0

On a Redhat box (Red Hat Enterprise Linux Workstation release 6.8 (Santiago)) I am able to make a curl request to the JIRA instance like follows:

curl -k -D- -u "user":"password" -X GET -H "Content-Type: application/json" https://some_url/jira/rest/api/2/search?jql=assignee=fritz

This request returns a valid json with the actual data in it. So far so good.

To access and evaluate the information from the json I am trying to use jira-python in order to have a parser for the jira json's. The code is as follows:

jira = JIRA('https://some_url/jira', basic_auth=('user','password'))

which results in an error like follows: 

WARNING:root:[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749) while doing GET https://some_url/jira/rest/api/2/serverInfo [{'params': None, 'headers': {'User-Agent': 'python-requests/2.12.4', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json,*.*;q=0.9', 'Connection': 'keep-alive', 'Cache-Control': 'no-cache', 'Content-Type': 'application/json', 'X-Atlassian-Token': 'no-check'}}]

Why do I have a certificate error when trying to access the JIRA with python, but I do not when using curl? And how to fix this?

Alex
  • 41,580
  • 88
  • 260
  • 469
  • Do not use -k, fix your certificate chain instead. – frlan Jan 13 '17 at 09:00
  • Possible duplicate of [How to get Python Requests to Trust a Self Signed SSL Certificate?](http://stackoverflow.com/questions/30405867/how-to-get-python-requests-to-trust-a-self-signed-ssl-certificate) – frlan Jan 13 '17 at 12:07
  • While discussion I think it's a duplicate and might have an answer with http://stackoverflow.com/a/30405947/2915834 – frlan Jan 13 '17 at 12:07

1 Answers1

1

If you want to skip the certificate validation(not secure), set verify to False. 

jira = JIRA('https://some_url/jira', verify=False, basic_auth=('user','password'))

As @frlan pointed out, it's better to validate the certificate. Just go through the JIRA arguments, and specify your client certificate for validation.

Explanation: https://github.com/pycontribs/jira/blob/5cade37e56612caee36db6310b6e0ef935726944/jira/client.py

 * verify -- Verify SSL certs. Defaults to ``True``.
Will
  • 200
  • 1
  • 7
  • Don't deactivate certificate checks. If they fail, there is a reason. – frlan Jan 13 '17 at 08:59
  • 1
    @frlan And which reason could that be? And why is that important? – Alex Jan 13 '17 at 09:06
  • What @frlan said is right, there will be secure issue. To avoid Man-in-the-middle attack. – Will Jan 13 '17 at 09:12
  • 1
    I guess a man-in-the-middle attack is irrelevant in my case. Why should someone in my company change JIRA ticket contents? – Alex Jan 13 '17 at 09:14
  • @Alex SSL is not a rocket science at least on basic level but is adding so much value. Just do it. – frlan Jan 13 '17 at 10:04
  • And its not about JIRA issue contents — which might be sensible too — but e.g. LDAP-passwords, sensible information about your customers., – frlan Jan 13 '17 at 10:05
  • @frlan: I agree, SSL is not rocket science, its much more complicated than that... Anyway, I am in the same (closed) network and the responsible person agreed using the system without certificate is ok... – Alex Jan 13 '17 at 11:10
  • Its a self-signed certificate. which makes it REALLY much harder and complicated than rocket science – Alex Jan 13 '17 at 11:11
  • found that the parameter is changed to verify_ssl for CONFLUENCE connection inherited from the atlassian_rest_api. – Ali Avcı May 21 '21 at 09:45