Error Cert verification Oct 14th on

[dc52241]

Please answer these questions before submitting your issue. Thanks!

What version of Python are you using (python -V)? 3

What operating system and processor architecture are you using (python -c 'import platform; print(platform.uname());')? '10', '10.0.17763', 'AMD64', 'Intel64 Family 6 Model 94 Stepping 3, GenuineIntel')

Which Python packages do you have installed (run the pip freeze or pip3 freeze command and paste output)?arlo==1.2.23

certifi==2019.6.16 chardet==3.0.4 idna==2.8 monotonic==1.5 pyarlo==0.2.3 PySocks==1.7.0 requests==2.22.0 six==1.12.0 sseclient==0.0.24 urllib3==1.25.3 PS C:\Users\dechrist\arlo>

Which version of ffmpeg are you using (ffmpeg -version)?

ffmpeg version 3.4 Copyright (c) 2000-2017 the FFmpeg developers

Which Arlo hardware do you have (camera types - [Arlo, Pro, Q, etc.], basestation model, etc.)?

Arlo Go LTE

What did you do?

I ran the script that I run to capture an image every 15 minutes. It stopped working on Oct 14th. I am not sure what has changed. I can log into the camera through the app fine and all seems ok, but the script is not capturing image. I get errors now. If possible, provide the steps you took to reproduce the issue. A complete runnable program is good. (don't include your user/password or any sensitive info)

-- coding: utf-8 --

from arlo import Arlo import time

USERNAME = PASSWORD =

timestr = time.strftime("%Y%m%d-%H%M%S") arlo = Arlo(USERNAME, PASSWORD) basestations = arlo.GetDevices('basestation') cameras = arlo.GetDevices('camera') snapshot_url = arlo.TriggerFullFrameSnapshot(cameras[0], cameras[0]) arlo.DownloadSnapshot(snapshoturl, 'JPG/05455100'+timestr+'.jpg') Paste your ouptut here Traceback (most recent call last): File "C:\Python37\lib\site-packages\urllib3\connectionpool.py", line 603, in urlopen chunked=chunked) File "C:\Python37\lib\site-packages\urllib3\connectionpool.py", line 344, in _make_request self._validate_conn(conn) File "C:\Python37\lib\site-packages\urllib3\connectionpool.py", line 843, in _validate_conn conn.connect() File "C:\Python37\lib\site-packages\urllib3\connection.py", line 370, in connect sslcontext=context) File "C:\Python37\lib\site-packages\urllib3\util\ssl.py", line 355, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "C:\Python37\lib\ssl.py", line 423, in wrap_socket session=session File "C:\Python37\lib\ssl.py", line 870, in _create self.do_handshake() File "C:\Python37\lib\ssl.py", line 1139, in do_handshake self._sslobj.do_handshake() ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "C:\Python37\lib\site-packages\requests\adapters.py", line 449, in send timeout=timeout File "C:\Python37\lib\site-packages\urllib3\connectionpool.py", line 641, in urlopen _stacktrace=sys.exc_info()[2]) File "C:\Python37\lib\site-packages\urllib3\util\retry.py", line 399, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='my.arlo.com', port=443): Max retries exceeded with url: /hmsweb/login/v2 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "C:\Users\dechrist\arlo\snapshot.py", line 9, in arlo = Arlo(USERNAME, PASSWORD) File "C:\Python37\lib\site-packages\arlo.py", line 59, in init self.Login(username, password) File "C:\Python37\lib\site-packages\arlo.py", line 130, in Login body = self.request.post('https://my.arlo.com/hmsweb/login/v2', {'email': self.username, 'password': self.password}) File "C:\Python37\lib\site-packages\request.py", line 55, in post return self._request(url, 'POST', params, headers, raw) File "C:\Python37\lib\site-packages\request.py", line 34, in _request r = self.session.post(url, json=params, headers=headers) File "C:\Python37\lib\site-packages\requests\sessions.py", line 581, in post return self.request('POST', url, data=data, json=json, kwargs) File "C:\Python37\lib\site-packages\requests\sessions.py", line 533, in request resp = self.send(prep, send_kwargs) File "C:\Python37\lib\site-packages\requests\sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "C:\Python37\lib\site-packages\requests\adapters.py", line 514, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='my.arlo.com', port=443): Max retries exceeded with url: /hmsweb/login/v2 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)')))

What did you expect to see?

No errors Paste your ouptut here Usually nothing is output other than image to folder

What did you see instead

output message posted above.

Does this issue reproduce with the latest release?

Yes

[jeffreydwalter]

Looks like Arlo changed their auth endpoint. The are now using cloudflare. I'll have to look deeper into this, but won't have time for a couple of days. If you have time, I'd be happy to accept a PR.

