paste me the output? Since github
does
not support ".py" files, you have to rename it.The changes I made were just some debug outputs. If you do not trust
it,
just diff both versions of it.P.S.
I am not available until the end of next week. Please do not feel
ignored
if I answer afterwards.
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#13 (comment)—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#13 (comment), or
mute
the thread
https://github.com/notifications/unsubscribe/AJ0Lfczp9NnGKny8uJhS1e6t3svN-rjrks5qHhjYgaJpZM4IrDLw
.
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#13 (comment)
from alertr.
akkord64
commented on July 17, 2024
Can you paste the output of this command:
openssl s_client -showcerts -connect raw.githubusercontent.com:443
On Thu, Jun 2, 2016 at 9:35 AM rlefever [email protected] wrote:
Update and Upgrade performed again. Nothing to update.
Per the referenced guide I tried to modify the cert-verification.cfg. I
found that it did not exist. I created it (in /etc/python/ the other path
does not exist) and entered the option specified but I am still getting
the same results.Looks like our hitting a local SSL certificate trust issue on your pi
machine. You may need to update your SSL trust store. Reference the below
URL's (forgive the linux version of redhat) for resolution/work aroundI would make sure your system is first up to date; sudo apt-get update
and
then sudo apt-get upgrade.If you are very technical you can try running through this guide:
https://access.redhat.com/articles/2039753Andre - Is there a way to disable the VerifiedHTTPSConnection option on
the
installer? I would tend to recommend fixing the trust bundle of the
machine, but if you can specify a no verify function via input argument
then that quickly gets around the issue.On Wed, Jun 1, 2016 at 7:42 PM rlefever [email protected]
wrote:pi@alertr-server:~ $ python alertRinstaller.py -l
06/01/2016 23:40:55 DEBUG: [alertRinstaller.py]: Downloading repository
information.
Server Cert File Location:
/tmp/tmpAMCVLa
Input:
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
MAkGA1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjlDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----06/01/2016 23:41:00 ERROR: [alertRinstaller.py]: Getting repository
information failed.
Traceback (most recent call last):
File "alertRinstaller.py", line 1027, in getRepositoryInformation
conn.request("GET", serverPath + "/repoInfo.json")
File "/usr/lib/python2.7/httplib.py", line 1001, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 1035, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 997, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 850, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 812, in send
self.connect()
File "alertRinstaller.py", line 104, in connect
ca_certs=self.servercert_file)
File "/usr/lib/python2.7/ssl.py", line 891, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 507, in init
self._context.load_verify_locations(ca_certs)
SSLError: [X509] PEM lib (_ssl.c:2751)Could not list repository information.
This is interesting. I just tested it myself and it worked out:
sqall@towel:~/alertR/test$ wget
https://raw.githubusercontent.com/sqall01/alertR/master/alertRinstaller.py
sqall@towel:~/alertR/test$ python alertRinstaller.py -l
[...]I guess the installer could not create a temporary file to which the
certificate content is written to. At least, this is what it looks
like
regarding your error message. At the moment, I have no idea why this
happens. So we have to debug it a little bit. Can you please try the
attached installation script and paste me the output? Since github
does
not support ".py" files, you have to rename it.The changes I made were just some debug outputs. If you do not trust
it,
just diff both versions of it.P.S.
I am not available until the end of next week. Please do not feel
ignored
if I answer afterwards.
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#13 (comment)—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#13 (comment),
or
mute
the thread
<
https://github.com/notifications/unsubscribe/AJ0Lfczp9NnGKny8uJhS1e6t3svN-rjrks5qHhjYgaJpZM4IrDLw.
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#13 (comment)—
You are receiving this because you commented.Reply to this email directly, view it on GitHub
#13 (comment), or mute
the thread
https://github.com/notifications/unsubscribe/AJ0LfZUaWa_Dv4uGiF-WzicMm55ROAbFks5qHtw5gaJpZM4IrDLw
.
from alertr.
