When you access a self-signed https url and turned off https verify,
you still get CERTIFICATE_VERIFY_FAILED error, since urllib3 still verified it by mistake.
However, in our case, we are not turning off https verify.
Instead, we expect our cert is installed on system and requests/urllib3 can find it and verify ok.
But we actually get this error:
unit.openstack-service-checks/0.juju-log Failed to create endpoint checks due issue communicating with Keystone. Error:
Keystone ssl error when listing SSL exception connecting to https://10.0.8.91:35357/v3/auth/tokens:
HTTPSConnectionPool(host='10.0.8.91', port=35357): Max retries exceeded with url:
/v3/auth/tokens (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed (_ssl.c:852)'),)): endpoints
After more digging, I discovered that this issue is not caused by urllib3 1.25.4 or OpenSSL 1.1.1.
The urllib3 bug: https:/ /github. com/urllib3/ urllib3/ issues/ 1682
It was really about:
When you access a self-signed https url and turned off https verify, VERIFY_ FAILED error, since urllib3 still verified it by mistake.
you still get CERTIFICATE_
That is fixed in 1.25.5: https:/ /github. com/urllib3/ urllib3/ compare/ 1.25.4. ..1.25. 5
However, in our case, we are not turning off https verify.
Instead, we expect our cert is installed on system and requests/urllib3 can find it and verify ok.
But we actually get this error:
unit. openstack- service- checks/ 0.juju- log Failed to create endpoint checks due issue communicating with Keystone. Error: /10.0.8. 91:35357/ v3/auth/ tokens: tionPool( host='10. 0.8.91' , port=35357): Max retries exceeded with url: SSLError( 1, '[SSL: CERTIFICATE_ VERIFY_ FAILED]
Keystone ssl error when listing SSL exception connecting to https:/
HTTPSConnec
/v3/auth/tokens (Caused by SSLError(
certificate verify failed (_ssl.c:852)'),)): endpoints