Opened 7 years ago
Closed 7 years ago
#55908 closed defect (worksforme)
python27 @2.7.14: urlopen() with HTTPS fails with CERTIFICATE_VERIFY_FAILED
Reported by: | artmatsak (Art Matsak) | Owned by: | jmroot (Joshua Root) |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | ports | Version: | 2.4.2 |
Keywords: | Cc: | ||
Port: | python27 |
Description
macOS High Sierra 10.13.3. Running the simple Python script below fails with the CERTIFICATE_VERIFY_FAILED
error. It doesn't matter what URL is used as long as it's an HTTPS one.
from urllib2 import urlopen urlopen('https://www.google.com/').read()
Change History (8)
comment:1 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)
Owner: | set to jmroot |
---|---|
Status: | new → assigned |
comment:2 Changed 7 years ago by artmatsak (Art Matsak)
Hm, are there any checks I can run to get to the bottom of this? I suspect that the CA certificates are not installed or accessible to python27. Apple's Python is OK.
comment:3 Changed 7 years ago by jmroot (Joshua Root)
Do you have /opt/local/etc/openssl/cert.pem
? If not you can install certsync (to use the system certs) or curl-ca-bundle.
comment:4 Changed 7 years ago by artmatsak (Art Matsak)
/opt/local/etc/openssl/cert.pem
is there. Could it be that Python is looking for the CA certificates in wrong locations?
comment:5 Changed 7 years ago by jmroot (Joshua Root)
There may be some environment variables or other configuration that affect where the ssl module will load CA certificates from. You can check if it's finding any certs with something like this:
import ssl s = ssl.SSLContext(ssl.PROTOCOL_SSLv23) s.load_default_certs() s.cert_store_stats()
For me, the cert_store_stats() call returns:
{'x509': 133, 'x509_ca': 133, 'crl': 0}
comment:6 Changed 7 years ago by neverpanic (Clemens Lang)
See also https://stackoverflow.com/questions/49029035/urllib2-in-macports-python-2-7-14-fails-with-certificate-verify-failed, so it's not an OpenSSL problem.
comment:7 Changed 7 years ago by artmatsak (Art Matsak)
I desperately needed my Ansible scripts to work so I went ahead and installed Python 2.7.14 from https://www.python.org/downloads/mac-osx/. This somehow fixed the certificate problem with the MacPorts Python, too, even though I have now removed the python.org stuff from my machine. So everything is now working, although I still don't understand what the original issue was.
comment:8 Changed 7 years ago by jmroot (Joshua Root)
Resolution: | → worksforme |
---|---|
Status: | assigned → closed |
I don't know what the problem could have been either, unless you were somehow not actually running the python from MacPorts to begin with.
Works for me.