Variety

Why does Variety try to establish unsecure connections?

Asked by Dark.Crow

In my logging i see python complain about established connections to website addresses not being secure as in SSL. This is actually a vulnerability as a sniffer can setup a man in the middle attack on these connections by satisfying the request.

 - Not trying to nag here, just curious. ;-)

I disabled the warning by commenting out the paragraph in the complaining python script and stopped using the websites for grabbing wallpapers. Now i only use my own pictures.

the python script: as also what its reporting in the logging

line 851 in .local/lib/python2.7/site-packages/urllib3/connectionpool.py

# if not conn.is_verified:
# warnings.warn((
# 'Unverified HTTPS request is being made. '
# 'Adding certificate verification is strongly advised. See: '
# 'https://urllib3.readthedocs.io/en/latest/advanced-usage.html'
# '#ssl-warnings'),
# InsecureRequestWarning)

I also tried to install certification using 'pip install certifi' and did that also against urllib3 and although that gave a successful notion, the connectionpool script kept nagging about better setting up a SLL connection with the proper certificates installed.

I hope this will help in future development of your fantastic and beautiful product.

Kind regards!

----

To answer to my own question,

I stumbled upon this python module: python-urlgrabber, i installed it, restarted Variety and the warning is gone.

this question is now answered and solved.

Question information

Language:
English Edit question
Status:
Expired
For:
Variety Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Launchpad Janitor (janitor) said : 		#1

This question was expired because it remained in the 'Open' state without activity for the last 15 days.