InsecurePlatformWarning when building Docker image

Question

I get this warning when building my Docker image:

/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:79: 
      InsecurePlatformWarning: A true SSLContext object is not available. 
      This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. 
      For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.

Several sources (like InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately) say that pip install pyopenssl ndg-httpsclient pyasn1 will fix this issue. But I get the warning as soon as pip attemps to install pyopenssl.

Here's my Dockerfile:

FROM ubuntu:14.04

# Install packages
RUN apt-get update && apt-get install -y \
    git \
    libmysqlclient-dev \
    mysql-server \
    nginx \
    python-dev \
    python-mysqldb \
    python-setuptools \
    supervisor \
    vim
RUN easy_install pip

# Handle urllib3 InsecurePlatformWarning
RUN apt-get install -y libffi-dev libssl-dev
RUN pip install pyopenssl ndg-httpsclient pyasn1

# ...more

Answer 1

It seems that this warning is expected when running pip: http://github.com/pypa/pip/issues/2681 but as you are installing pyopenssl ndg-httpsclient pyasn1, you won't get warnings when using python requests.

For example, if I build this Dockerfile:

FROM ubuntu:14.04

# Install packages
RUN apt-get update && apt-get install -y \
    git \
    libmysqlclient-dev \
    mysql-server \
    nginx \
    python-dev \
    python-mysqldb \
    python-setuptools \
    supervisor \
    vim
RUN easy_install pip
RUN pip install requests

and then run this inside the container:

root@b2759f79f947:/# python
Python 2.7.6 (default, Jun 22 2015, 17:58:13) 
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.

>>> import requests

>>> url = "https://www.digicert.com/"

>>> r = requests.get(url)

/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:100: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.

  InsecurePlatformWarning

As you can see, I get the warning. But if I add these lines in the Dockerfile:

RUN apt-get install -y libffi-dev libssl-dev
RUN pip install pyopenssl ndg-httpsclient pyasn1

and run the same python commands, I don't get the warning anymore.

If you really don't want the warning when installing pyopenssl, you can set the environment variable: PYTHONWARNINGS="ignore:a true SSLContext object" as suggested here: https://github.com/pypa/pip/pull/3109

Your Dockerfile would then look like this:

FROM ubuntu:14.04

# Install packages
RUN apt-get update && apt-get install -y \
    git \
    libmysqlclient-dev \
    mysql-server \
    nginx \
    python-dev \
    python-mysqldb \
    python-setuptools \
    supervisor \
    vim
RUN easy_install pip

# Handle urllib3 InsecurePlatformWarning
RUN apt-get install -y libffi-dev libssl-dev
ENV PYTHONWARNINGS="ignore:a true SSLContext object"
RUN pip install pyopenssl ndg-httpsclient pyasn1

Another solution would be to upgrade python to 2.7.9