It does a CORS request (OPTION followed by POST):

REQUEST 1:

Request URL: https://ocapi-app.arlo.com/api/auth
Request Method: OPTIONS
Status Code: 204 
Remote Address: 104.18.31.98:443
Referrer Policy: no-referrer-when-downgrade

===================================================
REQUEST HEADERS:
===================================================
Accept: application/json, text/plain, */*
Auth-Version: 2
Content-Type: application/json; charset=UTF-8
DNT: 1
Origin: https://my.arlo.com
Referer: https://my.arlo.com/
Sec-Fetch-Mode: cors
source: arloCamWeb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

===================================================
RESPONSE HEADERS:
===================================================
access-control-allow-credentials: true
access-control-allow-headers: auth-version,content-type,source
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS
access-control-allow-origin: https://my.arlo.com
cf-cache-status: DYNAMIC
cf-ray: 5293d084b9a6dbf7-LHR
date: Mon, 21 Oct 2019 14:10:21 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
status: 204
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin, Access-Control-Request-Headers
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

REQUEST 2:

Request URL: https://ocapi-app.arlo.com/api/auth
Request Method: POST
Status Code: 200 
Remote Address: 104.18.31.98:443
Referrer Policy: no-referrer-when-downgrade

===================================================
REQUEST HEADERS:
===================================================
Accept: application/json, text/plain, */*
Auth-Version: 2
Content-Type: application/json; charset=UTF-8
DNT: 1
Origin: https://my.arlo.com
Referer: https://my.arlo.com/
Sec-Fetch-Mode: cors
source: arloCamWeb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

===================================================
REQUEST BODY:
===================================================
{"email":"youremail@example.com","password":"HASHEDPASSWORD--NOT-SURE-WHAT-THEY-ARE-HASHING-WITH","language":"en","EnvSource":"prod"}

===================================================
RESPONSE HEADERS:
===================================================
access-control-allow-credentials: true
access-control-allow-origin: https://my.arlo.com
cf-cache-status: DYNAMIC
cf-ray: 5293d085a8eddc03-LHR
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Mon, 21 Oct 2019 14:10:21 GMT
etag: W/"25a-xOcpm3aShjerOaSFbI5evndhZ2Y"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
status: 200
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

===================================================
RESPONSE BODY:
===================================================
{"meta":{"code":200},"data":{"_type":"AccessTokenV2","token":"2_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","userId":"336-4764296","authenticated":1571667020,"issued":1571667020,"expiresIn":1572963020,"mfa":false,"authCompleted":true,"type":"USER","MFA_State":"ENABLED"},"domain":"ocapi-app.arlo.com"}

Then the website makes the following two API calls:

REQUEST 3:

Request URL: https://ocapi-app.arlo.com/api/validateAccessToken?data%20=%201571667021
Request Method: OPTIONS
Status Code: 204 
Remote Address: 104.18.31.98:443
Referrer Policy: no-referrer-when-downgrade

===================================================
REQUEST HEADERS:
===================================================
Access-Control-Request-Headers: auth-version,authorization,source
Access-Control-Request-Method: GET
DNT: 1
Origin: https://my.arlo.com
Referer: https://my.arlo.com/
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

===================================================
REQUEST BODY:
===================================================
data%20=%201571667021

===================================================
RESPONSE HEADERS:
===================================================
access-control-allow-credentials: true
access-control-allow-headers: auth-version,authorization,source
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS
access-control-allow-origin: https://my.arlo.com
cf-cache-status: DYNAMIC
cf-ray: 5293d086e85bdbf7-LHR
date: Mon, 21 Oct 2019 14:10:21 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
status: 204
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin, Access-Control-Request-Headers
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

REQUEST 4:

Request URL: https://ocapi-app.arlo.com/api/validateAccessToken?data%20=%201571667021
Request Method: GET
Status Code: 200 
Remote Address: 104.18.31.98:443
Referrer Policy: no-referrer-when-downgrade

===================================================
REQUEST HEADERS:
===================================================
Accept: application/json, text/plain, */*
Auth-Version: 2
Authorization: 2_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Origin: https://my.arlo.com
Referer: https://my.arlo.com/
Sec-Fetch-Mode: cors
source: arloCamWeb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36
===================================================
REQUEST BODY:
===================================================
data%20=%201571667021

===================================================
RESPONSE HEADERS:
===================================================
access-control-allow-credentials: true
access-control-allow-origin: https://my.arlo.com
cf-cache-status: DYNAMIC
cf-ray: 5293d087bf51dc03-LHR
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 21 Oct 2019 14:10:22 GMT
etag: W/"184-oSM+kLpFncL+5pbBf0O07I8wj3A"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
status: 200
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

===================================================
RESPONSE BODY:
===================================================
{"meta":{"code":200},"data":{"_type":"User","_id":"XXX-XXXXXXX","firstName":"Some","lastName":"Person","country":"US","language":"en","acceptedPolicy":1,"currentPolicy":1,"emailConfirmed":true,"email":"youremail@example.com","mfa":false,"interactions":{"mfaDeniedTimestamp":1569280204,"mfaRemindersEnabled":true,"serverTime":1571667022},"MFA_State":"ENABLED","tokenValidated":true}}

[dc52241]

I am not in a hurry and can wait for you to take a look. I know they did a major update in the app recently so I was wondering if behind the scenes new authentication was also occurring. I watch for updates here.

[jeffreydwalter]

You will probably wait a while. I work two jobs and am traveling right now. I (and the community) would really appreciate a PR.

[jeffreydwalter]

@dc52241 try the lastest release and let me know whether it fixes your issues or not.

[jeffreydwalter]

@dc52241 did you ever figure this out?

[dc52241]

No, and camera failed.

Dan

On Mon, Sep 13, 2021, 7:45 PM Jeffrey Walter @.***> wrote:

@dc52241 https://github.com/dc52241 did you ever figure this out?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jeffreydwalter/arlo/issues/135#issuecomment-918700060, or unsubscribe https://github.com/notifications/unsubscribe-auth/AI37PQW6SG2TUXXA6Z7FKNTUB2LKPANCNFSM4JC5ZVGQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

[jeffreydwalter]

Bummer. I'm going to go ahead and close this. If you get a new camera and it's still an issue, please let me know.