Mattermost, Inc.

SSL problem GitLab webhook

Hi all,

I’m trying to set up a webhook so we get a message whenever a comment or a merge request are added.

Based on the instructions here I created my own docker container.

This is the Dockerfile

FROM python:2.7.11

MAINTAINER "David "

RUN pip install git+https://github.com/NotSqrt/mattermost-integration-gitlab

EXPOSE 5000

ENTRYPOINT mattermost_gitlab $MATTERMOST_WEBHOOK_URL

When I connect GitLab with this container and click on Test webhook it seems to work OK,

I see the following on the log:

10.0.0.19 - - [30/May/2016 15:48:02] "POST /new_event HTTP/1.1" 200 -

However, when I add an actual comment it fails and I see the following:

Traceback (most recent call last):
  File "/usr/local/lib/python2.7/site-packages/mattermost_gitlab/server.py", line 46, in new_event
    post_text(text)
  File "/usr/local/lib/python2.7/site-packages/mattermost_gitlab/server.py", line 92, in post_text
    resp = requests.post(app.config['MATTERMOST_WEBHOOK_URL'], headers=headers, data=json.dumps(data))
  File "/usr/local/lib/python2.7/site-packages/requests/api.py", line 109, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/requests/api.py", line 50, in request
    response = session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/requests/adapters.py", line 433, in send
    raise SSLError(e, request=request)
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
10.0.0.19 - - [30/May/2016 15:53:35] "POST /new_event HTTP/1.1" 200 -

To give you some more information, Mattermost is behind a reverse proxy.

What am I doing wrong?

Many thanks.

Looks like the webhook is trying to connect to the server but it is using a self signed certificate. If your OK with it being insecure you can set the option “Enable Insecure Outgoing Connections” under “Service Settings” to true. Otherwise you need to setup a proper SSL certificate.

We have a proper certificate. However, our CA (Comodo) doesn’t seem to be whitelisted, or at least it’s not being picked up correctly.

I got some information on the webhook’s GitHub and made it work in the end.

Thanks.