search

nvaccess / nvda

NVDA, the free and open source Screen Reader for Microsoft Windows
Other
2.09k stars 628 forks source link

NVDA unable to fetch add-ons in add-on store when a corporate HTTPS certificate is present #15905

Open kyleman opened 9 months ago

kyleman commented 9 months ago

Steps to reproduce:

Fetch any add-on data in the add-ons store.

Actual behavior:

NVDA fails with an error popup, "Add-on data update failure unable to fetch latest add-on data for compatible add-ons."

Expected behavior:

There is no error and add-on data is able to be fetched normally.

NVDA logs, crash dumps and other attachments:

DEBUGWARNING - NVDAObjects.IAccessible.IAccessible._getIA2RelationFirstTarget (14:02:18.283) - MainThread (14060): Unable to use _getIA2TargetsForRelationsOfType, fallback to _IA2Relations. DEBUGWARNING - _addonStore.dataManager._DataManager._getCacheHash (14:02:18.611) - getAddonData (10688): Unable to get cache hash: HTTPSConnectionPool(host='nvaccess.org', port=443): Max retries exceeded with url: /addonStore/cacheHash.json (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091)'))) DEBUGWARNING - _addonStore.dataManager._DataManager._getLatestAddonsDataForVersion (14:02:18.821) - getAddonData (10688): Unable to fetch addon data: HTTPSConnectionPool(host='nvaccess.org', port=443): Max retries exceeded with url: /addonStore/en/all/2023.3.0.json (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091)')))

System configuration

NVDA installed/portable/running from source:

portable NVDA

NVDA version:

2023.3rc2

Windows version:

Windows 10 22H2 Version; 10.0.19045Build 19045

Name and version of other software in use when reproducing the issue:

N/A

Other information about your system:

N/A

Other questions

Does the issue still occur after restarting your computer?

Yes

Have you tried any other versions of NVDA? If so, please report their behaviors.

Yess all versions since the add-ons store has been added.

If NVDA add-ons are disabled, is your problem still occurring?

Yes

Does the issue still occur after you run the COM Registration Fixing Tool in NVDA's tools menu?

Yes

Adriani90 commented 9 months ago

Is this also happening when you try to fetch updates? i.e. when you update NVDA to an alpha version for example?

This issue might be related to #5871 which is still reproducible.

There is also a python issue that might be related to this: https://github.com/python/cpython/issues/65115

kyleman commented 9 months ago

No I am able to download nvda updates normally without triggering any errors.

kyleman commented 9 months ago

Just commenting hear that this also still doesn't work in 2024.1 beta one or beta two.

Neurrone commented 6 months ago

I'm also encountering this. It seems to not affect updating of NVDA itself though, just add-on store updates.

hwf1324 commented 6 days ago

Hi, @seanbudd

I don't know how to make requests trust the system Trusted Root Certification Authorities list, can we add a configuration option to disable SSL validation?

I know it's not secure, but it's the only thing I can do.

Thanks.

seanbudd commented 6 days ago

I think you may need to install NVDA for us to be able to update root certificates - can you try with an installed copy of NVDA first and then try running the portable?

hwf1324 commented 6 days ago

I think you may need to install NVDA for us to be able to update root certificates - can you try with an installed copy of NVDA first and then try running the portable?

I'm a little unsure of the meaning of this passage.

Meaning that when NVDA is installed, NVDA gets the certificate from the system's Trusted Root Certification Authorities list?

As I understand it, Requests uses certificates from the package certifi.

And certifi does not have the ability for users to manually add certificates.

Maybe the attempts I've made recently have caused some issues with getting the add-on's cached data to prompt me that I'm not connected to the internet.

This hasn't happened before, and it was normal again some time after I restored the environment variables.

(Caused by SSLError(SSLError(136, '[X509: NO_CERTIFICATE_OR_CRL_FOUND] no certificate or crl found (_ssl.c:4166)')))

The long term problem encountered is the following error when downloading GItHub resources. I am still encountering this error in my newly created copy of the portable version.

(Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)')))