rlefever
commented on July 17, 2024
pi@alertr-server:~ $ openssl s_client -showcerts -connect
raw.githubusercontent.com:443
CONNECTED(00000003)
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert
SHA2 High Assurance Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
Certificate chain
0 s:/C=US/ST=California/L=San Francisco/O=Fastly, Inc./CN=www.github.com
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High
Assurance Server CA
-----BEGIN CERTIFICATE-----
MIIFrzCCBJegAwIBAgIQB3pdwzYjAfmJ/lT3+G8+ZDANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0xNjAxMjAwMDAwMDBaFw0xNzA0MDYxMjAwMDBa
MGoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
YW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxGYXN0bHksIEluYy4xFzAVBgNVBAMTDnd3
dy5naXRodWIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+9WU
CgrgUNwP/JC3cUefLAXeDpq8Ko/U8p8IRvny0Ri0I6Uq0t+RP/nF0LJAvda8QHYu
jdgeDTePepBX7+OiwBFhA0YO+rM3C2Z8IRaN/i9eLln+Yyc68+1z+E10s1EXdZrt
DGvN6MHqygGsdfkXKfBLUJ1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjl5NpdmQhtceaFGs
PiWuJxGxRzS4i95veUHWkhMpEYDEEBdcDGxqArvQCvzSlngdttQCfx8OUkBTb3BA
2okpTwwJfqPsxVetA6qR7UNc+fVb6KHwvm0bzi2rQ3xw3D/syRHwdMkpoVDQPCk4
3H9WufgfBKRen87dFwIDAQABo4ICSTCCAkUwHwYDVR0jBBgwFoAUUWj/kK8CB3U8
zNllZGKiErhZcjswHQYDVR0OBBYEFGS/RLNGCZvPWh1xSaIEcouINIQjMHsGA1Ud
EQR0MHKCDnd3dy5naXRodWIuY29tggwqLmdpdGh1Yi5jb22CCmdpdGh1Yi5jb22C
CyouZ2l0aHViLmlvgglnaXRodWIuaW+CFyouZ2l0aHVidXNlcmNvbnRlbnQuY29t
ghVnaXRodWJ1c2VyY29udGVudC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjOi8v
Y3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzUuY3JsMDSgMqAwhi5o
dHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzUuY3JsMEwG
A1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3
LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3MHUwJAYI
KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZB
aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1
cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOC
AQEATxbRdPg+o49+96/P+rbdp4ie+CGtfCgUubT/Z9C54k+BfQO0nbxVgCSM5WZQ
uLgo2Q+0lcxisod8zxZeU0j5wviQINwOln/iN89Bx3VmDRynTe4CqhsAwOoO1ERm
CAmsAJBwY/rNr4mK22p8erBrqMW0nYXYU5NFynI+pNTjojhKD4II8PNV8G2yMWwY
Ob/u4+WPzUAHC9DpZdrWTEH/W69Cr/KxRqGsWPwpgMv2Wqav8jaT35JxqTXjOlhQ
qzo6fNn3eYOeCf4PkCxZKwckWjy10qDaRbjhwAMHAGj2TPridlvOj/7QyyX5m8up
/1US8z1fRW4yoCSOt6V2bwuH6Q==
-----END CERTIFICATE-----
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High
Assurance Server CA
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance
EV Root CA
-----BEGIN CERTIFICATE-----
MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL
MAkGA1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjlDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy
YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2
4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC
Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1
itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn
4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X
sh5ENWV/UyU50RwKmmMbGZJ0aAo1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjt
bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA
MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t
L0RpZ2lDZXJ0SGlnaEFzc1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjjA0MDIG
BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ
UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D
aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd
aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH
E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly
/D6q1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygj69aSEaRkCldUxPUd1gJea6zu
xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF
0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae
cPUeybQ=
-----END CERTIFICATE-----
Server certificate
subject=/C=US/ST=California/L=San Francisco/O=Fastly, Inc./CN=www.github.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High
Assurance Server CA
No client certificate CA names sent
SSL handshake has read 3326 bytes and written 415 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID:
8E151F8A23865C8C0A27E6FF41BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygj0B427FE1507
Session-ID-ctx:
Master-Key:
9AE250430A3F725603A31FA7EFAD838990A002AD57001BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjE20C5B05C8EB9AFA
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 1200 (seconds)
TLS session ticket:
0000 - 63 cc 77 4a 00 db 2c 42-2e 8f 76 23 dd a9 ae 53 c.wJ..,B..v#...S
0010 - 98 de 99 e9 12 19 ae a7-fe 97 d7 11 63 1b 7f de ............c...
0020 - 1a 42 13 58 16 e6 ef 21-13 de c3 0a ba 5c 36 a3 .B.X...!.....\6.
0030 - b9 97 ef ef ff b7 8d fa-0d 05 b8 8c 68 eb 2c 31 ............h.,1
0040 - 70 ec 80 f2 45 b9 bb 1e-cd b8 1a e3 67 31 14 d9 p...E.......g1..
0050 - 88 ac 94 bb 57 8d 73 e5-d0 dd e7 2a 50 c9 4d c6 ....W.s...._P.M.
0060 - ff 45 ef 8d 33 83 e5 da-2a 72 55 3b a6 cd 5e 2b .E..3..._rU;..^+
0070 - 2a d8 2d bf 5f 4e 52 14-8b e0 0b 1d 32 f7 30 ce *.-._NR.....2.0.
