mamaduckmaster / httplib2

Automatically exported from code.google.com/p/httplib2
0 stars 0 forks source link

httplib2 0.7.x doesn't work with https and GoDaddy certs #154

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
httplib2 now contains its own certificate store, which doesn't contain the 
GoDaddy certs, so e.g. this line fails:

httplib2.Http().request('https://www.godaddy.com/')

With:

httplib2.SSLHandshakeError: [Errno 1] _ssl.c:480: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Appending gd_bundle.crt to the certificate store fixes this issue.  The certs 
can be found here:

https://certs.godaddy.com/anonymous/repository.seam

Original issue reported on code.google.com by sc...@directededge.com on 21 Jun 2011 at 4:28

GoogleCodeExporter commented 8 years ago
You can get around this by doing:

httplib2.Http(disable_ssl_certificate_validation=True).request('https://www.goda
ddy.com/')

However, I agree, it would be much better to allow the system cert store to be 
used instead.

Original comment by cwith...@gmail.com on 23 Jun 2011 at 12:36

GoogleCodeExporter commented 8 years ago
This issue was closed by revision 71ec465ee631.

Original comment by joe.gregorio@gmail.com on 23 Jun 2011 at 5:45

GoogleCodeExporter commented 8 years ago
All of the certs from the bundle are needed actually. This change does fix the 
given test case, but still fails for their other cert classes. This fails, for 
example:

httplib2.Http().request('https://webservices.directededge.com/')

(Which was the case I was actually going for -- I just used godaddy.com as a 
more self-explanatory test-case.)

Original comment by sc...@directededge.com on 23 Jun 2011 at 5:57

GoogleCodeExporter commented 8 years ago
Changed out for the bundle.

Original comment by joe.gregorio@gmail.com on 23 Jun 2011 at 7:41

GoogleCodeExporter commented 8 years ago
I'm gettin this error whit aweber egg:

Python 2.7.1+ (r271:86832, Apr 11 2011, 18:13:53) 
[GCC 4.5.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
(InteractiveConsole)
>>> from django.conf import settings
>>> consumer_key = settings.AWEBER_CONSUMER_KEY
>>> consumer_secret = settings.AWEBER_CONSUMER_SECRET
>>> from aweber_api import AWeberAPI
>>> aweber = AWeberAPI(consumer_key, consumer_secret)
>>> callback_url = 'http://localhost:8000/aweber'
>>> request_token, request_token_secret = aweber.get_request_token(callback_url)
Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File "/home/diegueus9/webapps/smartrunningsolution/lib/python2.7/site-packages/aweber_api-1.1.0-py2.6.egg/aweber_api/__init__.py", line 40, in get_request_token
    data)
  File "/home/diegueus9/webapps/smartrunningsolution/lib/python2.7/site-packages/aweber_api-1.1.0-py2.6.egg/aweber_api/oauth.py", line 44, in request
    headers=headers)
  File "/home/diegueus9/webapps/smartrunningsolution/lib/python2.7/site-packages/oauth2-1.5.170-py2.6.egg/oauth2/__init__.py", line 682, in request
    connection_type=connection_type)
  File "/home/diegueus9/webapps/smartrunningsolution/src/httplib2/python2/httplib2/__init__.py", line 1440, in request
    (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
  File "/home/diegueus9/webapps/smartrunningsolution/src/httplib2/python2/httplib2/__init__.py", line 1192, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "/home/diegueus9/webapps/smartrunningsolution/src/httplib2/python2/httplib2/__init__.py", line 1127, in _conn_request
    conn.connect()
  File "/home/diegueus9/webapps/smartrunningsolution/src/httplib2/python2/httplib2/__init__.py", line 914, in connect
    raise SSLHandshakeError(e)
SSLHandshakeError: [Errno 1] _ssl.c:499: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

But the problem is that i cannot modify the code of oauth library

Original comment by diegue...@gmail.com on 30 Sep 2011 at 9:42

GoogleCodeExporter commented 8 years ago
In [12]: import heywatch

In [13]: hw = heywatch.API(settings.HEYWATCH_USER, settings.HEYWATCH_PWD)

SSLHandshakeError                         Traceback (most recent call last)

/var/www/wpt/src/py/<ipython console> in <module>()

/var/www/wpt/src/py/.env/lib/python2.7/site-packages/heywatch/api.pyc in 
__init__(self, username, password, **kwargs)
     29         }
     30
---> 31         self.account()
     32
     33     def account(self):

/var/www/wpt/src/py/.env/lib/python2.7/site-packages/heywatch/api.pyc in 
account(self)
     35             hw.account()
     36         """
---> 37         return self.request('/account')
     38
     39     def info(self, resource, id):

/var/www/wpt/src/py/.env/lib/python2.7/site-packages/heywatch/api.pyc in 
request(self, resource, method, **args)
    116         params.update(args)
    117
--> 118         response, content = self.cli.request(self.url + resource, 
method, **params)
    119
    120         if re.search('^4|5', response['status']):

/var/www/wpt/src/py/.env/lib/python2.7/site-packages/httplib2/__init__.pyc in 
request(self, uri, method, body, headers, redirections, connection_type)
   1434                     content = ""
   1435                 else:
-> 1436                     (response, content) = self._request(conn, 
authority, uri, request_uri, method, body, headers, redirections, cachekey)
   1437         except Exception, e:
   1438             if self.force_exception_to_status_code:

/var/www/wpt/src/py/.env/lib/python2.7/site-packages/httplib2/__init__.pyc in 
_request(self, conn, host, absolute_uri, request_uri, method, body, headers, 
redirections, cachekey)
   1186             auth.request(method, request_uri, headers, body)
   1187
-> 1188         (response, content) = self._conn_request(conn, request_uri, 
method, body, headers)
   1189
   1190         if auth:

/var/www/wpt/src/py/.env/lib/python2.7/site-packages/httplib2/__init__.pyc in 
_conn_request(self, conn, request_uri, method, body, headers)
   1121             try:
   1122                 if conn.sock is None:
-> 1123                   conn.connect()
   1124                 conn.request(method, request_uri, body, headers)
   1125             except socket.timeout:

/var/www/wpt/src/py/.env/lib/python2.7/site-packages/httplib2/__init__.pyc in 
connect(self)
    909                 # something else (such as SSL protocol mismatch).

    910                 if e.errno == ssl.SSL_ERROR_SSL:
--> 911                     raise SSLHandshakeError(e)
    912                 else:
    913                     raise

SSLHandshakeError: [Errno 1] _ssl.c:499: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Original comment by ekagaurangadas on 23 Dec 2011 at 6:35

GoogleCodeExporter commented 8 years ago
I confirm that oDesk.com certificate also doesn't pass validation. How can it 
be fixed? Adding certificate manually?

Original comment by kame...@odeskps.com on 13 Mar 2012 at 11:08

GoogleCodeExporter commented 8 years ago
Please note that odesk.com and www.odesk.com have different certificate chains. 
Certificate Authorities should be added to cacerts.txt manually

Original comment by serg...@gmail.com on 16 Mar 2012 at 7:36