Other MacOS SSL Issues

[drojf]

We had two types of errors reported recently:

---

This issue is not yet resolved

One issue was getting "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)>" on startup (just after checking aria2c and 7z)

---

This issue is not yet resolved

"urlopen error [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:590)" During URL querying:

Local Version: None
Remote Version: id: Onikakushi Ch.1/full lastAttemptedInstallID: None files: ui-windows-1.1.0, script-6.2.0, movie-1.0.0, cg-1.0.0, ui-unix-1.1.0, voices-1.0.0, cgalt-1.0.0, movie-unix-1.0.0
Full Update: True (6/6) excluding mod options
<<< Status: 1% Querying URLs to be Downloaded >>>
Querying URL: [https://07th-mod.com/rikachama/graphics/Onikakushi-CG.7z]
Querying URL: [https://07th-mod.com/rikachama/graphics/Onikakushi-CGAlt.7z]
Querying URL: [https://07th-mod.com/rikachama/voice/Onikakushi-Voices.7z]
Querying URL: [https://07th-mod.com/rikachama/video/Onikakushi-Movie_UNIX.7z]
Querying URL: [https://07th-mod.com/ui.php?chapter=onikakushi&os=unix&unity=5.2.2f1]
Querying URL: [https://07th-mod.com/latest.php?repository=onikakushi]
07th Mod - Install failed due to error: <urlopen error [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:590)>
Exception in thread Thread-6:
Traceback (most recent call last):
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 810, in __bootstrap_inner
    self.run()
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 763, in run
    self.__target(*self.__args, **self.__kwargs)
  File "/Users/demo/Downloads/07th-Mod.Installer.mac/install_data/httpGUI.py", line 451, in errorPrintingInstaller
    installerFunction(args)
  File "/Users/demo/Downloads/07th-Mod.Installer.mac/install_data/higurashiInstaller.py", line 253, in main
    installer = Installer(fullInstallConfiguration, extractDirectlyToGameDirectory=False)
  File "/Users/demo/Downloads/07th-Mod.Installer.mac/install_data/higurashiInstaller.py", line 84, in __init__
    self.downloaderAndExtractor.buildDownloadAndExtractionList()
  File "/Users/demo/Downloads/07th-Mod.Installer.mac/install_data/common.py", line 701, in buildDownloadAndExtractionList
    DownloaderAndExtractor.getExtractableItem(url=file.url, extractionDir=self.defaultExtractionDir)
  File "/Users/demo/Downloads/07th-Mod.Installer.mac/install_data/common.py", line 784, in getExtractableItem
    filename, length, remoteLastModified = DownloaderAndExtractor.__getFilenameFromURL(url)
  File "/Users/demo/Downloads/07th-Mod.Installer.mac/install_data/common.py", line 813, in __getFilenameFromURL
    httpResponse = urlopen(Request(url, headers={"User-Agent": ""}))
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 154, in urlopen
    return opener.open(url, data, timeout)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 437, in open
    response = meth(req, response)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 550, in http_response
    'http', request, response, code, msg, hdrs)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 469, in error
    result = self._call_chain(*args)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 409, in _call_chain
    result = func(*args)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 656, in http_error_302
    return self.parent.open(new, timeout=req.timeout)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 431, in open
    response = self._open(req, data)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 449, in _open
    '_open', req)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 409, in _call_chain
    result = func(*args)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1240, in https_open
    context=self._context)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1197, in do_open
    raise URLError(err)
URLError: <urlopen error [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:590)>

(they were running "OpenSSL 0.9.8zh 14 Jan 2016")

edit: trialing a workaround using CURL instead of python's URLOpen, lets see how that goes...

[TellowKrinkle]

Oh oops I already made a curl patch and totally forgot to actually merge it, I'll do that in a few hours

[drojf]

Some time ago I created a branch, which replaced all urlopen calls with a function which could fallback to aria2c (except for the call which tellowkrinkle already applied, which requires the use of CURL). I didn't push this to mainline because it didn't actually fix any bugs at the time.

Just recently, a MacOS user had the same SSL error as above, but at a different time (on startup).

What happened is, just recently we enabled/fixed HTTPS redirects from non-https urls (previously it was the reverse - some HTTPS urls would redirect to HTTP). The side effect of this was that any urlopen calls, even when called with HTTP urls, would now be redirect to HTTPS urls, and cause the MacOS SSL error.

To fix, this I applied the code changes from my old branch to the current code (this commit: https://github.com/07th-mod/python-patcher/commit/8cd2de35778d3cd57b3884562924d69445a61877 - note that I messed up the commit description - it uses aria2c, not CURL for the downloads)

The user reported that the problem was fixed after trying the new installer, so I assume the above commit fixed the problem.

I feel like this issue might crop up again, so I'm not going to close the issue just yet.