0

System Setup:

  • macOS 10.14.1
  • Python 3.7.0
  • pip 18.1

I wrote code that worked in the past, but when I run it now, I'm getting the following error:

urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1045)>

I've ran into an issue like this before when I was trying to use requests to access an API and it wouldn't let me make connections over HTTPS. The error isn't code related, because it worked 6 months ago. What could be causing this? Something with my certificate?

The code my function is calling is:

url = self.DUST_SERVICE_URL
    request_payload = self._args_to_payload(coordinate, radius=radius)
    response = self._request("POST", url, data=request_payload,
                             timeout=timeout)
    xml_tree = utils.xml(response.text)
    result = SingleDustResult(xml_tree, coordinate)
    return commons.FileContainer(result.ext_detail_table(),
                                 show_progress=show_progress)

This code is from a package; I did not write this code.

Edit: Full error message below.

    /Traceback (most recent call last):  
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 1317, in do_open
        encode_chunked=req.has_header('Transfer-encoding'))
      File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 1229, in request
        self._send_request(method, url, body, headers, encode_chunked)
      File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 1275, in _send_request
        self.endheaders(body, encode_chunked=encode_chunked)
      File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 1224, in endheaders
        self._send_output(message_body, encode_chunked=encode_chunked)
      File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 1016, in _send_output
        self.send(msg)
      File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 956, in send
        self.connect()
      File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/http/client.py", line 1392, in connect
        server_hostname=server_hostname)
      File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 412, in wrap_socket
        session=session
      File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 850, in _create
        self.do_handshake()
      File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 1108, in do_handshake
        self._sslobj.do_handshake()
    ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1045)

If this is an SSL issue (that's what I suspect) how would I go about resetting to system default? I've never dabbled in SSL or connections besides requesting things via Python Requests so I don't know how I would've changed something.

TateWalker
  • 41
  • 11
  • Looks like the server provides a bad SSL certificate. So it's a server problem. – Klaus D. Nov 07 '18 at 04:47
  • it could be for many reasons, you may be missing Root CA in your certificate bundle etc. You need to add your code in question and be more specific – Sufiyan Ghori Nov 07 '18 at 05:01
  • The question does not provide sufficient details to reproduce the problem, i.e. is too broad. If it worked before, does not work now and you've made zero changes to your system than the problem is likely outside your system, i.e. broken server setup or a middlebox like ssl intercepting firewall. If instead you've made changes to your system you also need to look into what you've changed, like updating Python, installing or removing modules, installing or upgrading or reconfiguring an antivirus which might do SSL interception. – Steffen Ullrich Nov 07 '18 at 05:42
  • set `verify = False` to disable it. if it work this question should be a duplicate question – KC. Nov 07 '18 at 05:58
  • May help: https://stackoverflow.com/a/28052583/259889 – Sid Nov 07 '18 at 06:36
  • *"failed: self signed certificate in certificate chain"*: Are you aware, that the site uses **self signed certificate**? If not, this could be a security issue. Check with [ssllabs.com](https://www.ssllabs.com/ssltest/analyze.html) – stovfl Nov 07 '18 at 08:32
  • https://stackoverflow.com/a/49174340/7916557 this answer helped me – Koby Nov 02 '21 at 19:27
  • @koby if you check the accepted answer for this question, you won't have to do any other workarounds. Also, you should probably upgrade to a newer version of Python :) – TateWalker Jan 14 '22 at 23:58

1 Answers1

1

The issue is with Python 3.7 on macOS. Included in Python 3.7 is a README.rtf that states the following:

This variant of Python 3.7 includes its own private copy of OpenSSL 1.1.0. The deprecated Apple-supplied OpenSSL libraries are no longer used. This means that the trust certificates in system and user keychains managed by the Keychain Access application and the security command line utility are no longer used as defaults by the Python ssl module.

There is a command included in the same folder that installs a bundle of certificates for use by Python 3.7 via certifi.

TateWalker
  • 41
  • 11