Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI: certificate verify failed: self signed certificate #155

Open
jean opened this issue Jan 2, 2020 · 3 comments
Open

CI: certificate verify failed: self signed certificate #155

jean opened this issue Jan 2, 2020 · 3 comments

Comments

@jean
Copy link
Contributor

jean commented Jan 2, 2020

tests/test_anyio.py::test_https_get has been failing since last October with:

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1051)

Is this related? #134
@nocturn9x
Copy link

I am getting a similar error while trying to connect to https://api.telegram.org.
The weird thing is that when I tried again with a minimal example to https://www.google.com/ I got a different error, which got me confused. Below some more details

First Try - Telegram API

This code would throw ssl.SSLCertVerificationError even with a custom ssl_context (e.g. ssl.create_default_context()) or with verify=False (which is indeed weird, but I couldn't figure out why this parameter is ignored by reading the library source code)

data = {"offset": 0, "timeout": 15, "limit": 100, "allowed_updates": []}
response = await asks.post(f"https://api.telegram.org/bot{self.token}/getUpdates", params=data)

Full Traceback

[DEBUG - 09/03/2020 18:07:21 PM] Starting authorization
Traceback (most recent call last):
  File "/Users/mattia/Desktop/PyTG/test.py", line 8, in <module>
    bot.start()
  File "/Users/mattia/Desktop/PyTG/PyTG/bot.py", line 212, in start
    trio.run(self._authorize_bot)
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/trio/_core/_run.py", line 1804, in run
    raise runner.main_task_outcome.error
  File "/Users/mattia/Desktop/PyTG/PyTG/bot.py", line 178, in _authorize_bot
    response = await asks.post(f"https://api.telegram.org/bot{self.token}/getUpdates", params=data, verify=False)
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/asks/base_funcs.py", line 30, in request
    r = await s.request(method, url=uri, **kwargs)
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/asks/sessions.py", line 168, in request
    connection_timeout, self._grab_connection, url)
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/asks/utils.py", line 15, in timeout_manager
    return await coro(*args)
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/asks/sessions.py", line 368, in _grab_connection
    sock = await self._make_connection(host_loc)
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/asks/sessions.py", line 342, in _make_connection
    sock, port = await self._connect(host_loc)
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/asks/sessions.py", line 101, in _connect
    (host, int(port))), port
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/asks/sessions.py", line 79, in _open_connection_https
    tls_standard_compatible=False)
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/anyio/__init__.py", line 404, in connect_tcp
    await stream.start_tls()
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/anyio/_networking.py", line 316, in start_tls
    not self._tls_standard_compatible)
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/anyio/_networking.py", line 171, in start_tls
    self._raw_socket.do_handshake()
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1076)

Second Try - A minimal (failing) example

Considering that I couldn't figure out why this was happening I tried with a minimal example, which just made me more confused.

import trio
async def main():
    req = await asks.get("https://www.google.com")
    return req

trio.run(main)

which, again, throws ssl.SSLCertVerificationError, but with a different message and slightly different traceback, as follows

Traceback

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/trio/_core/_run.py", line 1804, in run
    raise runner.main_task_outcome.error
  File "<stdin>", line 2, in main
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/asks/base_funcs.py", line 30, in request
    r = await s.request(method, url=uri, **kwargs)
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/asks/sessions.py", line 168, in request
    connection_timeout, self._grab_connection, url)
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/asks/utils.py", line 15, in timeout_manager
    return await coro(*args)
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/asks/sessions.py", line 368, in _grab_connection
    sock = await self._make_connection(host_loc)
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/asks/sessions.py", line 342, in _make_connection
    sock, port = await self._connect(host_loc)
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/asks/sessions.py", line 101, in _connect
    (host, int(port))), port
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/asks/sessions.py", line 79, in _open_connection_https
    tls_standard_compatible=False)
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/anyio/__init__.py", line 404, in connect_tcp
    await stream.start_tls()
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/anyio/_networking.py", line 316, in start_tls
    not self._tls_standard_compatible)
  File "/Users/mattia/Desktop/envs/PyTG/lib/python3.7/site-packages/anyio/_networking.py", line 171, in start_tls
    self._raw_socket.do_handshake()
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)

My environment specs

Python Version (virtual environment): 3.7.4
Library Version: 2.3.6

Other, probably, useful information

OS: Mac OS X Yosemite 10.10.5
My pip freeze output:

anyio==1.2.3
asks==2.3.6
async-generator==1.10
attrs==19.3.0
certifi==2019.11.28
chardet==3.0.4
h11==0.9.0
idna==2.9
outcome==1.0.1
requests==2.23.0
sniffio==1.1.0
sortedcontainers==2.1.0
trio==0.13.0
urllib3==1.24.1

@nocturn9x
Copy link

P.S.: I'm trying to build an asynchronous wrapper for Telegram's Bot API, and I need an amazing library like asks because it supports my favorite asynchronous library, trio, and is as easy as requests, but this issue prevents me even from doing the most basic things

@theelous3
Copy link
Owner

This is a different issue. Overly has a generated self signed cert that's out of date, which I need to regen.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jean @theelous3 @nocturn9x