search

PhAzE-Variance / unRAID

unRAID Files
GNU General Public License v3.0
7 stars 3 forks source link

Python 2.7.10 dependency causes SSL certificate verification errors #2

Closed brutaldev closed 4 years ago

brutaldev commented 9 years ago

All plugins are using Pythin 2.7.10 in their respective dependency package (PhAzE-Dependency-1.x) which causes SSL issues due to the strict certificate checks added in Python 2.7.9.

Plugins such as SABnzb, SickBeard and CouchPotato cannot use RSS to most NZB sites over HTTPS and fail with SSL: CERTIFICATE_VERIFY_FAILED.

To fix this in each plugin, you can add the following code to each primary .py script:

import ssl
ssl._create_default_https_context = ssl._create_unverified_context

Unfortunately requesting this change in each application repo is almost futile as some haven't been updated in years and do not accept pull requests. The alternative is to use Python 2.7.8 as a dependency instead until the applications are able to bypass these checks.

UNplugged plugins never had this issue because all the PLG files used Python 2.6.6. Is it possible to change the current dependency on Python to 2.7.8 in your plugins to avoid these issues?

PhAzE-Variance commented 9 years ago

Hi, Can you send me your log file from one of the apps with this problem? I'm also researching a possible different fix but I want to first see if I can replicate the issue to see if the fix resolves it. -=PhAzE=- On Jul 21, 2015 5:24 PM, Werner van Deventer notifications@github.com wrote:All plugins are using Pythin 2.7.10 in their respective dependency package (PhAzE-Dependency-1.x) which causes SSL issues due to the strict certificate checks added in Python 2.7.9.

Plugins such as SABnzb, SickBeard and CouchPotato cannot use RSS to most NZB sites over HTTPS and fail with SSL: CERTIFICATE_VERIFY_FAILED.

To fix this in each plugin, you can add the following code to each primary .py script:

import ssl ssl._create_default_https_context = ssl._create_unverified_context

Unfortunately requesting this change in each application repo is almost futile as some haven't been updated in years and do not accept pull requests. The alternative is to use Python 2.7.8 as a dependency instead until the applications are able to bypass these checks.

UNplugged plugins never had this issue because all the PLG files used Python 2.6.6. Is it possible to change the current dependency on Python to 2.7.8 in your plugins to avoid these issues?

—Reply to this email directly or view it on GitHub.

brutaldev commented 9 years ago

Hi,

I have cleared my logs but this forum post contains the log text exactly like I was seeing in (for SickBeard): http://sickbeard.com/forums/viewtopic.php?t=9830

SABnzbd doesn't mention anything about an SSL error, but it retries forever:

2015-07-21 22:55:59,927::INFO::[urlgrabber:116] Grabbing URL https://dognzb.cr/fetch/XYZ
2015-07-21 22:56:01,960::INFO::[urlgrabber:199] Retry URL https://dognzb.cr/fetch/XYZ

This problem has also been reported a number of times in other projects using these applications such as Synology and even in the old SickBeard repo: https://code.google.com/p/sickbeard/issues/detail?id=2555.

For now my workaround was applying the unverified context fix to the main application script files, this will of course not persist if an update occurs.