0080 - 35 8a 1b 40 b8 bc fe 1a-2d 77 9a 9a d5 c6 92 c8 [email protected]......
0090 - fb 29 91 29 48 1b 05 d3-23 39 b8 05 61 7f 79 54 .).)H...#9..a.yT
Start Time: 1464882535
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Stopped here and did not return to a prompt.
Can you paste the output of this command:
openssl s_client -showcerts -connect raw.githubusercontent.com:443
On Thu, Jun 2, 2016 at 9:35 AM rlefever [email protected] wrote:
Update and Upgrade performed again. Nothing to update.
Per the referenced guide I tried to modify the cert-verification.cfg. I
found that it did not exist. I created it (in /etc/python/ the other
path
does not exist) and entered the option specified but I am still getting
the same results.Looks like our hitting a local SSL certificate trust issue on your pi
machine. You may need to update your SSL trust store. Reference the
below
URL's (forgive the linux version of redhat) for resolution/work aroundI would make sure your system is first up to date; sudo apt-get update
and
then sudo apt-get upgrade.If you are very technical you can try running through this guide:
https://access.redhat.com/articles/2039753Andre - Is there a way to disable the VerifiedHTTPSConnection option
on
the
installer? I would tend to recommend fixing the trust bundle of the
machine, but if you can specify a no verify function via input
argument
then that quickly gets around the issue.On Wed, Jun 1, 2016 at 7:42 PM rlefever [email protected]
wrote:pi@alertr-server:~ $ python alertRinstaller.py -l
06/01/2016 23:40:55 DEBUG: [alertRinstaller.py]: Downloading
repository
information.
Server Cert File Location:
/tmp/tmpAMCVLa
Input:
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
MAkGA1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjlDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----06/01/2016 23:41:00 ERROR: [alertRinstaller.py]: Getting repository
information failed.
Traceback (most recent call last):
File "alertRinstaller.py", line 1027, in getRepositoryInformation
conn.request("GET", serverPath + "/repoInfo.json")
File "/usr/lib/python2.7/httplib.py", line 1001, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 1035, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 997, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 850, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 812, in send
self.connect()
File "alertRinstaller.py", line 104, in connect
ca_certs=self.servercert_file)
File "/usr/lib/python2.7/ssl.py", line 891, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 507, in init
self._context.load_verify_locations(ca_certs)
SSLError: [X509] PEM lib (_ssl.c:2751)Could not list repository information.
This is interesting. I just tested it myself and it worked out:
sqall@towel:~/alertR/test$ wget
https://raw.githubusercontent.com/sqall01/alertR/master/alertRinstaller.py
sqall@towel:~/alertR/test$ python alertRinstaller.py -l
[...]I guess the installer could not create a temporary file to which
the
certificate content is written to. At least, this is what it looks
like
regarding your error message. At the moment, I have no idea why
this
happens. So we have to debug it a little bit. Can you please try
the
attached installation script and paste me the output? Since github
does
not support ".py" files, you have to rename it.The changes I made were just some debug outputs. If you do not
trust
it,
just diff both versions of it.P.S.
I am not available until the end of next week. Please do not feel
ignored
if I answer afterwards.
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#13 (comment)—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#13 (comment),
or
mute
the thread
<
https://github.com/notifications/unsubscribe/AJ0Lfczp9NnGKny8uJhS1e6t3svN-rjrks5qHhjYgaJpZM4IrDLw.
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#13 (comment)—
You are receiving this because you commented.Reply to this email directly, view it on GitHub
#13 (comment), or
mute
the thread
https://github.com/notifications/unsubscribe/AJ0LfZUaWa_Dv4uGiF-WzicMm55ROAbFks5qHtw5gaJpZM4IrDLw
.
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#13 (comment)
from alertr.
akkord64
commented on July 17, 2024
Thanks. Lastly can you run the the debugging installer linked by Andre? I
am going to attempt to replicate your issue.
