Re: Boto to AWS from GAE SSL errors?

1,187 views
Skip to first unread message

Robert H. Mowery III

unread,
Nov 7, 2012, 9:37:12 PM11/7/12
to boto-...@googlegroups.com
I managed to find a workaround on this using the following as the connection call:

def getEC2Connection(self):
        return boto.connect_ec2(self._key, self._sec, validate_certs=False)

and forcing the validate_certs = False.  

I understand why the statement works, but what I still do not understand why validate_certs =True does not run from GAE, but works fine from local servers and from AWS.

Perhaps something needs to be installed within my GAE deployment to correct this?  


-Rob

On Wednesday, November 7, 2012 5:43:40 PM UTC-5, Robert H. Mowery III wrote:
I am attempting to test a python app running on GAE that uses boto to hit AWS.  This application works fine running from a local environment and if I place it onto an Linux machine on AWS.  Google App Engine however keeps spewing out the following error:

"SSL server certificate validation is enabled in boto "
BotoClientError: BotoClientError: SSL server certificate validation is enabled in boto configuration, but Python dependencies required to support this feature are not available. Certificate validation is only supported when running under Python 2.6 or later.

Now my app.yml file specifically has Python2.7 stated:
runtime: python27
api_version: 1

Searching around the only suggestion I found (which does not seem to work) is placing this chunk of code into my app.
        config = boto.config
        config.add_section('boto')
        config.set('boto','https_validate_certificates', 'False')
        config.add_section('aws info')
        config.set('aws info','aws_validate_certs','False')

How are others getting boto to run from GAE?  Is this an issue between going from GAE to AWS with boto?

Appreciate any advice, suggestions, or links to posts I may have overlooked.

-Rob

Estevo U. C. Castro

unread,
Apr 30, 2013, 9:21:12 PM4/30/13
to boto-...@googlegroups.com
As of GAE 1.7.7 you can just declare the following in your app.yaml:

libraries:
    - name: ssl
      version: "latest"  # or "2.7", as of this writing

Note that GAE's ssl module support is still experimental.  But it seems to work for boto.


On Thursday, February 7, 2013 11:10:27 PM UTC+1, Nadia wrote:
Dear Robert,

Indeed, I've found that recently Boto has switched to validate certificates by default.

Better workaround here would be to disable certificates validation for Boto while running on GAE using configurations parameters:

if not boto.config.has_section('Boto'):
    boto.config.add_section('Boto')
boto.config.set('Boto', 'https_validate_certificates', 'False')

Please note that section here is named 'Boto' (leading upper case).
This is the main difference from your original workaround. I've checked with lowercase 'boto' section name and configuration parameter was not picked up by Boto.
Reply all
Reply to author
Forward
0 new messages