5039: DISABLE_SSL_VERIFICATION in .reviewboardrc does not work

jvolpe

What version are you running?

RB 7.0.3, RBT 5.2

What steps will reproduce the problem?

We use a SSL Certificate issued by our company, with a root certificate installed on the client machine.

  • Using rbt post fails with

ERROR: Could not reach the Review Board server at https://xxxx.com/: The SSL certificate used for "xxxx.com" has an untrusted or self-signed certificate in the chain that cannot currently be verified by RBTools.

  • Using rbt post --disable-ssl-verification will allow use to posty a review
  • Putting DISABLE_SSL_VERIFICATION = True in the repository (project root) .reviewboardrc file does not allow us to post the review - Same error message
  • Putting DISABLE_SSL_VERIFICATION = True in the user local .reviewboardrc file does not allow us to post the review - Same error message

What operating system are you using?

kubuntu 22.04

Attach the debug out from the command.

$ rbt post --parent=RM6960 --debug

>>> RBTools 5.2
>>> Python 3.10.12 (main, Feb  4 2025, 14:57:36) [GCC 11.4.0]
>>> Running on Linux-5.19.0-1025-lowlatency-x86_64-with-glibc2.35
>>> Home = /home/jvolpe
>>> Current directory = /home/jvolpe/Projects/Glider/sentinel-bms-c21
>>> Command line: rbt post --parent=RM6960 --debug
>>> [scan] Checking for available SCMs for /home/jvolpe/Projects/Glider/sentinel-bms-c21...
>>> [scan] Considering all repository types
>>> [scan] Skipping Bazaar: Command line tools (one of ('brz', 'bzr')) are missing.
>>> [scan] Skipping VersionVault / ClearCase: Command line tools ('cleartool') are missing.
>>> [scan] Checking for a CVS repository...
>>> [scan] Checking for a Git repository...
>>> Running: git rev-parse --git-dir
>>> Running: git config --get core.bare
>>> Running: git rev-parse --show-toplevel
>>> [scan] Checking for a Mercurial repository...
>>> Running: hg showconfig
>>> [scan] Skipping Perforce: Command line tools ('p4') are missing.
>>> [scan] Skipping Plastic: Command line tools ('cm') are missing.
>>> [scan] Skipping Cliosoft SOS: Command line tools ('soscmd') are missing.
>>> [scan] Checking for a Subversion repository...
>>> Running: svn --non-interactive info
>>> Command exited with rc=1 (errors ignored): svn --non-interactive info
>>> Command stdout=b''
>>> Command stderr=b"svn: E155007: '/home/jvolpe/Projects/Glider/sentinel-bms-c21' is not a working copy\n"
>>> Running: tf vc help
>>> Command not found (tf vc help)
>>> [scan] Skipping Team Foundation Server: Command line tools (one of ('VS2017+ tf', 'Team Explorer Everywhere tf.cmd', 'Our wrapper (rbt install tfs)')) are missing.
>>> [scan] SCM scan complete. Found git (/home/jvolpe/Projects/Glider/sentinel-bms-c21)
>>> [scan] Verifying repository information...
>>> Running: git rev-parse --git-dir
>>> Running: git config --get core.bare
>>> Running: git rev-parse --show-toplevel
>>> Running: git symbolic-ref -q HEAD
>>> Running: git show-ref --verify refs/remotes/p4/master
>>> Command errored with rc=128: git show-ref --verify refs/remotes/p4/master
>>> Command stdout=b''
>>> Command stderr=b"fatal: 'refs/remotes/p4/master' - not a valid ref\n"
>>> Running: git config --get remote.RM6960.url
>>> Command errored with rc=1: git config --get remote.RM6960.url
>>> Command stdout=b''
>>> Command stderr=b''
>>> [scan] Successfully found repository information: <RepositoryInfo(path='/home/jvolpe/Projects/Glider/sentinel-bms-c21/.git', base_path='', local_path='/home/jvolpe/Projects/Glider/sentinel-bms-c21')>
>>> Making HTTP GET request to https://xxxx.com/api/
Traceback (most recent call last):
  File "/home/jvolpe/.local/lib/python3.10/site-packages/rbtools/api/request.py", line 421, in connect
    return super().connect(*args, **kwargs)
  File "/usr/lib/python3.10/http/client.py", line 1455, in connect
    self.sock = self._context.wrap_socket(self.sock,
  File "/usr/lib/python3.10/ssl.py", line 513, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/lib/python3.10/ssl.py", line 1100, in _create
    self.do_handshake()
  File "/usr/lib/python3.10/ssl.py", line 1371, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/jvolpe/.local/lib/python3.10/site-packages/rbtools/commands/base/commands.py", line 1463, in get_api
    api_root = api_client.get_root()
  File "/home/jvolpe/.local/lib/python3.10/site-packages/rbtools/api/client.py", line 109, in get_root
    return self._transport.get_root(*args, **kwargs)
  File "/home/jvolpe/.local/lib/python3.10/site-packages/rbtools/api/transport/sync.py", line 189, in get_root
    return self._execute_request(HttpRequest(self.server.url))
  File "/home/jvolpe/.local/lib/python3.10/site-packages/rbtools/api/transport/sync.py", line 344, in _execute_request
    rsp = self.server.make_request(request)
  File "/home/jvolpe/.local/lib/python3.10/site-packages/rbtools/api/request.py", line 1496, in make_request
    rsp = self._urlopen(Request(
  File "/home/jvolpe/.local/lib/python3.10/site-packages/rbtools/api/cache.py", line 350, in make_request
    response = LiveHTTPResponse(urlopen(request))
  File "/usr/lib/python3.10/urllib/request.py", line 216, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib/python3.10/urllib/request.py", line 519, in open
    response = self._open(req, data)
  File "/usr/lib/python3.10/urllib/request.py", line 536, in _open
    result = self._call_chain(self.handle_open, protocol, protocol +
  File "/usr/lib/python3.10/urllib/request.py", line 496, in _call_chain
    result = func(*args)
  File "/usr/lib/python3.10/urllib/request.py", line 1391, in https_open
    return self.do_open(http.client.HTTPSConnection, req,
  File "/home/jvolpe/.local/lib/python3.10/site-packages/rbtools/api/request.py", line 477, in do_open
    return super().do_open(RBToolsHTTPSConnection,  # type: ignore
  File "/usr/lib/python3.10/urllib/request.py", line 1348, in do_open
    h.request(req.get_method(), req.selector, req.data, headers,
  File "/usr/lib/python3.10/http/client.py", line 1283, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/lib/python3.10/http/client.py", line 1329, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.10/http/client.py", line 1278, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib/python3.10/http/client.py", line 1038, in _send_output
    self.send(msg)
  File "/usr/lib/python3.10/http/client.py", line 976, in send
    self.connect()
  File "/home/jvolpe/.local/lib/python3.10/site-packages/rbtools/api/request.py", line 428, in connect
    raise ServerInterfaceSSLError(
rbtools.api.errors.ServerInterfaceSSLError: The SSL certificate used for "xxxx.com" has an untrusted or self-signed certificate in the chain that cannot currently be verified by RBTools.