On Thu, Jun 2, 2016 at 11:52 AM rlefever [email protected] wrote:
pi@alertr-server:~ $ openssl s_client -showcerts -connect
raw.githubusercontent.com:443
CONNECTED(00000003)
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert
SHA2 High Assurance Server CA
verify error:num=20:unable to get local issuer certificateverify return:0
Certificate chain
0 s:/C=US/ST=California/L=San Francisco/O=Fastly, Inc./CN=www.github.com
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High
Assurance Server CA
-----BEGIN CERTIFICATE-----
MIIFrzCCBJegAwIBAgIQB3pdwzYjAfmJ/lT3+G8+ZDANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0xNjAxMjAwMDAwMDBaFw0xNzA0MDYxMjAwMDBa
MGoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
YW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxGYXN0bHksIEluYy4xFzAVBgNVBAMTDnd3
dy5naXRodWIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+9WU
CgrgUNwP/JC3cUefLAXeDpq8Ko/U8p8IRvny0Ri0I6Uq0t+RP/nF0LJAvda8QHYu
jdgeDTePepBX7+OiwBFhA0YO+rM3C2Z8IRaN/i9eLln+Yyc68+1z+E10s1EXdZrt
DGvN6MHqygGsdfkXKfBLUJ1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjl5NpdmQhtceaFGs
PiWuJxGxRzS4i95veUHWkhMpEYDEEBdcDGxqArvQCvzSlngdttQCfx8OUkBTb3BA
2okpTwwJfqPsxVetA6qR7UNc+fVb6KHwvm0bzi2rQ3xw3D/syRHwdMkpoVDQPCk4
3H9WufgfBKRen87dFwIDAQABo4ICSTCCAkUwHwYDVR0jBBgwFoAUUWj/kK8CB3U8
zNllZGKiErhZcjswHQYDVR0OBBYEFGS/RLNGCZvPWh1xSaIEcouINIQjMHsGA1Ud
EQR0MHKCDnd3dy5naXRodWIuY29tggwqLmdpdGh1Yi5jb22CCmdpdGh1Yi5jb22C
CyouZ2l0aHViLmlvgglnaXRodWIuaW+CFyouZ2l0aHVidXNlcmNvbnRlbnQuY29t
ghVnaXRodWJ1c2VyY29udGVudC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjOi8v
Y3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzUuY3JsMDSgMqAwhi5o
dHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzUuY3JsMEwG
A1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3
LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3MHUwJAYI
KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZB
aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1
cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOC
AQEATxbRdPg+o49+96/P+rbdp4ie+CGtfCgUubT/Z9C54k+BfQO0nbxVgCSM5WZQ
uLgo2Q+0lcxisod8zxZeU0j5wviQINwOln/iN89Bx3VmDRynTe4CqhsAwOoO1ERm
CAmsAJBwY/rNr4mK22p8erBrqMW0nYXYU5NFynI+pNTjojhKD4II8PNV8G2yMWwY
Ob/u4+WPzUAHC9DpZdrWTEH/W69Cr/KxRqGsWPwpgMv2Wqav8jaT35JxqTXjOlhQ
qzo6fNn3eYOeCf4PkCxZKwckWjy10qDaRbjhwAMHAGj2TPridlvOj/7QyyX5m8up
/1US8z1fRW4yoCSOt6V2bwuH6Q==
-----END CERTIFICATE-----
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High
Assurance Server CA
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance
EV Root CA
-----BEGIN CERTIFICATE-----
MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL
MAkGA1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjlDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy
YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2
4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC
Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1
itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn
4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X
sh5ENWV/UyU50RwKmmMbGZJ0aAo1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjt
bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA
MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t
L0RpZ2lDZXJ0SGlnaEFzc1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjjA0MDIG
BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ
UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D
aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd
aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH
E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly
/D6q1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygj69aSEaRkCldUxPUd1gJea6zu
xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF
0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae
cPUeybQ=-----END CERTIFICATE-----
Server certificate
subject=/C=US/ST=California/L=San Francisco/O=Fastly, Inc./CN=
www.github.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 HighAssurance Server CA
No client certificate CA names sent
SSL handshake has read 3326 bytes and written 415 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID:
8E151F8A23865C8C0A27E6FF41BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygj0B427FE1507
Session-ID-ctx:
Master-Key:9AE250430A3F725603A31FA7EFAD838990A002AD57001BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjE20C5B05C8EB9AFA
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 1200 (seconds)
TLS session ticket:
0000 - 63 cc 77 4a 00 db 2c 42-2e 8f 76 23 dd a9 ae 53 c.wJ..,B..v#...S
0010 - 98 de 99 e9 12 19 ae a7-fe 97 d7 11 63 1b 7f de ............c...
0020 - 1a 42 13 58 16 e6 ef 21-13 de c3 0a ba 5c 36 a3 .B.X...!.....\6.
0030 - b9 97 ef ef ff b7 8d fa-0d 05 b8 8c 68 eb 2c 31 ............h.,1
0040 - 70 ec 80 f2 45 b9 bb 1e-cd b8 1a e3 67 31 14 d9 p...E.......g1..
0050 - 88 ac 94 bb 57 8d 73 e5-d0 dd e7 2a 50 c9 4d c6 ....W.s...._P.M.
