Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Corporate netsec software on Windows may causes 'self signed certificate' verification errors

See original GitHub issue

It appears that this happens as network packets are inspected and re-signed by software running in the background on the machine. In theory there should be a way to let users trust the certs issued by their corp IT teams, and/or selectively disable/mute validations from specific domains.

Two instances so far reported in slack:

Maybe (or maybe not) related:

I went digging around we did have some historic references to ‘self signed certificates’ in tap-gitlab and in the SDK. In those cases, a suggested improvement was to leverage a python session object when preparing or making the request.

The applied change in the SDK was to prepare the request from the session object: https://gitlab.com/meltano/sdk/-/merge_requests/45/diffs
merge_environment_settings was noted in the historic tap-gitlab issue here as being relevant and skipped in certain codepaths: https://github.com/psf/requests/blob/8c211a96cdbe9fe320d63d9e1ae15c5c07e179f8/requests/sessions.py#L701

See below for guidance from Greg Vaslo on slack. Also this issue is noted as related (affects SDK taps but not Meltano core):

https://github.com/meltano/sdk/issues/633

Issue Analytics

State:
Created a year ago
Comments:5

Top GitHub Comments

1reaction

edgarrmondragoncommented, Nov 7, 2022

A workaround to this error in meltano add for anyone stumbling into it:

Locate the plugin in Meltano Hub: https://hub.meltano.com/. In the plugin page, take note of the default variant, or pick the one you prefer:
Manually download the plugin definition from the Meltano Hub API into the plugins/<plugin type> directory of your Meltano project. In the case of tap-oracle, this directory is plugins/extractors/:
```
PLUGIN_TYPE=extractors
PLUGIN=tap-oracle
VARIANT=transferwise
PLUGIN_PATH=plugins/$PLUGIN_TYPE/$PLUGIN--$VARIANT
curl https://hub.meltano.com/meltano/api/v1/$PLUGIN_PATH > $PLUGIN_PATH.lock
```

Add the plugin entry to meltano.yml

plugins:
  extractors:
  - name: tap-oracle
    variant: transferwise

You should now be able to use the plugin normally.

0reactions

vischcommented, Jul 5, 2022

Discovery file changed locations, maybe a workaround you put in place is broken now? Maybe you could take a look at lock files which is new https://docs.meltano.com/reference/command-line-interface#lock I believe, then meltano shouldn’t need to be able to reach the hub. I am guessing at what the cause is without errors and things but this sounds likely based on the past info!

Top Results From Across the Web

Security certificate validation fails - Windows Server

Cause. This issue occurs because the website certificate has multiple trusted certification paths on the web server. For example, assume that ...

A Simple Explanation of SSL Certificate Errors & How to Fix ...

1. SSL Certificate Not Trusted Error. This error indicates that the SSL certificate is signed or approved by a company that the browser...

The Dangers of Self-Signed SSL Certificates - GlobalSign

The security warnings associated with self-signed SSL Certificates drive away potential clients for fear that the website does not secure their credentials.

Troubleshoot Expressway Traffic Server Certificate Verification ...

The error of 'certificate verify failed' indicates the fact that the Expressway-C could not validate the TLS handshake. The reason for it, is ......

What does 'Your connection is not private' mean? | How to fix ...

This error is caused by an issue with the website's SSL certificate – it's missing, or it's expired, or it wasn't issued by...