Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable SSL Veriry #5

Open
itsecforu opened this issue Feb 9, 2021 · 4 comments
Open

Disable SSL Veriry #5

itsecforu opened this issue Feb 9, 2021 · 4 comments

Comments

@itsecforu
Copy link

Hey!

I got the error Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED on every step

How can i disable it to check without SSL?
@itsecforu
Copy link
Author

no ideas ? :-(

@PaperMtn
Copy link
Owner

Hi. Do you have a valid SSL certificate on your GitLab instance?

I imagine this is caused as the requests library sets SSL verify as true by default, and it’s configured in GitLab Watchman to verify SSL as well.

It’s debatable the merits of turning this off, and I ’m reluctant to change it to not check by default as really most environments should be using a valid SSL certificate for GitLab instances.

If you’re building from source, you could change it yourself by modifying line 29 in gitlab-watchman/gitlab_watchman/gitlab_wrapper.py to verify_ssl=False

Let me know how it goes.

@itsecforu
Copy link
Author

itsecforu commented Feb 11, 2021
edited
Loading

Hey! Thx u for feedback!
Cert valid to 4757 year :-D
I use self-signed certificate.
I tried to add rootca.cert to /etc/pki/ca-certs/source/anchors/ , but it still doesnt work.
with verify_ssl=False i got this output:

gitlab-watchman --timeframe a --all
No logging option selected, defaulting to Stdout
{"localtime": "2021-02-11 16:15:23,648", "level": "INFO", "source": "GitLab Watchman", "message": "GitLab Watchman started execution"}
{"localtime": "2021-02-11 16:15:23,649", "level": "INFO", "source": "GitLab Watchman", "message": "Version: 1.4.0"}
{"localtime": "2021-02-11 16:15:23,649", "level": "INFO", "source": "GitLab Watchman", "message": "Importing rules..."}
{"localtime": "2021-02-11 16:15:23,753", "level": "INFO", "source": "GitLab Watchman", "message": "31 rules loaded"}
{"localtime": "2021-02-11 16:15:23,753", "level": "INFO", "source": "GitLab Watchman", "message": "Getting everything..."}
{"localtime": "2021-02-11 16:15:23,753", "level": "INFO", "source": "GitLab Watchman", "message": "Searching for Passwords in blobs"}
HTTPSConnectionPool(host='gitlab.my.local', port=443): Max retries exceeded with url: /api/v4/search?scope=blobs&search=%22password%3A%22+-%28svg%7Cpng%7Cjpeg%7Cjpg%29&per_page=100&page= (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))
{"localtime": "2021-02-11 16:23:30,186", "level": "CRITICAL", "source": "GitLab Watchman", "message": "'NoneType' object has no attribute 'headers'"}
{"localtime": "2021-02-11 16:23:30,186", "level": "INFO", "source": "GitLab Watchman", "message": "Searching for Passwords in commits"}

@itsecforu
Copy link
Author

any ideas?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@itsecforu @PaperMtn