Add an option to skip SSL verification for users behind firewalls

[paul-gauthier]

Issue

Per twitter thread:

https://x.com/Liu_eroteme/status/1800186374039187525

Version and model info

No response

[dannylank]

I change in ..\Lib\site-packages\httpx_transports\default.py change lines ssl_context = create_ssl_context(verify=False: Verify to False. ( lines 136 and 277)

[paul-gauthier]

I just added a --no-verify-ssl option, which disables it per the litellm docs:

https://docs.litellm.ai/docs/providers/openai#set-ssl_verifyfalse

[paul-gauthier]

I'm going to close this issue for now, but feel free to add a comment here and I will re-open or file a new issue any time.

[dannylank]

Installing collected packages: aider-chat Attempting uninstall: aider-chat Found existing installation: aider-chat 0.38.0 Uninstalling aider-chat-0.38.0: Successfully uninstalled aider-chat-0.38.0 Successfully installed aider-chat-0.39.0 <-----------------<<

aider: error: unrecognized arguments: --no-verify-ssl

[paul-gauthier]

The change is available in the main branch. You can get it by installing the latest version from github:

python -m pip install --upgrade git+https://github.com/paul-gauthier/aider.git

If you have a chance to try it, let me know if it works better for you.

[dannylank]

aider --git --browser --no-auto-commits --opus --no-verify-ssl

CONTROL-C to exit... Watching for file changes.

You can now view your Streamlit app in your browser.

Local URL: http://localhost:8501 Network URL: http://192.168.1.7:8501

Error checking pypi for new version: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /pypi/aider-chat/json (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)'))) Aider v0.40.2-dev Models: claude-3-opus-20240229 with diff edit format, weak model claude-3-haiku-20240307 Git repo: .git with 2 files Repo-map: using 1024 tokens litellm.APIConnectionError: HTTPSConnectionPool(host='api.anthropic.com', port=443): Max retries exceeded with url: /v1/messages (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)')))

[Neurrone]

get the same error as well even though I've set this option to false.

[paul-gauthier]

Thanks for reporting this regression. It should be fixed in the main branch.

The change is available in the main branch. You can get it by installing the latest version from github:

python -m pip install --upgrade git+https://github.com/paul-gauthier/aider.git

If you have a chance to try it, let me know if it works better for you.

[paul-gauthier]

I'm going to close this issue for now, but feel free to add a comment here and I will re-open or file a new issue any time.

[Liu-Eroteme]

Aiders update check does respect this option, but the anthropic API does not:

> aider --no-verify-ssl

Aider v0.54.7
Main model: claude-3-5-sonnet-20240620 with diff edit format, infinite output
Weak model: claude-3-haiku-20240307
Git repo: .git with 7 files
Repo-map: using 1024 tokens, auto refresh
Use /help <question> for help, run "aider --help" to see cmd line args
───────────────────────────────────────────────────────────────────────────────────────────────────────────────
> test!

litellm.InternalServerError: AnthropicException - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
self-signed certificate in certificate chain (_ssl.c:1007). Handle with `litellm.InternalServerError`.
Retrying in 0.2 seconds...
litellm.InternalServerError: AnthropicException - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
self-signed certificate in certificate chain (_ssl.c:1007). Handle with `litellm.InternalServerError`.
Retrying in 0.5 seconds...
litellm.InternalServerError: AnthropicException - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
self-signed certificate in certificate chain (_ssl.c:1007). Handle with `litellm.InternalServerError`.
Retrying in 1.0 seconds...

^C again to exit
───────────────────────────────────────────────────────────────────────────────────────────────────────────────
>

[QiBaobin]

Got below error too while using gemini:

litellm.APIConnectionError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)

[paul-gauthier]

What version of aider?

[QiBaobin]

0.56.0, and making a change to site-packages\httpx_transports\default.py works, but need some retries sometimes.

[paul-gauthier]

The fix is available in the main branch. You can get it by installing the latest version from github:

aider --install-main-branch

# or...

python -m pip install --upgrade git+https://github.com/paul-gauthier/aider.git

If you have a chance to try it, let me know if it works better for you.

[paul-gauthier]

/ I'm going to close this issue for now, but feel free to add a comment here and I will re-open. Or feel free to file a new issue any time.

[QiBaobin]

thanks @paul-gauthier , just verified on 0.59.1, it works now.

[spaasis]

I'm still hitting this with 0.59.1:

aider --model ollama/llama3.1:latest --no-verify-ssl
──────────────────────────────────
Aider v0.59.1
Model: ollama/llama3.1:latest with whole edit format
──────────────────────────────────
> Hello

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)
Retrying in 0.2 seconds...

I'm attempting to connect to a company internal OpenWebUI instance with a self signed certificate, using OLLAMA_API_BASE = https://myaiservice.domain.com/ollama