[Python-modules-team] Bug#766481: python-requests: Error with with requests.exceptions.SSLError exception
Daniele Tricoli
eriol at mornie.org
Fri Oct 24 00:19:14 UTC 2014
Hello Jason,
On Thursday 23 October 2014 11:56:37 Jason Gillman Jr. wrote:
> What openssl package from pypi would you like me to install into the venv?
I installed:
pyOpenSSL==0.14
ndg-httpsclient==0.3.2
pyasn1==0.1.7
My test script is:
$ cat test_ssl_exception.py
import requests
try:
r = requests.get('https://hg.mornie.org')
except requests.exceptions.SSLError as e:
m = e.message
print type(m)
print m
On hg.mornie.org I have a self signed certificate so validation will fail.
Here my complete testing steps:
$ mkvirtualenv test_ssl_exception
Inside test_ssl_exception venv:
$ pip install requests
[CUT installing logs]
$ python test_ssl_exception.py
<class 'requests.packages.urllib3.exceptions.SSLError'>
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
So, it works.
$ pip install pyOpenSSL
[CUT installing logs]
Again,
$ python test_ssl_exception.py
<class 'requests.packages.urllib3.exceptions.SSLError'>
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
So, it still works.
$ pip install ndg-httpsclient
[CUT install logs]
$ python test_ssl_exception.py
/home/eriol/.virtualenvs/test_ssl_exception/local/lib/python2.7/site-
packages/ndg/httpsclient/subj_alt_name.py:22: UserWarning: Error importing
pyasn1, subjectAltName check for SSL peer verification will be disabled.
Import error is: No module named pyasn1.type
warnings.warn(import_error_msg)
/home/eriol/.virtualenvs/test_ssl_exception/local/lib/python2.7/site-
packages/ndg/httpsclient/ssl_peer_verification.py:24: UserWarning:
SubjectAltName support is disabled - check pyasn1 package installation to
enable
warnings.warn(SUBJ_ALT_NAME_SUPPORT_MSG)
/home/eriol/.virtualenvs/test_ssl_exception/local/lib/python2.7/site-
packages/ndg/httpsclient/subj_alt_name.py:22: UserWarning: Error importing
pyasn1, subjectAltName check for SSL peer verification will be disabled.
Import error is: No module named pyasn1.type
warnings.warn(import_error_msg)
<class 'requests.packages.urllib3.exceptions.SSLError'>
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
So we have, obviously, an UserWarning since pyasn1 is missing, but
SSLError's message is still a string.
$ pip install pyasn1
$ python test_ssl_exception.py
<class 'requests.packages.urllib3.exceptions.SSLError'>
Traceback (most recent call last):
File "test_ssl_exception.py", line 9, in <module>
print m
TypeError: __str__ returned non-string (type Error)
After installing pyasn1 we get the error.
If we use pdb we can see what is happening:
$ python test_ssl_exception.py
> /home/eriol/tmp/test_ssl_exception.py(11)<module>()
-> print type(m)
(Pdb) m
SSLError(SSLError('bad handshake', Error([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)),)
(Pdb) m.message
SSLError('bad handshake', Error([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],))
Removing pyasn1 from the venv:
-> print type(m)
(Pdb) m
SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)'),)
(Pdb) m.message
SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)')
So pyasn1 is doing something under the hood.
If you try outside a virtualenv but not having python-pyasn1 installed it still works.
HTH,
--
Daniele Tricoli 'Eriol'
http://mornie.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20141024/d46949ec/attachment.sig>
More information about the Python-modules-team
mailing list