Make sure any necessary certificates in the chain are placed in one of the following locations:

    * /usr/lib/ssl/cert.pem
    * /usr/lib/ssl/certs

You may need to update your root SSL certificates for RBTools by running:

    /usr/bin/python3 -m pip install -U certifi

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/jvolpe/.local/bin/rbt", line 8, in <module>
    sys.exit(main())
  File "/home/jvolpe/.local/lib/python3.10/site-packages/rbtools/commands/main.py", line 214, in main
    command.run_from_argv([RB_MAIN, command_name] + args)
  File "/home/jvolpe/.local/lib/python3.10/site-packages/rbtools/commands/base/commands.py", line 1121, in run_from_argv
    self.initialize()
  File "/home/jvolpe/.local/lib/python3.10/site-packages/rbtools/commands/base/commands.py", line 1030, in initialize
    self.api_client, self.api_root = self.get_api(self.server_url)
  File "/home/jvolpe/.local/lib/python3.10/site-packages/rbtools/commands/base/commands.py", line 1465, in get_api
    raise CommandError(
rbtools.commands.base.errors.CommandError: Could not reach the Review Board server at https://xxxx.com/: The SSL certificate used for "xxxx.com" has an untrusted or self-signed certificate in the chain that cannot currently be verified by RBTools.

Make sure any necessary certificates in the chain are placed in one of the following locations:

    * /usr/lib/ssl/cert.pem
    * /usr/lib/ssl/certs

You may need to update your root SSL certificates for RBTools by running:

    /usr/bin/python3 -m pip install -U certifi

Please provide any additional information below.

#1 jvolpe

user local .reviewboardrc file and repository .reviewboardrc file

  • +
    DISABLE_SSL_VERFICATION = True
    +
    REVIEWBOARD_URL = 'https://xxxx.com/'
    REPOSITORY = 'sentinel-bms'
    DISABLE_SSL_VERFICATION = True
    BRANCH = "master"
    EXCLUDE_PATTERNS = [ '.idea/*', '.run/*', 'SW314315*.*', '*.pdf']
    SQUASH_HISTORY = True
#2 jvolpe

SORRY - IGNORE THIS ALL. When I reviewed the attached .reviewboardrc files I saw the problem - mispelled "DISABLE_SSL_VERIFICATION"

#3 jvolpe

Please delete or clsoe this issue - This was my mistake not a bug.