On Fri, Mar 15, 2019 at 10:17 PM Dima Pasechnik <dimp...@gmail.com> wrote:
>
>
>
> On Friday, March 15, 2019 at 5:58:15 PM UTC, John H Palmieri wrote:
>>
>>
>>
>> On Friday, March 15, 2019 at 3:31:33 AM UTC-7, Dima Pasechnik wrote:
>>>
>>> On Thu, Mar 14, 2019 at 7:51 PM John H Palmieri <jhpalm...@gmail.com> wrote:
>>> >
>>> > I'm seeing the same failure on a Mac running the most recent OS X. I have
>>> > openssl 1.1.1a installed on this machine, and I see the error in Sage.
>>> > Then I did './sage -i openssl' and './sage -f python2', and I still see
>>> > the error. The Python 2 log file does not list ssl among the modules
>>> > which were not built, so it looks like it was built with ssl support.
>>>
>>> Can you use Sage's pip on packages from external repos, or is this also
>>> broken?
>>
>>
>> $ ./sage --pip install pylatex
>>
>> works just fine: finds the file, downloads it using https, etc. Is that the
>> sort of thing you mean?
>
>
> OK, so apparently pip is less picky here. Unrolling this thing about oeis()
> function, it boils down to
> Python's
>
> >>> from urllib import urlopen
> >>> f=urlopen("https://oeis.org/";)
>
> that fails with CERTIFICATE_VERIFY_FAILED
I can reproduce this on Sage 8.6 with included openssl installed.
This is how to fix it, assuming you install your openssl from Sage
spkg, basically using a slightly adjusted script from Python.org
python 2.7.16 installer.
Change to your SAGE_ROOT
start ./sage -sh
mkdir local/openssl
run the attached Python script (which will install certificates module
via pip and pull the needed certs for the local openssl)
We perhaps should add this to pyopenssl Sage spkg.
Dima
>
> See more on this in the sub-thread here:
> https://groups.google.com/d/msg/sage-devel/f443LhVnyKc/JLLZrQOWBgAJ
>
>
>>
>>
>>
>>>
>>>
>>> Looking at how Homebrew installs openssl 1.1.1b, one sees that it does
>>> some post_install involving system's keychains and certs:
>>> https://github.com/Homebrew/homebrew-core/blob/master/Formula/open...@1.1.rb
>>>
>>> So it could be that Sage's openssl spkg must dance this dance too.
>>>
>>> It looks like a need for a blocker trac ticket on this, then...
>>>
>>>
>>>
>>>
>>> >
>>> >
>>> >
>>> > On Thursday, March 14, 2019 at 11:19:37 AM UTC-7, Volker Braun wrote:
>>> >>
>>> >> I'm guessing you run this on an oldish mac, those have an outdated
>>> >> openssl that doesn't support TLS12. More and more sites are switching
>>> >> that on. Building Sage's openssl should fix that.
>>> >>
>>> >>
>>> >>
>>> >> On Thursday, March 14, 2019 at 7:09:50 PM UTC+1, kcrisman wrote:
>>> >>>
>>> >>> This could be just me. But I am getting a lot of this when I try
>>> >>> running optional internet tests for e.g. src/sage/databases/oeis.py or
>>> >>> src/sage/symbolic/integration/external.py Internet clearly works if
>>> >>> you can read this message, but apparently it doesn't work from within
>>> >>> Sage, because I get this message when I try it in the Sage command line
>>> >>> as well with e.g. this command. Any ideas - do I need to rebuild Sage
>>> >>> with additional SSL support or something? That should be mentioned
>>> >>> somewhere. Thanks!
>>> >>>
>>> >>> - kcrisman
>>> >>>
>>> >>> w = oeis(7540) ; w
>>> >>>
>>> >>>
>>> >>> URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED]
>>> >>> certificate verify failed (_ssl.c:726)>
>>> >
>>> > --
>>> > You received this message because you are subscribed to the Google Groups
>>> > "sage-devel" group.
>>> > To unsubscribe from this group and stop receiving emails from it, send an
>>> > email to sage-devel+...@googlegroups.com.
>>> > To post to this group, send email to sage-...@googlegroups.com.
>>> > Visit this group at https://groups.google.com/group/sage-devel.
>>> > For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"sage-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to sage-devel+unsubscr...@googlegroups.com.
To post to this group, send email to sage-devel@googlegroups.com.
Visit this group at https://groups.google.com/group/sage-devel.
For more options, visit https://groups.google.com/d/optout.
#!/usr/bin/env python
# install_certifi.py
#
# sample script to install or update a set of default Root Certificates
# for the ssl module. Uses the certificates provided by the certifi package:
# https://pypi.python.org/pypi/certifi
import os
import os.path
import ssl
import stat
import subprocess
import sys
STAT_0o775 = ( stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR
| stat.S_IRGRP | stat.S_IWGRP | stat.S_IXGRP
| stat.S_IROTH | stat.S_IXOTH )
def main():
openssl_dir, openssl_cafile = os.path.split(
ssl.get_default_verify_paths().openssl_cafile)
print(" -- pip install --upgrade certifi")
subprocess.check_call([sys.executable,
"-E", "-s", "-m", "pip", "install", "--upgrade", "certifi"])
import certifi
# change working directory to the default SSL directory
os.chdir(openssl_dir)
relpath_to_certifi_cafile = os.path.relpath(certifi.where())
print(" -- removing any existing file or link")
try:
os.remove(openssl_cafile)
except OSError:
pass
print(" -- creating symlink to certifi certificate bundle")
os.symlink(relpath_to_certifi_cafile, openssl_cafile)
print(" -- setting permissions")
os.chmod(openssl_cafile, STAT_0o775)
print(" -- update complete")
if __name__ == '__main__':
main()
