JIRA Python Connection Over HTTPS

I just upgraded the JIRA Python module from 0.32 to 1.0.7. (Duplicated the virtenv first, then did the upgrade.) My main JIRA Python script connects to our JIRA server over HTTPS, but, because it uses a cert signed by our internal CA, I have it disable verification. When I run the script, I get a bunch of these warnings:

/Users/foo/python-virtualenvs/new-jira-ve/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py:843: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)

Longterm, I would like to figure out how to add our internal CA to whatever CA store that the validator is using, but for the time being, I'd just like to turn off these warnings. Going to the urllib3 URL explains how to fix the problem, but if I add 

import urllib3
urllib3.disable_warnings()

to my script, I still get the above warnings.

Judging from the path of the above warning, I suspect that the JIRA module is using requests, which is using an embedded urllib3 module. Is there a way to pass call the disable_warnings() method from the embedded-in-requests urllib3 library or is there a better way to handle this? 

(And even better, anyone have a suggestion for how to tell the validator to use our internal-only CA cert to validate the connection to our JIRA server?) 

2 answers

1 accepted

Don't know about squelching the warnings yet, but for being able to provide our own CA cert, I can use the REQUESTS_CA_BUNDLE environmental variable and point it to the CA cert PEM file as such:

REQUESTS_CA_BUNDLE=~/CAfile.pem ./script.py

Of course, that pulls the thread a little further, with urllib3 now complaining about the server cert missing SubjectAltName, but I know how do deal with that... 

Still, I'd like to know how to squelch the warnings or even better, do what REQUESTS_CA_BUNDLE is doing, but from within my script so that I won't have to remember to use this envvar every time.

Having a conversation with myself here, but since I keep coming across this page when searching for other solutions, I might as well share my solution here.

http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification

That above line to the requests 2.13.0 documentation explains that you can set the verify parameter to True, False, or the path to the CA bundle

Huh. The JIRA object can be passed an options dict. They pydoc for JIRA defines verify:

 * verify -- Verify SSL certs. Defaults to ``True``.

I had been using that to turn off server cert validation, so it was already set to False. For shiggles, I tried setting it to the path to my CA's cert file:

jira = JIRA(options={'server':'https://jira.example.org', 'verify':'/path/to/ca.crt'}, basic_auth=(user, password))

Viola! It worked! I now have a verified secure connection to my JIRA server using a cert signed by my internal CA.

Thank you for your

a conversation with myself

For an test env I just used

'verify':False

not for productive env but helpful fora test .

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

3,111 views 13 19
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot