oliver <oliver.schoenb...@gmail.com> writes:
> When I run this per email from my work laptop,
>
> python3 -c "import urllib.request,json;
> print(json.loads(urllib.request.urlopen('
> https://www.howsmyssl.com/a/check').read())['tls_version'])"
>
> I get the following traceback:
> ...
> File "c:\Python35\lib\ssl.py", line 633, in do_handshake
> self._sslobj.do_handshake()
> ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
> (_ssl.c:645)
I guess (!) that somehow the well known trusted CA (= "Certificate authority")
certificates are incomplete on your machine.
Certificate verification works as follows:
a certificate is always signed by a certificate authority ("CA");
for a certificate to be trusted, the signing CA must be trusted.
There may be several trust steps but finally, there must be
some "CA" that you are trusting "without further proof".
The certificates of those "CA"s are somewhere stored on your machine.
Apparently, the "https" servers you have problems with
are using a CA which is not declared trusted on your machine
(by installing the appropriate certificate at the correct place).
--
https://mail.python.org/mailman/listinfo/python-list
