StarCluster - Mailing List Archive

Re: StarCluster 0.92.1 Released!

From: Justin Riley <no email>
Date: Sun, 06 Nov 2011 12:34:20 -0500

Hash: SHA1

Hi Paolo,

Excellent, glad that fixed it for you.

Concerning StarCluster versions, there's no need to uninstall
StarCluster 0.92, simply running "easy_install StarCluster" should
install and use the new version.

In case you're interested, here's a little background on the boto https
certificate validation problem:

In reality https_validate_certificates *should* be True by default (even
without a boto user config) for improved security, however, certificate
validation in boto isn't as robust as it needs to be at the moment (see This is why
boto upstream has it set to False by default in order to avoid those
issues for now. To make matters worse, the cacerts.txt file needed for
validation was also left out of the boto 2.0 release by accident which
is directly causing the error you encountered. This file has been
restored in the latest 2.1.1 version of boto, however, I just tested and
certificate validation still fails:

InvalidCertificateException: Host returned an invalid
certificate (remote hostname "" does not match
certificate): {'notAfter': 'Oct 7 23:59:59 2013 GMT', 'subject':
((('countryName', u'US'),), (('stateOrProvinceName', u'Washington'),),
(('localityName', u'Seattle'),), (('organizationName', u'
Inc.'),), (('commonName', u''),))

According to
this is due to:

"Note: Currently, there is an issue connecting to EC2 services using
boto with host name verification enabled. The client connecting will be
redirect, for example from to The python SSL library does not seem to
support the X509v3 Subject Alternative Name fields (even though the
documentation mentions a subjectAltName, this seems to be not of the
x509v3 kind) - verification with the openssl s_client shows that is indeed mentioned on the certificate.

The only solution at the moment seems to be trying to connect to the
host directly where the hostname is presented as the commonName. This
patch hopefully will tip more people in the right direction when they
are looking for errors."


On 11/6/11 11:59 AM, Paolo Di Tommaso wrote:
> Hi Justin,
> Bingo! you are right. I've changed https_validate_certificates to false
in the ~/boto file and now it is working! Thanks.
> About the StarCluster version, I had the 0.92 release installed on my
machine before install the latest one.
> Do you suggest to remove it before installing the 0.92.1 version? Is
there a procedure to uninstall StarCluster? I haven't found it.
> Cheers,
> Paolo
> On Nov 6, 2011, at 5:41 PM, Justin Riley wrote:
>> Hi Paolo,
>> I'm having trouble reproducing this issue on Mac OSX 10.6.8 using a
>> fresh virtual environment on Python 2.7.1. I noticed the screen output
>> you sent is for the latest 0.92.1 version, however, the crash reports
>> you sent are from version 0.92. Do you have the same issue with both
>> 0.92.1 and 0.92 versions on OSX Lion?
>> Also, after a bit of research this error usually occurs if you have
>> https certificate validation enabled. Looking at the code for boto 2.0
>> (the current version of boto that StarCluster uses) it appears this can
>> *only* be enabled using a boto config file as far as I can tell
>> although I could be wrong.
>> Do you by chance have either /etc/boto.cfg or $HOME/.boto config files
>> on your mac?
>> ~Justin
>> On Sun Nov 6 06:54:28 2011, Paolo Di Tommaso wrote:
>>> Hi Justin, Thanks for that.
>>> I've installed it on Mac OSX Lion (10.7.2) but I get the following
>>> error on start and listclusters (the only ones I've tried)
>>> $ starcluster start -c basic 2node
>>> StarCluster - ( (v. 0.92.1)
>>> Software Tools for Academics and Researchers (STAR)
>>> Please submit bug reports to
>>> <>
>>> !!! ERROR - Unable to connect: [Errno 185090050] _ssl.c:336:
>>> error:0B084002:x509 certificate
>>> routines:X509_load_cert_crl_file:system lib
>>> !!! ERROR - Check your internet connection?
>>> I've attached the crash reports.
>>> Thank,
>>> Paolo
>> _______________________________________________
>> StarCluster mailing list

Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla -

Received on Sun Nov 06 2011 - 12:34:24 EST
This archive was generated by hypermail 2.3.0.


Sort all by: