Nagstamon – Python OpenSSL certificate validation

nagstamon_header_logoWhen I try to connect to my monitoring system with desktop widget Nagstamon, Nagstamon was not able to connect due to SSL certificate validation problem. I’m using certificate from CAcert.org.

After a while of hacking I have found this workaround in source code. This is the wrong way:

+        # necessary for Python-2.7.9-ssl-support-fix https://github.com/HenriWahl/Nagstamon/issues/126
+        if sys.version_info >= (2, 7, 9):
+            try:
+                self.https_handler = urllib2.HTTPSHandler(context=ssl._create_unverified_context())
+            except:
+                self.https_handler = urllib2.HTTPSHandler()
+        else:
+            self.https_handler = urllib2.HTTPSHandler()
+

Here is working solution.

mkdir ssl/
cd ssl/
wget -O root.crt http://www.cacert.org/certs/root.crt
for i in *.crt; do \
    ln -s $i `openssl x509 -noout -issuer_hash -in $i`.0; \
done
c_rehash . # standard OpenSSL command, see https://www.openssl.org/docs/apps/c_rehash.html
cd .

And now set OpenSSL environent variable to the correct path (where you store CA cert):

export SSL_CERT_DIR=ssl/
python ./nagstamon.py

Happy monitoring! Hoping you are using valid OpenSSL certificate. :-)

Issue on GitHub: https://github.com/HenriWahl/Nagstamon/issues/126

My pull request:  https://github.com/HenriWahl/Nagstamon/pull/134