My Django application is currently running on Python 3.4. I want to move it to 3.6, but I have an issue with SSL certificates.
The same application works perfectly fine on python 3.4. It still works fine with python3.6 within Docker container and on Windows PC. The only problem is with CentOS and RedHat (both 6.5).
My OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013.
Full error:
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)>
What can I do to fix that? The problem is only for python 3.6.0 and python 3.6.1. Python 3.4 works fine with that code.
Related
I am trying to send a request to a REST API using an SSL certificate.
Following is the code snippet I have written:
import requests
import os
url = "https://ip_address/api"
headers = {
'Authorization': 'Bearer bearer_token'
}
path = os.path.join("/","tmp")
response = requests.request("GET", url, headers=headers, verify=os.path.join(path, "certfile.pem"))
print(response.status_code)
print(response.content)
I tried to run this on my local machine in a virtual environment and in the docker container as well. It worked fine.
Following are the configurations on my local machine:
Virtual Environment:
OS: Ubuntu 22.04.1 LTS
Python version: 3.10.6
Docker container:
Python version: 3.10.4
This same script I tried to run on one of the servers and my first colleague's Windows 11 within windows as well as in WSL. It worked fine there too.
Server 1 configurations:
OS: Ubuntu 20.04
Python version: 3.10
Following are the configurations on his machine:
Windows 11:
Python version: 3.9.6
WSL:
OS: Ubuntu 22.04.1 LTS
Python version: 3.10.6
But this same script does not work on the other colleague's machine as well as on the servers.
The following are the configurations on These machines:
Second colleague:
OS: Ubuntu 22.04
Python version: 3.8 and 3.9
Third colleague:
OS: Ubuntu 22.04
Python version: 3.9 and 3.6
Server 2 (QRadar):
OS: RHEL
python version: 3.6
Server 3:
OS: Ubuntu 22.04
Python version: 3.8
In all the above machines we are getting the following error:
requests.exceptions.SSLError: HTTPSConnectionPool(host='xx.xx.xx.xxx', port=443): Max retries exceeded with url: /api/users/self (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))
We have tried to run the script using requests, urllib3, and httpx to figure out why.
Every time the result is the same.
It works with any of these libraries on the machine where it worked the first time.
On the machine where it gave an error, it gives an error with all of these.
What could be the issue here?
I'm having a problem with python package requests-html. When the package is trying to download chromium, I'm getting an error:
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate
(_ssl.c:1056)
It's the same problem as here and it has been resolved for Mac. Any idea how can I fix this on Windows? In case it matters, installing packages with PIP works fine. Windows 8, Python 3.7.
Have you tried using verify=False in your request args?
This should make the request ignore SSL Cerificate requirements.
Our devops recently turned on SSL on our in-house ElasticSearch servers, while our Ubuntu dev boxes are connecting to it fine, but it's causing SSLError on Mac dev boxes (running Django).
SSLError at /search
ConnectionError(EOF occurred in violation of protocol (_ssl.c:590)) caused by: SSLError(EOF occurred in violation of protocol (_ssl.c:590))
What I know so far:
Not limited to El Capitan, also breaks on earlier version
We can connect to other ES service over https, our devops told me our ES service has higher https requirements
Openssl v0.9.8 has handshake problem on the ES service
Openssl v1.0.1 works fine on the ES service
There are many posts online around this problem but none helped.
I have tried:
brew link --force openssl (but EL Capitan is stopping it), none of the solutions worked from Homebrew refusing to link OpenSSL
adding /usr/local/opt/openssl/lib to DYLD_LIBRARY_PATH
upgrading python from 2.7.10 to 2.7.12
rebuilding virtualenv
None of the above worked...
Questions:
Is it due to OpenSSL version?
Is it due to Python version due to _ssl.c?
How do I fix this?
Finally nailed it, basically you will have to install Python that has updated openssl
check in Python cmd
import ssl
print ssl.OPENSSL_VERSION
It should print 0.9.x
Now to update:
brew install openssl, don't worry about the linking if it rejects, make sure it's >=1.x.x
'brew install python --with-brewed-openssl`
recreate virtualenv by specifying the brewed version of Python, eg. mkvirtualenv --python=/usr/.../Cellar/python/bin/python <project>
I am trying to upload a new python project from my mac to PyPI via:
python setup.py sdist upload -r pypi
When I try to upload a package, I get the following error on OSX:
Submitting dist/PyTreasuryDirect-0.1.0.tar.gz to https://pypi.python.org/pypi
error: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>
This question is slightly related to these two questions, ssl with pip and when importing the ssl library. However I need setup.py to work in my case, how can I get past this ssl error?
I also get the same error on Python 2.7.9 and Python 3.5 using OSX 10.10.2 (14C109)
The solution for OS X 10.10 is to use its default Python version 2.7.6.
This problem is related to the fact that starting from Python version 2.7.9 certificate validation for stdlib http clients is enabled by default (PEP 476). This issue is described in Python bug tracker.
I am using the python stack on Heroku and am trying to use the requests library to access an https API that uses TLS 1.2
I have got thing working on my local environment by upgrading openssl to 1.0.1 and I need to do the same thing in my Heroku environment.
Here is the error in Heroku and I've confirmed that the openssl version is OpenSSL 0.9.8k 25 Mar 2009
requests.exceptions.SSLError: [Errno bad handshake] [('SSL routines', 'SSL23_GET_SERVER_HELLO', 'sslv3 alert handshake failure')]
Is there a python buildpack that can support this? It looks like there is a ruby buildpack, but I haven't seen it verified to work OpenSSL 1.0.1 on Heroku
I tried to mimic that behavior, but don't really know what I'm doing with a fork of the standard python buildpack.
Thanks!
Cedar-14, has OpenSSL 1.0.1f. Heroku-16, the most recent Heroku stack, has OpenSSL 1.0.2g. Stack package details
The upgrade guide is here:
https://devcenter.heroku.com/articles/cedar-14-migration