0060 - ff 45 ef 8d 33 83 e5 da-2a 72 55 3b a6 cd 5e 2b .E..3..._rU;..^+
0070 - 2a d8 2d bf 5f 4e 52 14-8b e0 0b 1d 32 f7 30 ce *.-._NR.....2.0.
0080 - 35 8a 1b 40 b8 bc fe 1a-2d 77 9a 9a d5 c6 92 c8 [email protected]......
0090 - fb 29 91 29 48 1b 05 d3-23 39 b8 05 61 7f 79 54 .).)H...#9..a.yTStart Time: 1464882535
Timeout : 300 (sec)Verify return code: 20 (unable to get local issuer certificate)
Stopped here and did not return to a prompt.
Can you paste the output of this command:
openssl s_client -showcerts -connect raw.githubusercontent.com:443
On Thu, Jun 2, 2016 at 9:35 AM rlefever [email protected]
wrote:Update and Upgrade performed again. Nothing to update.
Per the referenced guide I tried to modify the cert-verification.cfg. I
found that it did not exist. I created it (in /etc/python/ the other
path
does not exist) and entered the option specified but I am still getting
the same results.Looks like our hitting a local SSL certificate trust issue on your pi
machine. You may need to update your SSL trust store. Reference the
below
URL's (forgive the linux version of redhat) for resolution/work aroundI would make sure your system is first up to date; sudo apt-get update
and
then sudo apt-get upgrade.If you are very technical you can try running through this guide:
https://access.redhat.com/articles/2039753Andre - Is there a way to disable the VerifiedHTTPSConnection option
on
the
installer? I would tend to recommend fixing the trust bundle of the
machine, but if you can specify a no verify function via input
argument
then that quickly gets around the issue.On Wed, Jun 1, 2016 at 7:42 PM rlefever [email protected]
wrote:pi@alertr-server:~ $ python alertRinstaller.py -l
06/01/2016 23:40:55 DEBUG: [alertRinstaller.py]: Downloading
repository
information.
Server Cert File Location:
/tmp/tmpAMCVLa
Input:
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
MAkGA1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjlDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----06/01/2016 23:41:00 ERROR: [alertRinstaller.py]: Getting repository
information failed.
Traceback (most recent call last):
File "alertRinstaller.py", line 1027, in getRepositoryInformation
conn.request("GET", serverPath + "/repoInfo.json")
File "/usr/lib/python2.7/httplib.py", line 1001, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 1035, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 997, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 850, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 812, in send
self.connect()
File "alertRinstaller.py", line 104, in connect
ca_certs=self.servercert_file)
File "/usr/lib/python2.7/ssl.py", line 891, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 507, in init
self._context.load_verify_locations(ca_certs)
SSLError: [X509] PEM lib (_ssl.c:2751)Could not list repository information.
This is interesting. I just tested it myself and it worked out:
sqall@towel:~/alertR/test$ wget
https://raw.githubusercontent.com/sqall01/alertR/master/alertRinstaller.py
sqall@towel:~/alertR/test$ python alertRinstaller.py -l
[...]I guess the installer could not create a temporary file to which
the
certificate content is written to. At least, this is what it looks
like
regarding your error message. At the moment, I have no idea why
this
happens. So we have to debug it a little bit. Can you please try
the
attached installation script and paste me the output? Since github
does
not support ".py" files, you have to rename it.The changes I made were just some debug outputs. If you do not
trust
it,
just diff both versions of it.[alertRinstaller.py.txt](
https://github.com/sqall01/alertR/files/293797/alertRinstaller.py.txt)
P.S.
I am not available until the end of next week. Please do not feel
ignored
if I answer afterwards.
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#13 (comment)—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#13 (comment)
,
or
mute
the thread
<https://github.com/notifications/unsubscribe/AJ0Lfczp9NnGKny8uJhS1e6t3svN-rjrks5qHhjYgaJpZM4IrDLw
.
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#13 (comment)—
You are receiving this because you commented.Reply to this email directly, view it on GitHub
#13 (comment),
or
mute
the thread
<
https://github.com/notifications/unsubscribe/AJ0LfZUaWa_Dv4uGiF-WzicMm55ROAbFks5qHtw5gaJpZM4IrDLw.
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#13 (comment)—
You are receiving this because you commented.Reply to this email directly, view it on GitHub
#13 (comment), or mute
the thread
https://github.com/notifications/unsubscribe/AJ0LfZY6Xp94XFaHkL8l-sn_Xotn2IpQks5qHvwegaJpZM4IrDLw
.
from alertr.
rlefever
commented on July 17, 2024
pi@alertr-server:~ $ python alertRinstaller.py -l
06/02/2016 17:20:34 DEBUG: [alertRinstaller.py]: Downloading repository
information.
Server Cert File Location:
/tmp/tmptICw6i
Input:
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
MAkGA1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjlDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----
06/02/2016 17:20:40 ERROR: [alertRinstaller.py]: Getting repository
information
failed.
Traceback (most recent call last):
File "alertRinstaller.py", line 1027, in getRepositoryInformation
conn.request("GET", serverPath + "/repoInfo.json")
File "/usr/lib/python2.7/httplib.py", line 1001, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 1035, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 997, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 850, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 812, in send
self.connect()
File "alertRinstaller.py", line 104, in connect
ca_certs=self.servercert_file)
File "/usr/lib/python2.7/ssl.py", line 891, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 507, in init
self._context.load_verify_locations(ca_certs)
SSLError: [X509] PEM lib (_ssl.c:2751)
Could not list repository information.
Thanks,
Thanks. Lastly can you run the the debugging installer linked by Andre? I
am going to attempt to replicate your issue.On Thu, Jun 2, 2016 at 11:52 AM rlefever [email protected] wrote:
pi@alertr-server:~ $ openssl s_client -showcerts -connect
raw.githubusercontent.com:443
CONNECTED(00000003)
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert
SHA2 High Assurance Server CA
verify error:num=20:unable to get local issuer certificateverify return:0
Certificate chain
0 s:/C=US/ST=California/L=San Francisco/O=Fastly, Inc./CN=www.github.com
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High
Assurance Server CA
-----BEGIN CERTIFICATE-----
MIIFrzCCBJegAwIBAgIQB3pdwzYjAfmJ/lT3+G8+ZDANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0xNjAxMjAwMDAwMDBaFw0xNzA0MDYxMjAwMDBa
MGoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
YW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxGYXN0bHksIEluYy4xFzAVBgNVBAMTDnd3
dy5naXRodWIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+9WU
CgrgUNwP/JC3cUefLAXeDpq8Ko/U8p8IRvny0Ri0I6Uq0t+RP/nF0LJAvda8QHYu
jdgeDTePepBX7+OiwBFhA0YO+rM3C2Z8IRaN/i9eLln+Yyc68+1z+E10s1EXdZrt
DGvN6MHqygGsdfkXKfBLUJ1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjl5NpdmQhtceaFGs
PiWuJxGxRzS4i95veUHWkhMpEYDEEBdcDGxqArvQCvzSlngdttQCfx8OUkBTb3BA
2okpTwwJfqPsxVetA6qR7UNc+fVb6KHwvm0bzi2rQ3xw3D/syRHwdMkpoVDQPCk4
3H9WufgfBKRen87dFwIDAQABo4ICSTCCAkUwHwYDVR0jBBgwFoAUUWj/kK8CB3U8
zNllZGKiErhZcjswHQYDVR0OBBYEFGS/RLNGCZvPWh1xSaIEcouINIQjMHsGA1Ud
EQR0MHKCDnd3dy5naXRodWIuY29tggwqLmdpdGh1Yi5jb22CCmdpdGh1Yi5jb22C
CyouZ2l0aHViLmlvgglnaXRodWIuaW+CFyouZ2l0aHVidXNlcmNvbnRlbnQuY29t
ghVnaXRodWJ1c2VyY29udGVudC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjOi8v
Y3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzUuY3JsMDSgMqAwhi5o
dHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzUuY3JsMEwG
A1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3
LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3MHUwJAYI
KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZB
aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1
cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOC
AQEATxbRdPg+o49+96/P+rbdp4ie+CGtfCgUubT/Z9C54k+BfQO0nbxVgCSM5WZQ
uLgo2Q+0lcxisod8zxZeU0j5wviQINwOln/iN89Bx3VmDRynTe4CqhsAwOoO1ERm
CAmsAJBwY/rNr4mK22p8erBrqMW0nYXYU5NFynI+pNTjojhKD4II8PNV8G2yMWwY
Ob/u4+WPzUAHC9DpZdrWTEH/W69Cr/KxRqGsWPwpgMv2Wqav8jaT35JxqTXjOlhQ
qzo6fNn3eYOeCf4PkCxZKwckWjy10qDaRbjhwAMHAGj2TPridlvOj/7QyyX5m8up
/1US8z1fRW4yoCSOt6V2bwuH6Q==
-----END CERTIFICATE-----
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High
Assurance Server CA
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance
EV Root CA
-----BEGIN CERTIFICATE-----
MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL
MAkGA1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjlDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy
YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2
4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC
Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1
itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn
4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X
sh5ENWV/UyU50RwKmmMbGZJ0aAo1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjt
bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA
MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t
L0RpZ2lDZXJ0SGlnaEFzc1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjjA0MDIG
BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ
UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D
aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd
aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH
E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly
/D6q1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygj69aSEaRkCldUxPUd1gJea6zu
xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF
0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae
cPUeybQ=-----END CERTIFICATE-----
Server certificate
subject=/C=US/ST=California/L=San Francisco/O=Fastly, Inc./CN=
www.github.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 HighAssurance Server CA
No client certificate CA names sent
SSL handshake has read 3326 bytes and written 415 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID:
8E151F8A23865C8C0A27E6FF41BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygj0B427FE1507
Session-ID-ctx:
Master-Key:9AE250430A3F725603A31FA7EFAD838990A002AD57001BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjE20C5B05C8EB9AFA
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 1200 (seconds)
TLS session ticket:
0000 - 63 cc 77 4a 00 db 2c 42-2e 8f 76 23 dd a9 ae 53 c.wJ..,B..v#...S
0010 - 98 de 99 e9 12 19 ae a7-fe 97 d7 11 63 1b 7f de ............c...
