TLS handshake failed: cert verification failed - unable to get local issuer certificate [CERTIFICATE_VERIFY_FAILED]

deedy5 / primp

🪞PRIMP (Python Requests IMPersonate). The fastest python HTTP client that can impersonate web browsers

MIT License

89 stars 7 forks source link

TLS handshake failed: cert verification failed - unable to get local issuer certificate [CERTIFICATE_VERIFY_FAILED] #13

Closed 2256gui closed 3 months ago

2256gui commented 6 months ago

Hello, something wrong with the module, can not make any request because of tls handshake failed error. Could you please check the module?

Using windows 10, python 3.9 The full error log is here: Exception: Error in request: error sending request for url (https://tls.peet.ws/api/all): error trying to connect: TLS handshake failed: cert verification failed - unable to get local issuer certificate [CERTIFICATE_VERIFY_FAILED]

deedy5 commented 6 months ago

It's only on windows, I'm trying to figure out what's causing it. For now, use verify=False.

mastercho commented 4 months ago

It's only on windows, I'm trying to figure out what's causing it. For now, use verify=False.

resp = client.get("https://tls.peet.ws/api/all", verify=False)

TypeError: Client.get() got an unexpected keyword argument 'verify'

Seems doesn't accept verify=false too

deedy5 commented 4 months ago

resp = Client(verify=False).get("https://tls.peet.ws/api/all")

Do it this way for now, later I'll make it accept in functions.

tabrezm commented 3 months ago

I can repro this on an older Amazon Linux 2 image, so it doesn't seem Windows specific. Let me know if can provide some environment details to help debug.

deedy5 commented 3 months ago

@tabrezm try to install ca-certificates:

apt install ca-certificates

tabrezm commented 3 months ago

@tabrezm try to install ca-certificates:
apt install ca-certificates

AL2 is centos-based, so I tried:

yum install ca-certificates
update-ca-trust

Still seeing errors like this:

Error in request: error sending request for url [...]: error trying to connect: TLS handshake failed: cert verification failed - unable to get local issuer certificate [CERTIFICATE_VERIFY_FAILED]

deedy5 commented 3 months ago

@tabrezm Could you please provide me with more details about the problem?

tabrezm commented 3 months ago

@tabrezm Could you please provide me with more details about the problem?

I'm working on a utility to download millions of images, and I happened to reuse a container from this image. It's not a blocker since I switched my development of the utility to a new image that doesn't repro the issue. I mainly commented here to point out that it's not Windows specific.

deedy5 commented 3 months ago

On Windows, updating the operating system generally updates the certificate store. Or you can update the ca certificate manually: https://woshub.com/updating-trusted-root-certificates-in-windows-10/ Up-to-date CA certificate store: https://curl.se/docs/caextract.html

P.S. http://wiki.cacert.org/HowTo/InstallCAcertRoots http://wiki.cacert.org/FAQ/ImportRootCert

deedy5 commented 3 months ago

Solution: update to v0.6.0 and use ca_cert_file

import certifi
import primp

resp = primp.Client(impersonate="safari_17.5", ca_cert_file=certifi.where()).get(
    "https://foxnews.com"
)
print(resp.text_rich)