Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ssl verification fails despite verify_certs=false

See original GitHub issue

In elasticsearch version 6.6.1 and elasticsearch-dsl version 6.1.0, ssl verification seems to ignore the verify_certs option. When set to True, the cert is still verified and fails on self-signed certs.

In version elasticsearch 5.5.1, and elasticsearch-dsl version 5.4.0, the verify_certs options works as expected.

client = Elasticsearch( hosts=['localhost'], verify_certs=False, timeout=60 )

elasticsearch.exceptions.SSLError: ConnectionError([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:777)) caused by: SSLError([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:777))

Issue Analytics

State:
Created 6 years ago
Reactions:3
Comments:26 (8 by maintainers)

Top GitHub Comments

27reactions

JamesHutchisonPremisecommented, Feb 2, 2018

I went through the debugger a bunch and found that verify_certs is ignored if ca_certs is None or set to some value (None is taken as “use defaults”, which results in certs being set to required). Simply set this to a False value of some sort that isn’t None and it should work.

es = Elasticsearch("https://user:pass@myelasticsearch",
                   ca_certs=False,
                   verify_certs=False)

This seems to be an issue with the underlying Python library, but it’s difficult to figure that out due to the way keyword args are passed around in the Elasticsearch library.

15reactions

fxdgearcommented, Jan 15, 2018

@gnarlyman thanks for the issue and the good eye. I’ll get this fixed asap.

But please note that the use of verify_certs is depreicated.

Please try creating an ssl_context object and set the verification mode on the context.

import ssl
from elasticsearch.connection import create_ssl_context

ssl_context = create_ssl_context(<use `cafile`, or `cadata` or `capath` to set your CA or CAs)
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE

es = Elasticsearch('localhost', ssl_context=context, timeout=60

Top Results From Across the Web

python - urllib and "SSL: CERTIFICATE_VERIFY_FAILED" Error

There is nothing wrong with the URL and it can be successfully verified with the common trusted certificates. So you should better not...

A Simple Explanation of SSL Certificate Errors & How to Fix ...

1. SSL Certificate Not Trusted Error. This error indicates that the SSL certificate is signed or approved by a company that the browser...

What is an SSL 'Certificate_Verify_Failed' Error and How Do I ...

SSL certificate_verify_failed errors typically occur as a result of outdated Python default certificates or invalid root certificates. If you're a website owner ...

Ruby SSL Error: certificate verify failed - EngineYard

Summary. The Ruby OpenSSL error certificate verify failed means your code can't verify that the SSL certificate of the website or API you're ......

Unable to verify server's identity: [SSL - Red Hat Customer Portal

Oh I was using redhat 7.3 not Centos, even though I added the option its giving the same error. "Unable to verify server's...