New submission from Aivar Annamaa <aivar.anna...@gmail.com>:
In one of my Windows 10 computers I'm not able to urlopen sites which use R3
certificates. The same is reported by several of the users of my software.
Following is taken from a session in the fresh IDLE 3.10 in up-to date Windows
10:
Python 3.10.0 (tags/v3.10.0:b494f59, Oct 4 2021, 18:46:30) [MSC v.1929 32 bit
(Intel)] on win32
Type "help", "copyright", "credits" or "license()" for more information.
>>> from urllib.request import urlopen
>>> urlopen("https://openssl.org";)
Traceback (most recent call last):
File "C:\Python310-32\lib\urllib\request.py", line 1348, in do_open
h.request(req.get_method(), req.selector, req.data, headers,
File "C:\Python310-32\lib\http\client.py", line 1276, in request
self._send_request(method, url, body, headers, encode_chunked)
File "C:\Python310-32\lib\http\client.py", line 1322, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "C:\Python310-32\lib\http\client.py", line 1271, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "C:\Python310-32\lib\http\client.py", line 1031, in _send_output
self.send(msg)
File "C:\Python310-32\lib\http\client.py", line 969, in send
self.connect()
File "C:\Python310-32\lib\http\client.py", line 1448, in connect
self.sock = self._context.wrap_socket(self.sock,
File "C:\Python310-32\lib\ssl.py", line 512, in wrap_socket
return self.sslsocket_class._create(
File "C:\Python310-32\lib\ssl.py", line 1070, in _create
self.do_handshake()
File "C:\Python310-32\lib\ssl.py", line 1341, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate
verify failed: certificate has expired (_ssl.c:997)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<pyshell#1>", line 1, in <module>
urlopen("https://openssl.org";)
File "C:\Python310-32\lib\urllib\request.py", line 216, in urlopen
return opener.open(url, data, timeout)
File "C:\Python310-32\lib\urllib\request.py", line 519, in open
response = self._open(req, data)
File "C:\Python310-32\lib\urllib\request.py", line 536, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
File "C:\Python310-32\lib\urllib\request.py", line 496, in _call_chain
result = func(*args)
File "C:\Python310-32\lib\urllib\request.py", line 1391, in https_open
return self.do_open(http.client.HTTPSConnection, req,
File "C:\Python310-32\lib\urllib\request.py", line 1351, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: certificate has expired (_ssl.c:997)>
In the same session, requests works fine:
>>> import requests
>>> requests.get("https://openssl.org";)
<Response [200]>
It's really weird, that in my another Windows 10, also 64-bit, having same
state of updates, using same version of Python 3.10, connected to the same
network -- everything works fine. Neither of the computers use any extra
network middleware or proxies.
In both computers Chrome and Firefox are happy with the certificate of
https://openssl.org
Same applies to Python 3.7
It must be somehow related to
https://www.fortinet.com/blog/psirt-blogs/fortinet-and-expiring-lets-encrypt-certificates
----------
messages: 403208
nosy: aivarannamaa
priority: normal
severity: normal
status: open
title: Unwarranted "certificate has expired" when urlopen-ing R3 sites
versions: Python 3.10, Python 3.7
_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue45372>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
