arky
commented
4 years ago This site also triggers the SSL verification error https://www.covid19.gov.la/
http://www.sslchecker.com/sslchecker?su=776db90ef766afdf2ef0c9efe55f6c16
Open arky opened 4 years ago
arky
commented
4 years ago This site also triggers the SSL verification error https://www.covid19.gov.la/
http://www.sslchecker.com/sslchecker?su=776db90ef766afdf2ef0c9efe55f6c16
adamhooper
commented
4 years ago Both sites have SSL errors. (sslchecker shows the errors, but its design makes them hard to see.)
ncov.moh.gov.vn has an incomplete certificate chain: https://www.sslshopper.com/ssl-checker.html#hostname=ncov.moh.gov.vnwww.covid19.gov.la has an expired intermediate certificate: https://www.sslshopper.com/ssl-checker.html#hostname=www.covid19.gov.laGoogle Chrome and Firefox go and download the intermediate certificates themselves: they don't need to look at these intermediate certificates. But Workbench doesn't do that: our (Python) SSL library can't make HTTP requests.
Long story short: we don't handle misconfigured SSL servers. That's frustrating when other tools can securely validate the server.
I don't know of a solution within the Python ecosystem. Maybe we should implement our fetching with a different tool....
arky
commented
4 years ago Thank you @adamhooper for looking into this problem. Unfortunately most of the sites in southeast asia (esp. public agencies) seems to be mis-configured. :(
Requests has a 'verify' boolean flag to turn off SSL checks.That seems to work the best for this tool.
Perhaps a checkbox '[ ] Ignore SSL errors' that toggles 'verify_ssl=False' could be stopgap measure over custom resolver or certificate bundle solution?
Loading https://ncov.moh.gov.vn results in following SSL error:
SSL Certificate Check: http://www.sslchecker.com/sslchecker?su=cda559548bf6fced7ba19d14d82d118d