0020 - 1a 42 13 58 16 e6 ef 21-13 de c3 0a ba 5c 36 a3 .B.X...!.....\6.
0030 - b9 97 ef ef ff b7 8d fa-0d 05 b8 8c 68 eb 2c 31 ............h.,1
0040 - 70 ec 80 f2 45 b9 bb 1e-cd b8 1a e3 67 31 14 d9 p...E.......g1..
0050 - 88 ac 94 bb 57 8d 73 e5-d0 dd e7 2a 50 c9 4d c6 ....W.s...._P.M.
0060 - ff 45 ef 8d 33 83 e5 da-2a 72 55 3b a6 cd 5e 2b .E..3..._rU;..^+
0070 - 2a d8 2d bf 5f 4e 52 14-8b e0 0b 1d 32 f7 30 ce *.-._NR.....2.0.
0080 - 35 8a 1b 40 b8 bc fe 1a-2d 77 9a 9a d5 c6 92 c8 [email protected]......
0090 - fb 29 91 29 48 1b 05 d3-23 39 b8 05 61 7f 79 54 .).)H...#9..a.yTStart Time: 1464882535
Timeout : 300 (sec)Verify return code: 20 (unable to get local issuer certificate)
Stopped here and did not return to a prompt.
Can you paste the output of this command:
openssl s_client -showcerts -connect raw.githubusercontent.com:443
On Thu, Jun 2, 2016 at 9:35 AM rlefever [email protected]
wrote:Update and Upgrade performed again. Nothing to update.
Per the referenced guide I tried to modify the cert-verification.cfg.
I
found that it did not exist. I created it (in /etc/python/ the other
path
does not exist) and entered the option specified but I am still
getting
the same results.Looks like our hitting a local SSL certificate trust issue on your
pi
machine. You may need to update your SSL trust store. Reference the
below
URL's (forgive the linux version of redhat) for resolution/work
aroundI would make sure your system is first up to date; sudo apt-get
update
and
then sudo apt-get upgrade.If you are very technical you can try running through this guide:
https://access.redhat.com/articles/2039753Andre - Is there a way to disable the VerifiedHTTPSConnection
option
on
the
installer? I would tend to recommend fixing the trust bundle of the
machine, but if you can specify a no verify function via input
argument
then that quickly gets around the issue.On Wed, Jun 1, 2016 at 7:42 PM rlefever [email protected]
wrote:pi@alertr-server:~ $ python alertRinstaller.py -l
06/01/2016 23:40:55 DEBUG: [alertRinstaller.py]: Downloading
repository
information.
Server Cert File Location:
/tmp/tmpAMCVLa
Input:
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
MAkGA1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygjlDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----06/01/2016 23:41:00 ERROR: [alertRinstaller.py]: Getting
repository
information failed.
Traceback (most recent call last):
File "alertRinstaller.py", line 1027, in getRepositoryInformation
conn.request("GET", serverPath + "/repoInfo.json")
File "/usr/lib/python2.7/httplib.py", line 1001, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 1035, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 997, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 850, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 812, in send
self.connect()
File "alertRinstaller.py", line 104, in connect
ca_certs=self.servercert_file)
File "/usr/lib/python2.7/ssl.py", line 891, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 507, in init
self._context.load_verify_locations(ca_certs)
SSLError: [X509] PEM lib (_ssl.c:2751)Could not list repository information.
This is interesting. I just tested it myself and it worked out:
sqall@towel:~/alertR/test$ wget
https://raw.githubusercontent.com/sqall01/alertR/master/alertRinstaller.py
sqall@towel:~/alertR/test$ python alertRinstaller.py -l
[...]I guess the installer could not create a temporary file to which
the
certificate content is written to. At least, this is what it
looks
like
regarding your error message. At the moment, I have no idea why
this
happens. So we have to debug it a little bit. Can you please try
the
attached installation script and paste me the output? Since
github
does
not support ".py" files, you have to rename it.The changes I made were just some debug outputs. If you do not
trust
it,
just diff both versions of it.[alertRinstaller.py.txt](
https://github.com/sqall01/alertR/files/293797/alertRinstaller.py.txt)
P.S.
I am not available until the end of next week. Please do not
feel
ignored
if I answer afterwards.
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#13 (comment)—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#13 (comment)
,
or
mute
the thread
<https://github.com/notifications/unsubscribe/AJ0Lfczp9NnGKny8uJhS1e6t3svN-rjrks5qHhjYgaJpZM4IrDLw
.
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#13 (comment)—
You are receiving this because you commented.Reply to this email directly, view it on GitHub
#13 (comment),
or
mute
the thread
<
https://github.com/notifications/unsubscribe/AJ0LfZUaWa_Dv4uGiF-WzicMm55ROAbFks5qHtw5gaJpZM4IrDLw.
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#13 (comment)—
You are receiving this because you commented.Reply to this email directly, view it on GitHub
#13 (comment), or
mute
the thread
https://github.com/notifications/unsubscribe/AJ0LfZY6Xp94XFaHkL8l-sn_Xotn2IpQks5qHvwegaJpZM4IrDLw
.
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#13 (comment)
from alertr.
sqall01
commented on July 17, 2024
As a workaround I just uploaded a version that can disable the SSL certificate check (parameter --no-check-ssl-certificate) into the alertR repository. This is just a "dirty" workaround and will weaken the security of the installer. But for testing purposes it should be fine.
@akkord64 I know that Github can change the certificate any time and it will then break the installer. But still I will leave the pinning in there. The reason is the following: Your way will download the certificate and will use this for checking the Github SSL connection. But how do I check the download SSL connection of the certificate? With certificate pinning? This is kind of the chicken-and-egg problem. But I have an idea to come around the SSL certificate pinning. I will add code signing to the repository. This way I can pin the certificate used to verify the downloaded files. As long as the installer and updater of alertR are used, there should not be any problem. Just added it to my to-do list ;)
@rlefever I will look into the problem at the weekend. Then I will install a Pi with the newest Rasbian Lenny version. I will keep you updated when I have solved this problem or need some information.
from alertr.
rlefever
commented on July 17, 2024
Finally wiped and reinstalled a fresh copy of Raspian Jessie, downloaded
the latest from github and it works.
Thanks so much for all your efforts.
As a workaround I just uploaded a version that can disable the SSL
certificate check (parameter --no-check-ssl-certificate) into the alertR
repository. This is just a "dirty" workaround and will weaken the security
of the installer. But for testing purposes it should be fine.@akkord64 I know that Github can change the certificate any time and it
will then break the installer. But still I will leave the pinning in
there. The reason is the following: Your way will download the certificate
and will use this for checking the Github SSL connection. But how do I
check the download SSL connection of the certificate? With certificate
pinning? This is kind of the chicken-and-egg problem. But I have an idea
to come around the SSL certificate pinning. I will add code signing to the
repository. This way I can pin the certificate used to verify the
downloaded files. As long as the installer and updater of alertR are used,
there should not be any problem. Just added it to my to-do list ;)@rlefever I will look into the problem at the weekend. Then I will install
a Pi with the newest Rasbian Lenny version. I will keep you updated when I
have solved this problem or need some information.
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
#13 (comment)
from alertr.
Related Issues (20)
- FIFO question = how to?! HOT 4
- Siren Timeout HOT 2
- Problem in config managerClientDatabase NameError: name 'updateServer' is not defined HOT 2
- SSLEOFError: EOF occurred in violation of protocol HOT 7
- Playing (no)sound from keypad to bluetooth speaker HOT 6
- Clear message history in the Android app HOT 2
- Error in dependency version check of installer HOT 1
- Missing files after server installation HOT 1
- Error in sensorClientRaspberryPi interrupt callback HOT 5
- What is the most simple way to activate/deactivate alertR time-controlled? HOT 6
- ManagerClientConsole cant find server HOT 5
- Best way to implement a door sensor HOT 8
- Feature request: allow the use of IMAP IDLE for push notifications HOT 2
- Feature request: installation and configuration assistants HOT 2
- Triggered alert before system active didnt gets triggered again HOT 5
- Problem with alertwebmobilemanager after update to 0.800 HOT 4
- ICalendar exit code 1 HOT 5
- PHP issues with Web Mobile manager HOT 7
- Temperature sensor don't go back to normal state after triggered HOT 4
- Error 404: installing server on windows HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from alertr.