[satosa-users] MDQ ssl handshake issues

Hi Satosa Users List, Firstly, I think my registration for this email list is still pending (or emails are being swallowed by a spam filter somewhere…) is anyone able to approve? Otherwise, maybe there’s simply no traffic :) I’m hitting an issue when coming back from my discovery service (PyFF) to Satosa. At the point where Satosa looks up the IdP/SP in PyFF it fails with a bad SSL handshake. Satosa is running with Docker, as is PyFF. Specific error: requests.exceptions.SSLError: HTTPSConnectionPool(host='pyff.cern.ch< http://pyff.cern.ch>', port=443): Max retries exceeded with url: /entities/%7Bsha1%7Dbf0f1310cb092e88484def3c53613f8a10ebde3d (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),)) I imagine this is because my PyFF instance is running with a certificate that is not publicly trusted. I’ve manually added the certificate to the SSL store in the Satosa docker container (and am able to connect with docker exec satosa_container openssl s_client -connect pyff.cern.ch:443<http://pyff.cern.ch:443> ), but am still hitting an exception in the Satosa code. Has anyone come across this? Is there a way to specify additional trusted CAs, or request that the MDQ lookup be more lenient (for testing purposes)?