Faraday server won't start due to SSL Certificate verification fails on MacOS Catalina

gbrolo commented 3 years ago

Issue Type

Bug Re port

Faraday version

Faraday v3.14.4

Component Name

faraday-server start

Steps to reproduce

Performed a faraday sec install from Python sources or from PyPi using pip and faraday server won't start claiming that it can't validate the SSL Certificate. This also won't work using faraday container image and starting the container with Docker, it gives the same exact error.

Expected results

Faraday server starts normally

Debugging tracebacks (current results)

2021-05-12T09:12:15-0600 - faraday.server.threads.ping_home - ERROR {PingHomeThread} [pid:3373] [ping_home.py:27 - run()]  HTTPSConnectionPool(host='portal.faradaysec.com', port=443): Max retries exceeded with url: /api/v1/license_check?version=3.14.4&key=white (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 699, in urlopen
    httplib_response = self._make_request(
  File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 382, in _make_request
    self._validate_conn(conn)
  File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
    conn.connect()
  File "/usr/local/lib/python3.9/site-packages/urllib3/connection.py", line 411, in connect
    self.sock = ssl_wrap_socket(
  File "/usr/local/lib/python3.9/site-packages/urllib3/util/ssl_.py", line 428, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
  File "/usr/local/lib/python3.9/site-packages/urllib3/util/ssl_.py", line 472, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/local/Cellar/python@3.9/3.9.5/Frameworks/Python.framework/Versions/3.9/lib/python3.9/ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/local/Cellar/python@3.9/3.9.5/Frameworks/Python.framework/Versions/3.9/lib/python3.9/ssl.py", line 1040, in _create
    self.do_handshake()
  File "/usr/local/Cellar/python@3.9/3.9.5/Frameworks/Python.framework/Versions/3.9/lib/python3.9/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 439, in send
    resp = conn.urlopen(
  File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 755, in urlopen
    retries = retries.increment(
  File "/usr/local/lib/python3.9/site-packages/urllib3/util/retry.py", line 574, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='portal.faradaysec.com', port=443): Max retries exceeded with url: /api/v1/license_check?version=3.14.4&key=white (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/faraday/server/threads/ping_home.py", line 20, in run
    res = requests.get(HOME_URL, params={'version': faraday.__version__, 'key': 'white'},
  File "/usr/local/lib/python3.9/site-packages/requests/api.py", line 76, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/requests/api.py", line 61, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 542, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 655, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='portal.faradaysec.com', port=443): Max retries exceeded with url: /api/v1/license_check?version=3.14.4&key=white (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))
2021-05-12T09:12:15-0600 - faraday.server.threads.ping_home - WARNING {PingHomeThread} [pid:3373] [ping_home.py:28 - run()]  Can't connect to portal...

Screenshots

This error makes Faraday crash:

Environment information

Python 3.9.5 Or Docker container using faradaysec image

OS

MacOS Catalina 10.15.7

EricHorvat commented 3 years ago

Hi there @gbrolo! I can be wrong but it doesn't seems as SSL error would cause that error.

It seems that probably you are not setting correctly the frontend repo as said here

$ git clone git@github.com:infobyte/faraday.git
$ cd faraday
$ git clone https://github.com/infobyte/faraday_angular_frontend.git faraday/frontend

PD: I have checked the docker image and pip installation, they pulls incorrectly the frontend repo, it will be fixed in 3.15.0 (next week, estimated on 18th).

gbrolo commented 3 years ago

Thank you @EricHorvat I tested my same docker environment in Linux and front end crashed but probably is because of what you said, since I changed the image to a lower version and then the docker script worked in Linux. It also worked in MacOS (it always raises the SSL error but the server does start... weird). Thanks for your help!

EricHorvat commented 3 years ago

@gbrolo Early today v3.15 was released.

It should be fixed but if the problem persists, reopen the issue or open a new one.

Thanks, Eric

infobyte / faraday