Sync fails because of CERTIFICATE_VERIFY_FAILED despite --insecure being set
Hey,
we are using gitlab-sync with gitlab-cp and the --insecure flag being set. Our company is forcing us to use a Proxy which is making this necessary.
Unfortunately we are running into an CERTIFICATE_VERIFY_FAILED error if we attempt to sync new projects. To trigger syncing new projects we are removing an entry from --exclude.
The error message and trace-back can be found below.
We could workaround the issue with adding
# Hack: set everything to unverified
ssl._create_default_https_context = ssl._create_unverified_contextto sync.py#L52.
However, this is for sure not a feasible solution. We think urlretrieve could cause this issue. urlretrieve can't consume a context, therefore we used the dirty workaround above. Do you guys maybe have an idea how to solve this properly?
[...]
- 🏠 Project to-be-continuous/maven (26454233) => ci/to-be-continuous/maven...
- project: created (419)
Traceback (most recent call last):
File "/usr/local/lib/python3.12/urllib/request.py", line 1344, in do_open
h.request(req.get_method(), req.selector, req.data, headers,
File "/usr/local/lib/python3.12/http/client.py", line 1336, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/local/lib/python3.12/http/client.py", line 1382, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.12/http/client.py", line 1331, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.12/http/client.py", line 1091, in _send_output
self.send(msg)
File "/usr/local/lib/python3.12/http/client.py", line 1035, in send
self.connect()
File "/usr/local/lib/python3.12/http/client.py", line 1477, in connect
self.sock = self._context.wrap_socket(self.sock,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/ssl.py", line 455, in wrap_socket
return self.sslsocket_class._create(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/ssl.py", line 1042, in _create
self.do_handshake()
File "/usr/local/lib/python3.12/ssl.py", line 1320, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/bin/gitlab-cp", line 8, in <module>
sys.exit(run())
^^^^^
File "/usr/local/lib/python3.12/site-packages/gitlab_cp/sync.py", line 914, in run
client.sync_group(src_group, dest_parent_group)
File "/usr/local/lib/python3.12/site-packages/gitlab_cp/sync.py", line 670, in sync_group
self.sync_project(
File "/usr/local/lib/python3.12/site-packages/gitlab_cp/sync.py", line 485, in sync_project
urlretrieve(src_avatar_url, avatar_path)
File "/usr/local/lib/python3.12/urllib/request.py", line 240, in urlretrieve
with contextlib.closing(urlopen(url, data)) as fp:
^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/urllib/request.py", line 215, in urlopen
return opener.open(url, data, timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/urllib/request.py", line 515, in open
response = self._open(req, data)
^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/urllib/request.py", line 532, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/urllib/request.py", line 492, in _call_chain
result = func(*args)
^^^^^^^^^^^
File "/usr/local/lib/python3.12/urllib/request.py", line 1392, in https_open
return self.do_open(http.client.HTTPSConnection, req,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/urllib/request.py", line 1347, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)>
Cleaning up project directory and file based variables 00:01
ERROR: Job failed: command terminated with exit code 1Edited by Florian Weber