New submission from Jason R. Coombs:
I saw the notice when installing Python 3.6.0b1 on Mac that said that the
bundled OpenSSL is no longer used and thus 'certifi' will need to be installed
and kept up-to-date.
At first, I thought, "no big deal" and pushed forward, but since, I've
encountered the error in several cases:
- pip install of anything but certifi
- pip install in a new venv of anything but certifi
- distutils upload command (even with certifi installed)
I've only had 3.6.0b1 installed for a day, so I imagine I'm going to encounter
new cases. Yes, indeed:
$ python
Python 3.6.0b1 (v3.6.0b1:5b0ca4ed5e2f, Sep 12 2016, 09:24:46)
[GCC 4.2.1 (Apple Inc. build 5666) (dot 3)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import urllib.request
>>> urllib.request.urlopen('https://www.google.com')
Traceback (most recent call last):
File
"/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/urllib/request.py",
line 1318, in do_open
...
File
"/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line
683, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:747)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File
"/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/urllib/request.py",
line 223, in urlopen
...
File
"/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/urllib/request.py",
line 1320, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed (_ssl.c:747)>
>>> import certifi
So it seems that even the guidance of installing certifi isn't sufficient to
restore the basic expectation that using the stdlib to open URLs securely.
I can't imagine this behavior is acceptable (either requiring a bootstrap step
in each environment or requiring some call at runtime to set up SSL before
making HTTPS calls).
I no longer have the message that the installer gave me and I don't see
anything in the What's New document for 3.6 about certificates.
Is this deficiency something that's planned to be corrected for the next beta?
Is there a recommended procedure to enable SSL in urllib.request?
----------
components: Library (Lib)
messages: 276423
nosy: jason.coombs
priority: normal
severity: normal
status: open
title: Error CERTIFICATE_VERIFY_FAILED in macOS
type: crash
versions: Python 3.6, Python 3.7
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue28150>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
