I have this small Dockerfile
FROM alpine:3.3
RUN apk --update add python
CMD ["python", "-c", "import urllib2; response = urllib2.urlopen('https://www.python.org')"]
Building it with docker build -t alpine-py/01 .
and then running it with docker run -it --rm alpine-py/01
creates the following output
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 1240, in https_open
context=self._context)
File "/usr/lib/python2.7/urllib2.py", line 1197, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>
Yesterday I got bitten by the recent OpenSSL 1.0.2g release, which caused py-cryptograpy
to not compile. Luckily the guys from py-cryptography
released a new version on PyPI a couple of hours later. The issue was that a function in OpenSSL got a new signature.
Could this be related or am I missing something?
You need to install ca-certificates to be able to validate signed certs by public CAs:
FROM alpine:3.3
RUN apk --no-cache add python ca-certificates
CMD ["python", "-c", "import urllib2; response = urllib2.urlopen('https://www.python.org')"]
You will need to upgrade Alpine as libssl needs to be upgraded with a patch
FROM alpine:3.3
RUN apk -U upgrade && \
apk -U add python ca-certificates && \
update-ca-certificates
CMD ["python", "-c", "import urllib2; response = urllib2.urlopen('https://www.python.org')"]
apk -U upgrade will upgrade these:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.