Skip to content

SSL Certificate Error on Windows 8 #122

Open
#188
Open
SSL Certificate Error on Windows 8#122
#188
Labels
bugpriority: high
Milestone
MyPyTutor 3.1

Description

@sapi
sapi
opened on Feb 26, 2015

Split from #98
This is a critical error, and we cannot release MPT tomorrow without a fix.

SessionManager calls give the following error on Windows 8 (as reported by @starsnabove):

C:\Users\Starsnabove\Documents\mpt>python.exe MyPyTutor.py
Exception in Tkinter callback
Traceback (most recent call last):
  File "C:\Python34\lib\urllib\request.py", line 1182, in do_open
    h.request(req.get_method(), req.selector, req.data, headers)
  File "C:\Python34\lib\http\client.py", line 1088, in request
    self._send_request(method, url, body, headers)
  File "C:\Python34\lib\http\client.py", line 1126, in _send_request
    self.endheaders(body)
  File "C:\Python34\lib\http\client.py", line 1084, in endheaders
    self._send_output(message_body)
  File "C:\Python34\lib\http\client.py", line 922, in _send_output
    self.send(msg)
  File "C:\Python34\lib\http\client.py", line 857, in send
    self.connect()
  File "C:\Python34\lib\http\client.py", line 1231, in connect
    server_hostname=server_hostname)
  File "C:\Python34\lib\ssl.py", line 365, in wrap_socket
    _context=self)
  File "C:\Python34\lib\ssl.py", line 583, in __init__
    self.do_handshake()
  File "C:\Python34\lib\ssl.py", line 810, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c
:600)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\Starsnabove\Documents\mpt\tutorlib\online\session.py", line 171
, in _open
    return self._opener.open(url, data)
  File "C:\Python34\lib\urllib\request.py", line 469, in open
    response = meth(req, response)
  File "C:\Python34\lib\urllib\request.py", line 579, in http_response
    'http', request, response, code, msg, hdrs)
  File "C:\Python34\lib\urllib\request.py", line 501, in error
    result = self._call_chain(*args)
  File "C:\Python34\lib\urllib\request.py", line 441, in _call_chain
    result = func(*args)
  File "C:\Python34\lib\urllib\request.py", line 684, in http_error_302
    return self.parent.open(new, timeout=req.timeout)
  File "C:\Python34\lib\urllib\request.py", line 469, in open
    response = meth(req, response)
  File "C:\Python34\lib\urllib\request.py", line 579, in http_response
    'http', request, response, code, msg, hdrs)
  File "C:\Python34\lib\urllib\request.py", line 501, in error
    result = self._call_chain(*args)
  File "C:\Python34\lib\urllib\request.py", line 441, in _call_chain
    result = func(*args)
  File "C:\Python34\lib\urllib\request.py", line 684, in http_error_302
    return self.parent.open(new, timeout=req.timeout)
  File "C:\Python34\lib\urllib\request.py", line 463, in open
    response = self._open(req, data)
  File "C:\Python34\lib\urllib\request.py", line 481, in _open
    '_open', req)
  File "C:\Python34\lib\urllib\request.py", line 441, in _call_chain
    result = func(*args)
  File "C:\Python34\lib\urllib\request.py", line 1225, in https_open
    context=self._context, check_hostname=self._check_hostname)
  File "C:\Python34\lib\urllib\request.py", line 1184, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certifica
te verify failed (_ssl.c:600)>

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "C:\Users\Starsnabove\Documents\mpt\tutorlib\interface\web_api.py", line
121, in login
    success = self.session_manager.login(username, password)
  File "C:\Users\Starsnabove\Documents\mpt\tutorlib\online\session.py", line 97,
 in login
    response = self._open(url)
  File "C:\Users\Starsnabove\Documents\mpt\tutorlib\online\session.py", line 178
, in _open
    ) from e
tutorlib.online.exceptions.RequestError: Connection Error.  Check your network c
onnection and try again.

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "C:\Python34\lib\tkinter\__init__.py", line 1533, in __call__
    return self.func(*args)
  File "C:\Python34\lib\tkinter\__init__.py", line 582, in callit
    func(*args)
  File "C:\Users\Starsnabove\Documents\mpt\tutorlib\gui\app\app.py", line 574, i
n login
    logged_in = self.web_api.login()
  File "C:\Users\Starsnabove\Documents\mpt\tutorlib\interface\web_api.py", line
126, in login
    ) from e
tutorlib.interface.web_api.WebAPIError

I can think of two options.
One would be to create a urllib.requests.HTTPSHandler with a ssl context which has disabled verification, and pass that to build_opener.
Alternatively, we could probably download the public certificate we're using for the server and explicitly include that in the trusted certificate chain.

@jgat Thoughts on how you'd like us to handle this, seeing as you're more familiar with the SSO code?

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugpriority: high

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions