AWS IOT endpoint appears insecure
RobertP09 opened this issue · 3 comments
Confirm by changing [ ] to [x] below to ensure that it's a bug:
- I've gone though Developer Guide and API reference
- I've searched for previous similar issues and didn't find any solution
Describe the bug
When boto3 reaches out to IOT endpoint I get an unsecure connection from AWS. Endpoint is here: Unsecure, but the other region shows secure secure
SDK version number
latest
Platform/OS/Hardware/Device
What are you running the sdk on?
Development is on a Mac, issue only occurs when in production
To Reproduce (observed behavior)
Steps to reproduce the behavior (please share code)
Expected behavior
Reach endpoint without needing to skip SSL verification
Logs/output
"botocore.exceptions.SSLError: SSL validation failed for https://data.iot.us-west-2.amazonaws.com/things/xxxx/shadow [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1124)",
zenbath-chalice - ERROR - Caught exception for <function change_settings at 0x7fd9c460fca0>
Traceback (most recent call last):
File "/var/task/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/var/task/urllib3/connectionpool.py", line 382, in _make_request
self._validate_conn(conn)
File "/var/task/urllib3/connectionpool.py", line 1010, in validate_conn
conn.connect()
File "/var/task/urllib3/connection.py", line 411, in connect
self.sock = ssl_wrap_socket(
File "/var/task/urllib3/util/ssl.py", line 428, in ssl_wrap_socket
ssl_sock = ssl_wrap_socket_impl(
File "/var/task/urllib3/util/ssl.py", line 472, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/var/lang/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/var/lang/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/var/lang/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1124)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/var/task/botocore/httpsession.py", line 254, in send
urllib_response = conn.urlopen(
File "/var/task/urllib3/connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "/var/task/urllib3/util/retry.py", line 506, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/var/task/urllib3/packages/six.py", line 734, in reraise
raise value.with_traceback(tb)
File "/var/task/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/var/task/urllib3/connectionpool.py", line 382, in _make_request
self._validate_conn(conn)
File "/var/task/urllib3/connectionpool.py", line 1010, in validate_conn
conn.connect()
File "/var/task/urllib3/connection.py", line 411, in connect
self.sock = ssl_wrap_socket(
File "/var/task/urllib3/util/ssl.py", line 428, in ssl_wrap_socket
ssl_sock = ssl_wrap_socket_impl(
File "/var/task/urllib3/util/ssl.py", line 472, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/var/lang/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/var/lang/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/var/lang/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1124)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/var/task/chalice/app.py", line 1135, in _get_view_function_response
response = view_function(**function_args)
File "/var/task/chalicelib/utils/auth.py", line 124, in func_wrapper
res = func(**kwargs)
File "/var/task/chalicelib/utils/auth.py", line 48, in validate_invoke
return func(*args, **kwargs)
File "/var/task/chalicelib/controllers/device.py", line 227, in change_settings
return device.change_shadow(device_blueprint.current_request.json_body)
File "/var/task/shine/services/device.py", line 86, in change_shadow
response = iot_data_plane.update_thing_shadow(
File "/var/task/botocore/client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/var/task/thundra/integrations/modules/botocore.py", line 27, in _wrapper
return INTEGRATIONS['default'].run_and_trace(
File "/var/task/thundra/integrations/base_integration.py", line 68, in run_and_trace
raise exception
File "/var/task/thundra/integrations/base_integration.py", line 40, in run_and_trace
response = self.actual_call(wrapped, args, kwargs)
File "/var/task/thundra/integrations/base_integration.py", line 73, in actual_call
return wrapped(*args, **kwargs)
File "/var/task/botocore/client.py", line 662, in _make_api_call
http, parsed_response = self._make_request(
File "/var/task/botocore/client.py", line 682, in _make_request
return self._endpoint.make_request(operation_model, request_dict)
File "/var/task/botocore/endpoint.py", line 102, in make_request
return self._send_request(request_dict, operation_model)
File "/var/task/botocore/endpoint.py", line 136, in _send_request
while self._needs_retry(attempts, operation_model, request_dict,
File "/var/task/botocore/endpoint.py", line 253, in _needs_retry
responses = self._event_emitter.emit(
File "/var/task/botocore/hooks.py", line 356, in emit
return self._emitter.emit(aliased_event_name, **kwargs)
File "/var/task/botocore/hooks.py", line 228, in emit
return self._emit(event_name, kwargs)
File "/var/task/botocore/hooks.py", line 211, in _emit
response = handler(**kwargs)
File "/var/task/botocore/retryhandler.py", line 183, in call
if self._checker(attempts, response, caught_exception):
File "/var/task/botocore/retryhandler.py", line 250, in call
should_retry = self._should_retry(attempt_number, response,
File "/var/task/botocore/retryhandler.py", line 277, in _should_retry
return self._checker(attempt_number, response, caught_exception)
File "/var/task/botocore/retryhandler.py", line 316, in call
checker_response = checker(attempt_number, response,
File "/var/task/botocore/retryhandler.py", line 222, in call
return self._check_caught_exception(
File "/var/task/botocore/retryhandler.py", line 359, in _check_caught_exception
raise caught_exception
File "/var/task/botocore/endpoint.py", line 200, in _do_get_response
http_response = self._send(request)
File "/var/task/botocore/endpoint.py", line 269, in _send
return self.http_session.send(request)
File "/var/task/botocore/httpsession.py", line 281, in send
raise SSLError(endpoint_url=request.url, error=e)
botocore.exceptions.SSLError: SSL validation failed for https://data.iot.us-west-2.amazonaws.com/things/xxx/shadow [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1124)
Your best bet to get this looked at may be to create an issue on the botocore repository: https://github.com/boto/botocore
⚠️ COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.