Closed timsutton closed 4 months ago
I can confirm that downgrading to requests==2.32.2
resolves the issue. I haven't dug any further into it though.
β httpie-test poetry show
certifi 2024.6.2 Python package for providing Mozilla's CA Bundle.
charset-normalizer 3.3.2 The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
defusedxml 0.7.1 XML bomb protection for Python stdlib modules
httpie 3.2.2 HTTPie: modern, user-friendly command-line HTTP client for the API era.
idna 3.7 Internationalized Domain Names in Applications (IDNA)
markdown-it-py 3.0.0 Python port of markdown-it. Markdown parsing, done right!
mdurl 0.1.2 Markdown URL utilities
multidict 6.0.5 multidict implementation
pip 24.1.1 The PyPA recommended tool for installing Python packages.
pygments 2.18.0 Pygments is a syntax highlighting package written in Python.
pysocks 1.7.1 A Python SOCKS client module. See https://github.com/Anorov/PySocks for more information.
requests 2.32.3 Python HTTP for Humans.
requests-toolbelt 1.0.0 A utility belt for advanced users of python-requests
rich 13.7.1 Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
setuptools 70.1.1 Easily download, build, install, upgrade, and uninstall Python packages
urllib3 2.2.2 HTTP library with thread-safe connection pooling, file post, and more.
β httpie-test poetry run https github.com
https: error: SSLError: HTTPSConnectionPool(host='github.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)'))) while doing a GET request to URL: https://github.com/
β httpie-test poetry add requests==2.32.2
Updating dependencies
Resolving dependencies... (0.1s)
Package operations: 0 installs, 1 update, 0 removals
- Downgrading requests (2.32.3 -> 2.32.2)
Writing lock file
β httpie-test poetry run https api.github.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
Cache-Control: public, max-age=60, s-maxage=60
Content-Encoding: gzip
Content-Length: 510
Content-Security-Policy: default-src 'none'
Content-Type: application/json; charset=utf-8
Date: Thu, 27 Jun 2024 15:06:43 GMT
ETag: W/"4f825cc84e1c733059d46e76e6df9db557ae5254f9625dfe8e1b09499c449438"
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: GitHub.com
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Vary: Accept, Accept-Encoding, Accept, X-Requested-With
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-GitHub-Media-Type: github.v3; format=json
X-GitHub-Request-Id: D858:142C:20F1CC:3F070E:667D8003
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
X-RateLimit-Reset: 1719504404
X-RateLimit-Resource: core
X-RateLimit-Used: 1
X-XSS-Protection: 0
x-github-api-version-selected: 2022-11-28
{
"authorizations_url": "https://api.github.com/authorizations",
"code_search_url": "https://api.github.com/search/code?q={query}{&page,per_page,sort,order}",
"commit_search_url": "https://api.github.com/search/commits?q={query}{&page,per_page,sort,order}",
"current_user_authorizations_html_url": "https://github.com/settings/connections/applications{/client_id}",
"current_user_repositories_url": "https://api.github.com/user/repos{?type,page,per_page,sort}",
"current_user_url": "https://api.github.com/user",
"emails_url": "https://api.github.com/user/emails",
"emojis_url": "https://api.github.com/emojis",
"events_url": "https://api.github.com/events",
"feeds_url": "https://api.github.com/feeds",
"followers_url": "https://api.github.com/user/followers",
"following_url": "https://api.github.com/user/following{/target}",
"gists_url": "https://api.github.com/gists{/gist_id}",
"hub_url": "https://api.github.com/hub",
"issue_search_url": "https://api.github.com/search/issues?q={query}{&page,per_page,sort,order}",
"issues_url": "https://api.github.com/issues",
"keys_url": "https://api.github.com/user/keys",
"label_search_url": "https://api.github.com/search/labels?q={query}&repository_id={repository_id}{&page,per_page}",
"notifications_url": "https://api.github.com/notifications",
"organization_repositories_url": "https://api.github.com/orgs/{org}/repos{?type,page,per_page,sort}",
"organization_teams_url": "https://api.github.com/orgs/{org}/teams",
"organization_url": "https://api.github.com/orgs/{org}",
"public_gists_url": "https://api.github.com/gists/public",
"rate_limit_url": "https://api.github.com/rate_limit",
"repository_search_url": "https://api.github.com/search/repositories?q={query}{&page,per_page,sort,order}",
"repository_url": "https://api.github.com/repos/{owner}/{repo}",
"starred_gists_url": "https://api.github.com/gists/starred",
"starred_url": "https://api.github.com/user/starred{/owner}{/repo}",
"topic_search_url": "https://api.github.com/search/topics?q={query}{&page,per_page}",
"user_organizations_url": "https://api.github.com/user/orgs",
"user_repositories_url": "https://api.github.com/users/{user}/repos{?type,page,per_page,sort}",
"user_search_url": "https://api.github.com/search/users?q={query}{&page,per_page,sort,order}",
"user_url": "https://api.github.com/users/{user}"
}
Could this be related to https://github.com/psf/requests/issues/6730? This seems like the same regression, if downgrading the package fixes the problem.
