osx - Python requests throwing SSL errors -


this followup sslerror using requests python:

i have installed requests on mac osx 10.8.5. first attempt @ doing requests.get failed on missing certificate:

sslerror: [errno 1] _ssl.c:504: error:14090086:ssl routines:ssl3_get_server_certificate:certificate verify failed

  • the thread above says /library/frameworks/python.framework/versions/2.7/lib/python2.7/site-packages/re‌​quests/cacert.pem don't have .../site-packages/requests directory. it's not clear me if should have been added installation (i used pip)

  • further threads , requests docs install certifi, did. different error:

    python -c 'import requests; requests.get("https://api.github.com/events")'    /usr/lib/anaconda/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: insecureplatformwarning: true sslcontext object not available. prevents urllib3 configuring ssl appropriately , may cause ssl connections fail. more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.   insecureplatformwarning traceback (most recent call last): ...   file "/usr/lib/anaconda/lib/python2.7/site-packages/requests/adapters.py", line 431, in send     raise sslerror(e, request=request) requests.exceptions.sslerror: [errno 1] _ssl.c:504: error:0d0890a1:asn1 encoding routines:asn1_verify:unknown message digest algorithm

thanks!

notice you're using https. mentioned in requests manual

to check host’s ssl certificate, can use verify argument [...] default, verify set true

here few ways fix that:

update openssl (probably solve problem)

taken here:

if encounter 1 of following errors:

error:0d0890a1:asn1 encoding routines:asn1_verify:unknown message digest algorithm error:0d0c50a1:asn1 encoding routines:asn1_item_verify:unknown message digest algorithm software using might compiled version old of openssl not take certificates signed sha256withrsaencryption account.

it requires @ least openssl 0.9.8o total management of sha256. openssl 0.9.7m assures partial management, server mode only.

check openssl version by

openssl version openssl 1.0.1k-fips 8 jan 2015

if have smaller version openssl0.9.8o, have update version (os x):

brew update brew install openssl brew link --force openssl

if doesn't work, try way:

brew uninstall openssl rm -rf /usr/local/openssl brew install openssl
  • there's issue openssl installed before os x 10.10.3 , reinstalling fixes it
  • these command lines uninstall openssl, remove folder hard-disk , install again (the updated version)

install certifi

taken here

by default requests bundles set of root cas trusts, sourced mozilla trust store. however, these updated once each requests version. means if pin requests version certificates can become extremely out of date.

from requests version 2.4.0 onwards, requests attempt use certificates certifi if present on system. allows users update trusted certificates without having change code runs on system.

for sake of security recommend upgrading certifi frequently!

in other word, try install certifi, if have request 2.4.0 or newer:

pip install certifi

hopefully, fix problem.

use different version of openssl , requests

looking using google, have found there problem openssl in python 2:

however, using python 2.7.6, requests 2.2.1 , openssl 1.0.1f 6 jan 2014 , runs correctly.

pass certificate

in other cases, may need tell requests.get path certificate file, if host's certificate signed you.

requests.get("https://api.github.com/events", verify=true, cert=['/path/to/my/ca.crt'])

set verify argument false (not recommended!)

in case want avoid certificate verification, have pass verify=false request.get method.

python -c 'import requests; requests.get("https://api.github.com/events", verify=false)'

or script.py file:

import requests res = requests.get("https://api.github.com/events", verify=false) print res

terminal:

$ python script.py <response [200]>

important: bad idea; can mitm attacked, critical security vulnerability.


Comments

Post a Comment

Popular posts from this blog

c# - Validate object ID from GET to POST -

i have method allows user access comment have made on site. have post method lets them update comment. my normal solution send entire comment model through, let them update it, update on database when post back. involve sending commentid through in hiddenfor , can manipulated. how can verify commentid sent in get method same i'm getting in post , not able alter comment wish? how can verify commentid sent in method same i'm getting in post? basically have validate following things in post - user logged-in user. authenticated users post comments. commentid in post , should valid commentid , should present in database. userid associated logged-in user should same userid associated comment . comment should contain userid column, can check @ time of update. to make sure update happens comment has been sent in get - hold commentid in session , in post action compare commentid value in session .
Read more

node.js - Custom Model Validator SailsJS -

when using custom model validator checks record within model. return within spread doesn't seem end control flow. //post.js model /** * custom validator **/ types: { isuservalid: function(user_id) { var promise = require('bluebird'); promise.all([ user.findone({id: user_id}) ]) .spread(function(user) { console.log(user); if (user === null || user === undefined) { console.log('failed'); return false; }else{ console.log('passed'); return true; } }); } }, my response standard validation failed response. { "error": "e_validation", "status": 400, "summary": "1 attribute invalid", "model": "post", "invalidattributes": { "owner": [ { "rule": "isuservalid", ...
Read more

php - Find a regex to take part of Email -

i have following emails need extract part from: bestellnummer xxx: 1 von xxx, 1er pack ------------- anfang der nachricht ------------- foo bar baz foo bar baz // <<<<< need text here ------------- ende der nachricht ------------- ------------- anfang der nachricht ------------- foo bar baz foo bar baz ------------- ende der nachricht ------------- there 0 unlimited occurences of ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- and i'm able extract first part regex: $re = "/------------- .*? -------------.?(.*?).?------------- .*? -------------/s"; but, i'm quite new on learning regex, i'm pretty sure there must better regex extract part (foo bar baz foo bar baz) of text between ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- as can in different languages, i'm using .? to match between hyphens. i...
Read more