Comments (9)
Thanks for the detailed description of what is going wrong. We're looking into reproducing this, and I'll get back to you when I have more information.
In the meantime, does turning off SSL verification by setting braintree.Configuration.use_unsafe_ssl = True
stop the error from occurring?
from braintree_python.
Yes, use_unsafe_ssl
stops the error, though it does of course introduce a pretty awful security hole.
from braintree_python.
I've successfully reproduced the issue locally.
It looks like pycurl might be able to work for us. I'll look into supporting swapping it in for M2Crypto in the Python client library and keep you posted.
from braintree_python.
Thank you.
A heads-up regarding pycurl: It is not a pure-python library, which means we won't be able to use it when we migrate to Google App Engine. When that time comes (probably in about 4 months) we will need another option. We are preparing our own code for this in two ways:
- We have a generic http/https fetcher interface which currently calls pycurl but could easily call python's standard urllib2 or App Engine's urlfetch service instead, without affecting the rest of our application.
- For third-party libraries that expose a pluggable http fetcher system (e.g. openid) we implement our own fetcher plugin for the library to use.
from braintree_python.
Hi foresto,
Just wanted to give you an update on my progress so far. I've completed the switch from M2Crypto to PycURL in our code base, and so the change should be included in our next release.
Regarding your Google App Engine migration, do you know of a way to verify SSL certificates on that platform? My initial research seems to show that they don't support it [1], but perhaps you know of a workaround?
I'll update this issue again once we've released the new version,
Paul
[1] http://code.google.com/appengine/docs/python/urlfetch/overview.html#Secure_Connections_and_HTTPS
from braintree_python.
Thanks for the good news, Paul. By the way, you'll probably want to pay attention to the NOSIGNAL option when using pycurl, to keep your API safe for use with threaded code. In my own pycurl wrapper, I use setopt( pycurl.NOSIGNAL, 1)
when instantiating a Curl object.
App Engine's urlfetch service does not yet verify SSL certificates. It's an open issue in their bug tracker for now, but I don't expect that to last for long. They have been filling in missing pieces every couple of months, paying particular attention to features that enable common classes of application. For example, https on custom domain names was an open issue until recently, and is now on their roadmap for an end-of-year release. App Engine for Business is driving some of this work forward.
In the mean time, we're preparing our application so we can make the switch in production as soon as possible. As long as Braintree's API continues to work on App Engine (it currently does so with use_unsafe_ssl) we can continue using it in our new code. Certificate verification isn't really needed while we're still porting and testing.
from braintree_python.
Thanks for the additional information, foresto. Version 2.6.0 of the client library is now available, which uses PycURL for SSL verification, and should take care of this issue. Let us know if you run into any troubles with SSL verification in the new version.
from braintree_python.
Update: It looks like App Engine release 1.4.2 added server certificate validation. References:
http://code.google.com/p/googleappengine/issues/detail?id=3400#c5
http://code.google.com/appengine/docs/python/urlfetch/overview.html#Secure_Connections_and_HTTPS
from braintree_python.
Thanks for the heads up. We'll take a look and see if we can use an SSL verification strategy that will work with GAE.
from braintree_python.
Related Issues (20)
- gateway.transaction.find raises a TypeError when initialised with client_id and secret HOT 2
- Respect the requests_ca_bundle environment variable HOT 2
- Transaction using nonce fails but payment method gets vaulted with option "store_in_vault_on_success" HOT 1
- Is this library thread-safe? HOT 3
- Connection pooling HOT 3
- Module fails on import HOT 1
- TypeError: can only concatenate str (not "NoneType") to str HOT 1
- Braintree created subscription not showing in sandox account HOT 3
- Print transactions in JSON format HOT 4
- Headers provided by braintree http util contain mixture of str/bytes HOT 2
- Remove universal wheel, python 2 is unsupported HOT 2
- Use python_requires='>=3.5' HOT 2
- Paypal credit
- strings with special regex characters are causing a DeprecationWarning HOT 3
- Include updated_at field in TransactionSearch HOT 2
- Go SDK + CloudQuery source plugin? HOT 1
- Can't upgrade to Braintree 4.18.1 / Python 3.10.9 (DeprecationWarning: Use ProtectionLevel enum instead) HOT 11
- braintree python sdk support initWithAuthorization/initWIthAPIClient like iOS SDK and receive client token as argues? HOT 1
- Unittest failures on Python 3.12 HOT 1
- Expose error details in "UnexpectedException" in Python library HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from braintree_python.