BackendException: SSL failed: [SSL: CERTIFICATE_VERIFY_FAILED]

Bug #1820512 reported by Joe
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
httplib2
New
Undecided
Unassigned

Bug Description

duplicity 0.7.11
python 2.7.13

When trying to use duplicity with webdavs I get the following error:

BackendException: SSL failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)

I tried what is mentioned in "Note on Ssl Certificate Verification" (https://curl.haxx.se/docs/caextract.html) in the doc

--ssl-cacert-file /etc/duplicity/cacert.pem

and

--ssl-cacert-path /etc/duplicity

and

-ssl-no-check-certificate

and I also copied the file to

~/.duplicity/cacert.pem
~/duplicity_cacert.pem
/etc/duplicity/cacert.pem

Nothing worked, still the same message.

I found this thread

https://duplicity-talk.nongnu.narkive.com/behoUdPH/webdav-ssl-certificate-verify-failed

in the end they suggested to use lftp+webdavs instead of webdavs, this
also worked for me. Any ideas why webdavs only does not work?
If something has been deprecated it should be added to the doc.

Revision history for this message
Joe (homerun4711) wrote :

Same issue on current stable 0.7.18

I had a look at the source (webdavbackend.py) and the parameter
--ssl-no-check-certificate is working as expected.

The exception is thrown in _list

https://bazaar.launchpad.net/~duplicity-team/duplicity/0.7-series/view/head:/duplicity/backends/webdavbackend.py#L308

The --ssl-no-check-certificate option

https://bazaar.launchpad.net/~duplicity-team/duplicity/0.7-series/view/head:/duplicity/backends/webdavbackend.py#L190

creates a httplib.HTTPSConnection instead of a VerifiedHTTPSConnection
but the error happens anyway. Are the certificates checked anyway?

Revision history for this message
David Smith (sidicas2) wrote :

Had the same problem
pip install 'httplib2==0.10.3'
Resolved it.
Found this post that says it's a problem with httplib2.
https://github.com/httplib2/httplib2/issues/47

affects: duplicity → httplib2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.