Hi All,
I ran into an error I, so far, cannot explain regarding Python's general
ability to communicate via SSL/TLS.
I'm using Python a lot to communicate with web servers and APIs, which
worked just fine until yesterday (or somewhen late last week).
I first noticed yesterday, when a requests-based call to a local web server
with a self-signed certificate failed. No worries, I thought, passing the
"verify=False" parameter to the request fixed the issue.
Later on I used the same call to a public web server with a valid,
CA-signed certificate and got the same error:
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate
(_ssl.c:1123)'))
That caused me to stop and try simple calls like
import requests
resp = requests.request('GET', 'https://www.nytimes.com/')
to fail alike. And I surely would not turn off certificate verification to
public websites.
First assuming a network connection problem I tried curl, openssl or a web
browser, all worked fine. Only Python fails.
I checked the installed certificate bundle, all correct and even upgraded
it to the latest version. No effect. I replaced it with the one curl is
using and that curl managed to verify the cert with. No effect.
By that time I was using a Python 3.7.9 installation on Windows 10 that ran
fine for months (and also before upgrading to 3.7.9).
I tried upgrading certifi and requests to the latest versions, which also
caused the same SSLError, so I downloaded the wheel packages and forced a
local upgrade - to no help.
After that I deleted the whole Python installation directory and replaced
it with a backup copy of a known-working version from a month ago. The
error kept appearing.
I then uninstalled Python completely, rebooted and installed Python 3.9.1,
downloaded from python.org.
The first to commands to issue were:
C:\Users\Carlos>python -V
Python 3.9.1
C:\Users\Carlos>pip list
Package Version
---------- -------
pip 20.2.3
setuptools 49.2.1
Could not fetch URL https://pypi.org/simple/pip/: There was a problem
confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org',
port=443): Max retries exceeded with url: /simple/pip/ (Caused by
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate
(_ssl.c:1123)'))) - skipping
So there went my theory of the requests module... It already happens with
the Python base installation (urllib3?). Obviously a freshly installed
Python with no modifications and no other modules installed fails to verify
each and every certificate.
I can rule out network errors as other machines using the same Internet
breakout work just fine with the same code. And it happens using a web
proxy and using no web proxy at all.
Aunty Google always tells me to set "verify=False" but that can't be the
solution for *this* problem. Unfortunately I have no idea where to look
next - not with a fresh installation failing.
Does anybody have a useful pointer for me? TIA!
Regards,
Carlos
--
https://mail.python.org/mailman/listinfo/python-list