Quick workaround is to append --verify=no
although in most scenarios it's not recommended. Use this only if you really need to bypass SSL Verification.
The --help
documentation for the --verify
option is
Set to "no" (or "false") to skip checking the host's SSL certificate. Defaults to "yes" ("true"). You can also pass the path to a CA_BUNDLE file for private certs. (Or you can set the REQUESTS_CA_BUNDLE environment variable instead.)
At least for me, the issue is that HTTPie doesn't find the correct bundle of CA certificates. Instead of opting out of TLS certificate verification, I'd recommend pointing HTTPie to the correct bundle path in this case. On Arch, a bundle is available at /etc/ssl/certs/ca-bundle.crt
. On Debian and Alpine, a bundle is in /etc/ssl/certs/ca-certificates.crt
.
$ http --verify=/etc/ssl/certs/ca-bundle.crt https://github.com/
HTTP/1.1 200 OK
...
If you don't want to set the option for every call to http
, you can set the environment variable mentioned in the documentation:
$ export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-bundle.crt
$ http https://github.com/
HTTP/1.1 200 OK
...
Setting the environment variable at the start of every terminal session is my current workaround for this bug.
Please stop posting for this issue.
We cannot do anything until the author (aka. maintainer) either publish a workaround or merge #1531 [...]
Downgrade Requests to 2.31
Try HTTPie v4 (unofficial) which detach itself from Requests. If you rely on pip
and not OS packages.
pip install "git+https://github.com/Ousret/HTTPie.git@feature-tryout-niquests" -U
regards,
Duplicate of https://github.com/httpie/cli/issues/1581
Downgrading Requests to 2.31 causes conflicts with other pip packages that require Requests >2.31. So this is not a good solution IMO.
My fix to make it work with requests 2.32.3: Just add to http and https:
import os
os.environ['REQUESTS_CA_BUNDLE'] = "/etc/ssl/certs/ca-bundle.crt"
Example:
#!/usr/bin/python3
# -*- coding: utf-8 -*-
import re
import sys
import os
os.environ['REQUESTS_CA_BUNDLE'] = "/etc/ssl/certs/ca-bundle.crt"
from httpie.__main__ import main
if __name__ == '__main__':
sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
sys.exit(main())
Sent a fix that actually works with requests 2.32.3 as https://github.com/httpie/cli/pull/1596 .
π thanks for taking a look :)
Checklist
Minimal reproduction code and steps
pip install httpie
https https://raw.githubusercontent.com/Homebrew/homebrew-core/HEAD/Formula/h/httpie.rb
Current result
Expected result
Request would succeed.
Debug output
Please re-run the command with
--debug
, then copy the entire command & output and paste both below:Additional information, screenshots, or code examples
Noticed this issue when homebrew-core attempted to bump the httpie formula's
requests
pypi dependency: https://github.com/Homebrew/homebrew-core/pull/174896#issuecomment-2175968950In the above example I used a pyenv-installed Python for the virtualenv just to rule out whether there could have been an issue with using homebrew's python3 for some reason.