Jump to content


Photo

How to avoid [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed

Started by hyperonex, 27 Oct 2016 09:37

  • Please log in to reply
8 replies to this topic

#1 hyperonex

  • Senior Member
  • 82 posts

+7
Neutral

Posted 27 October 2016 - 09:37

I'm implementing a plugin which needs to communicate with https website.

 

I get the following error:

 

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

 

Here is my code:

headers = {"Content-type": "application/x-www-form-urlencoded","Accept": "text/plain","Authorization": "Basic %s" % b64Val}
conn = httplib.HTTPSConnection("viewthatnow.com", 443)
conn.request("POST", "/savezapentry/savezapentry.php", values, headers)
response = conn.getresponse()

How could I avoid verifying the SSL certificate using python 2.7.3 (used by OpenPli) ??

 


Re: How to avoid [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed #2 WanWizard

  • PLi® Core member
  • 68,614 posts

+1,739
Excellent

Posted 27 October 2016 - 11:12

This issue is addressed and fixed in OpenPLi 5.

 

In OpenPLi 4 you need to bypass SSL verification:

conn = httplib.HTTPSConnection("viewthatnow.com", 443, context=ssl._create_unverified_context())

Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.

Re: How to avoid [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed #3 ian1095

  • Senior Member
  • 462 posts

+6
Neutral

Posted 27 October 2016 - 13:54

I've tried to address this issue in Pli 4.0 by adding this code to the ssl.py

 

try:
    create_unverified_https_context = _ssl._create_unverified_context
except AttributeError:
    # Legacy Python that doesn't verify HTTPS certificates by default
    pass
else:
    # Handle target environment that doesn't support HTTPS verification
    _ssl._create_default_https_context = _create_unverified_https_context

 

Can you tell me why it doesnt work ?

 

I'm not in the least bothered by security so globally disabling this is perfectly fine in my case.

 

Ian.


Re: How to avoid [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed #4 athoik

  • PLi® Core member
  • 8,458 posts

+327
Excellent

Posted 27 October 2016 - 14:02

Check if the server has SNI enabled.

If yes you need to use OpenPLi 5, simply forget OpenPLi 4 and SNI.

Edited by athoik, 27 October 2016 - 14:02.

Wavefield T90: 0.8W - 1.9E - 4.8E - 13E - 16E - 19.2E - 23.5E - 26E - 33E - 39E - 42E - 45E on EMP Centauri DiseqC 16/1
Unamed: 13E Quattro - 9E Quattro on IKUSI MS-0916

Re: How to avoid [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed #5 ian1095

  • Senior Member
  • 462 posts

+6
Neutral

Posted 27 October 2016 - 14:04

Ok Thanks

 

Yes it does have SNI enabled.

 

So there's no getting round that with Pli 4.0 then ?

 

Shame.

 

Ian.


Re: How to avoid [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed #6 hyperonex

  • Senior Member
  • 82 posts

+7
Neutral

Posted 27 October 2016 - 16:19

 

This issue is addressed and fixed in OpenPLi 5.

 

In OpenPLi 4 you need to bypass SSL verification:

conn = httplib.HTTPSConnection("viewthatnow.com", 443, context=ssl._create_unverified_context())

 

It works thanks.

Do we have to change the code whenever OpenPli 5 released?


Re: How to avoid [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed #7 WanWizard

  • PLi® Core member
  • 68,614 posts

+1,739
Excellent

Posted 27 October 2016 - 18:03

Ideally yes, if you want the certificate to be validated.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.

Re: How to avoid [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed #8 hyperonex

  • Senior Member
  • 82 posts

+7
Neutral

Posted 1 November 2016 - 11:52

 

This issue is addressed and fixed in OpenPLi 5.

 

In OpenPLi 4 you need to bypass SSL verification:

conn = httplib.HTTPSConnection("viewthatnow.com", 443, context=ssl._create_unverified_context())

 

Sorry I reported that it works but I discovered that it didn't work in a real box with OpenPli 4. I get the following error:

"'module' object has no attribute '_create_unverified_context'"

Any Help ?


Re: How to avoid [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed #9 WanWizard

  • PLi® Core member
  • 68,614 posts

+1,739
Excellent

Posted 2 November 2016 - 12:38

Eh, yeah. You need Python 2.7.9 for that, and OpenPLi 4 runs 2.7.3.
 
You could try something like:

import urllib2
import ssl

ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE

urllib2.urlopen("https://your-test-server.local")

Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.

Back to [EN] Third-Party Development

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Forums
  2. PLi® Development
  3. [EN] Third-Party Development