Looking for some information regarding an SSL error while trying to get an auth token via box.net api v2.0.

I'm using Python 2.7, OpenSSL 1.0.1c, and the requests library.

    payload = {"action":"get_auth_token", "api_key":self.box_apikey, "ticket":self.box_ticket['status'], "verify":False}
    r = requests.get(self.box_secure_endpoint+"rest", params=payload)
  File "/usr/lib/python2.7/site-packages/requests/api.py", line 65, in get
    return request('get', url, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/safe_mode.py", line 39, in wrapped
    return function(method, url, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/api.py", line 51, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 241, in request
    r.send(prefetch=prefetch)
  File "/usr/lib/python2.7/site-packages/requests/models.py", line 641, in send
    raise SSLError(e)
requests.exceptions.SSLError: _ssl.c:316: Invalid SSL protocol variant specified.

Note:

• I'm also looking deeper into the requests lib to see if there is some sort of work around of SSL ver request feature.
• If I'm not mistaken, the second bit in a SSL cert should indicate the SSL version.

You're seeing this error because you're sending in the verify argument as a URL parameter in the request, i.e. the actual URL you're hitting is

https://api.box.com/1.0/rest?action=get_auth_token&api_key=APIKEY&ticket=ticket&verify=False

verify should be sent in as a keyword argument with the actual call to the requests get function i.e.

r = requests.get(self.box_secure_endpoint+"rest", params=payload, verify=True)

The issue lead to verifying server ssl version support (explicity ssl.PROTOCOL_SSLv3 | http://docs.python.org/2.7/library/ssl.html#ssl.wrap_socket).

I'm going to forward the request to the lib devs or create a patch to enable the functionality of explicitly specifying the protocol.

Thanks for your help. :)