search

infinitel8p / youtube-dl

Simple YouTube Downloader with GUI, work in progress
1 stars 0 forks source link

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed #11

Open infinitel8p opened 1 year ago

infinitel8p commented 1 year ago

https://github.com/pyinstaller/pyinstaller/issues/6667 https://github.com/Azure/azure-iot-sdk-python/issues/991 https://github.com/pyinstaller/pyinstaller/issues/7229#issuecomment-1309406736

infinitel8p commented 1 year ago

The "ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed" error message you're seeing suggests that there is a problem with the SSL certificate that your program is trying to use. This can occur when the certificate is not valid, or when the certificate is not trusted by the system.

This error can occur when using requests library or other libraries that use SSL certificates.

When you package your program using PyInstaller, it may not include the necessary SSL certificates to verify the connection. There are a few ways to resolve this issue:

  1. Use --add-binary option when building your executable, to include the certificate file(s) that your script uses:
pyinstaller --onefile --add-binary='path/to/cert.pem;.' <your_script>.py
  1. Include the following line in your script before making the SSL connection:
import certifi
import ssl

ssl._create_default_https_context = ssl._create_unverified_context

This line tells the script to ignore SSL certificate verification, and will allow it to connect to the server even if the certificate is not valid or not trusted.

  1. Use --noconsole option when building your executable, this will prevent the console window from showing up and could be blocking the certificate verification process. It's important to note that disabling SSL certificate verification can make your program vulnerable to man-in-the-middle attacks, so it's generally not recommended for production use. Instead, it's better to include the necessary SSL certificates in the executable, or to configure the system to trust the necessary certificates.

Also, if you're using requests library, you can use verify=False when making a request, but keep in mind that it's not safe in production environments.

You may want to check the library documentation and community support for more information and troubleshooting steps.

infinitel8p commented 1 year ago

The certificate file(s) that your script uses can typically be found in the certificate store on your Mac.

Here are a few ways to access the certificate files on Mac:

  1. Using the Keychain Access app: You can use the built-in Keychain Access app on your Mac to view and export certificate files. To access the app, go to Applications > Utilities > Keychain Access. Once you've opened the app, you can find the certificate you need by searching for it or browsing through the different categories (e.g. System, Certificates, etc.). Once you've found the certificate, you can right-click on it and select "Export" to save it as a .cer or .pem file.

  2. Using the Terminal: You can also use the terminal to access and export the certificate files. To do this, you can use the security command. For example, to find a certificate by name, you can use the following command:

security find-certificate -c "certificate_name" -a > certificate.cer

You can also use the openssl command to convert the .cer file to .pem file:

openssl x509 -inform DER -in certificate.cer -out certificate.pem
  1. Online Certificate Authorities: You can also download the certificate files from the website of the certificate authority that issued the certificate. Many Certificate Authorities provide the option to download the certificate in a variety of formats, including .pem. You can use the path to the certificate file in the --add-binary option when building your executable using Pyinstaller, to include the certificate file(s) that your script uses, like this:
pyinstaller --onefile --add-binary='path/to/cert.pem;.' <your_script>.py

It's important to note that some certificates might have different formats and extensions, like .crt, .der, etc. You should use the correct format for the certificate used by your script.

infinitel8p commented 3 months ago

May been fixed with release of v1.1 by simply not using requests. Keeping issue open to check if requests is still needed.

https://github.com/infinitel8p/youtube-dl/releases/tag/v1.1-beta