search

npiv / chatblade

A CLI Swiss Army Knife for ChatGPT
GNU General Public License v3.0
2.58k stars 92 forks source link

Certificate verify failed: self signed certificate in certificate chain #58

Closed nickwynja closed 1 year ago

nickwynja commented 1 year ago

I'm getting cert errors running chatblade currently:

Traceback (most recent call last):
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/connectionpool.py", line 467, in _make_request
    self._validate_conn(conn)
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/connectionpool.py", line 1092, in _validate_conn
    conn.connect()
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/connection.py", line 642, in connect
    sock_and_verified = _ssl_wrap_socket_and_match_hostname(
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/connection.py", line 783, in _ssl_wrap_socket_and_match_hostname
    ssl_sock = ssl_wrap_socket(
               ^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/util/ssl_.py", line 469, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/util/ssl_.py", line 513, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/python@3.11/3.11.4_1/Frameworks/Python.framework/Versions/3.11/lib/python3.11/ssl.py", line 517, in wrap_socket
    return self.sslsocket_class._create(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/python@3.11/3.11.4_1/Frameworks/Python.framework/Versions/3.11/lib/python3.11/ssl.py", line 1075, in _create
    self.do_handshake()
  File "/opt/homebrew/Cellar/python@3.11/3.11.4_1/Frameworks/Python.framework/Versions/3.11/lib/python3.11/ssl.py", line 1346, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1002)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/connectionpool.py", line 790, in urlopen
    response = self._make_request(
               ^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/connectionpool.py", line 491, in _make_request
    raise new_e
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1002)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/requests/adapters.py", line 486, in send
    resp = conn.urlopen(
           ^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/connectionpool.py", line 874, in urlopen
    return self.urlopen(
           ^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/connectionpool.py", line 874, in urlopen
    return self.urlopen(
           ^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/connectionpool.py", line 844, in urlopen
    retries = retries.increment(
              ^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/urllib3/util/retry.py", line 515, in increment
    raise MaxRetryError(_pool, url, reason) from reason  # type: ignore[arg-type]
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.openai.com', port=443): Max retries exceeded with url: /v1/chat/completions (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1002)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/openai/api_requestor.py", line 596, in request_raw
    result = _thread_context.session.request(
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/requests/sessions.py", line 589, in request
    resp = self.send(prep, **send_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/requests/sessions.py", line 703, in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/requests/adapters.py", line 517, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='api.openai.com', port=443): Max retries exceeded with url: /v1/chat/completions (Caused by SSLError(SSLCertVerificationError(1, '[SSL:CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1002)')))

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/opt/homebrew/bin/chatblade", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/chatblade/__main__.py", line 5, in main
    cli.cli()
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/chatblade/cli.py", line 152, in cli
    handle_input(query, params)
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/chatblade/cli.py", line 81, in handle_input
    messages = fetch_and_cache(messages, params)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/chatblade/cli.py", line 14, in fetch_and_cache
    result = chat.query_chat_gpt(messages, params)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/chatblade/chat.py", line 121, in query_chat_gpt
    result = openai.ChatCompletion.create(messages=dict_messages, **config)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/openai/api_resources/chat_completion.py", line 25, in create
    return super().create(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/openai/api_resources/abstract/engine_api_resource.py", line 153, in create
    response, _, api_key = requestor.request(
                           ^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/openai/api_requestor.py", line 288, in request
    result = self.request_raw(
             ^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/chatblade/0.3.1_1/libexec/lib/python3.11/site-packages/openai/api_requestor.py", line 609, in request_raw
    raise error.APIConnectionError(
openai.error.APIConnectionError: Error communicating with OpenAI: HTTPSConnectionPool(host='api.openai.com', port=443): Max retries exceeded with url: /v1/chat/completions (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1002)')))

I've tested other openai API endpoints manually with curl and am not currently getting these errors. I've tried uninstalling chatblade (via brew) and reinstalling to try to upgrade dependencies but that didn't help.

nickwynja commented 1 year ago

Seems like updating to macOS 13.5 fixed this.

npiv commented 1 year ago

👍 Thx for following up, was trying to replicate it, unsuccessfully.

nickwynja commented 1 year ago

Really strange though. The first time I ran chatblade after the update it worked but the second time, I received the same CERTIFICATE_VERIFY_FAILED error.

nickwynja commented 1 year ago

I was looking through the cert chain and it looks like my company uses Netscope and is using a self-signed cert somewhere. 😞

nickwynja commented 1 year ago

For anyone else on macOS who finds this because their employer doesn't want them being productive, I had to:

  1. Go into Keychain Access > System, and selected both the CA and Intermediate cert that for me were called certadmin and ca.mycompany.goskope.com
  2. Right click and "Export 2 items"
  3. Located the exported file and set the REQUESTS_CA_BUNDLE env var or pass it into the chatblade command:
REQUESTS_CA_BUNDLE=/Users/nick/Downloads/Certificates.pem chatblade ...