Login fails with OpenSSL.SSL.Error #14
Description
Using python 2.7.11
virtualenv /tmp/venv
/tmp/venv/bin/pip install esgf-pyclient myproxyclient
/tmp/venv/bin/pythonfrom pyesgf.logon import LogonManager
lm = LogonManager()
lm.logon(username=<username>, password=<password>, hostname='pcmdi9.llnl.gov')This results in:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/tmp/venv/local/lib/python2.7/site-packages/pyesgf/logon.py", line 176, in logon
bootstrap=bootstrap, updateTrustRoots=update_trustroots)
File "/tmp/venv/local/lib/python2.7/site-packages/myproxy/client.py", line 1412, in logon
**getTrustRootsKw)
File "/tmp/venv/local/lib/python2.7/site-packages/myproxy/client.py", line 1564, in getTrustRoots
conn.write('0')
File "/tmp/venv/local/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1271, in send
self._raise_ssl_error(self._ssl, result)
File "/tmp/venv/local/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1191, in _raise_ssl_error
_raise_current_error()
File "/tmp/venv/local/lib/python2.7/site-packages/OpenSSL/_util.py", line 48, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]
I get the same error if I use MyProxyClient directly with /tmp/venv/bin/myproxyclient logon -s pcmdi9.llnl.gov -l <username> -o creds.pem, but it works with the -b option to bootstrap the trust.
I had thought the root CA was supposed to be fetched by default (update_trustroots), but this does not appear to be happening.
Thoughts?