0

Testing out a simple piece of code with Anaconda3:

import requests as req

resp = req.get("https://api.github.com")
print(resp.text)

And I get this error:

SSLError: HTTPSConnectionPool(host='api.github.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

Using the debugger to follow the calls, the problem seems to be occurring in get_netrc_auth() in requests.utils. Here, this code is used to get the full path to the netrc file:

        for f in NETRC_FILES:
            try:
                loc = os.path.expanduser('~/{}'.format(f))

However, this just gives the path to my home directory, whereas netrc is in the Lib directory of the working environment.

Apparently, I have an environment variable set incorrectly somewhere. Suggestions?

EDIT TO QUESTION:
Per Steffen's response, netrc does not appear to be the problem. Marsiliou's suggestion on directly including the path to the cert file (i.e. resp = req.get("https://api.github.com" verify='/path/to/certfile')) did work... once... yesterday.

My code now looks like this:

import requests as req
from os import environ

cert_path = environ['CONDA_PREFIX'] + '\Lib\site-packages\certifi\cacert.pem'
print (cert_path)

resp = req.get("https://api.github.com", verify= cert_path)
print(resp.text)

cert_path expands to C:\ProgramData\Anaconda3\Lib\site-packages\certifi\cacert.pem
This results in the same SSLError. Any suggestions (other than setting verify to False)?

PS - And to answer Steffen's other questions - This is Anaconda3, Python 3.7.3, on Windows 10.

Pat B.
  • 419
  • 3
  • 12
  • I very much doubt that the problem is triggered from inside `get_netrc_auth`. The problem is an improper setup of the trust store which means that the certificate can not be validated. Unfortunately nothing is known about your system (OS?, exact version of Anaconda3?) so it is hard to tell what exactly is wrong. – Steffen Ullrich Nov 18 '19 at 21:41
  • Thanks, Stefan. Yes, you're correct; that particular issue was something of a red herring. To answer your other questions: Windows 10, Python 3.7.3. Marsilinou's answer did solve my problem, but it also raised a question: since ```certifi``` is referenced by ```requests,``` and ```cacert.pem``` is part of ```certifi,``` why does it have to be referenced explicitly in the function call? – Pat B. Nov 18 '19 at 22:04

2 Answers2

1

I think your question is answered here, did you try this? SSL HTTS requests.exceptions.SSLError: HTTPSConnectionPool(host='google.com', port=443)

Marsilinou Zaky
  • 1,038
  • 7
  • 17
  • Thanks! Yes, that answers it, sort of. However, since cacert.pem is included in the certifi package (which is referenced the the requests package), should it not be pulled in automatically? – Pat B. Nov 18 '19 at 21:59
-1

Make sure to add a User-agent

import requests as req
# these import are for the verify false to avoid having a warning in the console
from urllib3 import disable_warnings
from urllib3.exceptions import InsecureRequestWarning
disable_warnings(InsecureRequestWarning)
disable_warnings(InsecureRequestWarning)

Headers = {
    "User-Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"
}
resp = req.get(url="https://api.github.com",headers=Headers, verify=False)
print(resp.text)
Ahmed Soliman
  • 1,662
  • 1
  • 11
  • 16
  • The code works perfectly without any specific user agent once the trust store is properly setup. The code complains about failed certificate validation. Certificate validation done during the TLS handshake which is before even the HTTP request is send is thus before any User-Agent setting will take effect. – Steffen Ullrich Nov 18 '19 at 21:37
  • @SteffenUllrich I know that that's why I added the verify false but I encountered a similar issue where the user-agent was the solution to it So I said don't forget to add it Just in case there was nothing wrong with the certificate – Ahmed Soliman Nov 19 '19 at 01:43